Cyber Insurance Rates Are Dropping, but Exclusions Widen
Dark ReadingArchived Jun 03, 2026✓ Full text saved
Cyber insurance coverage is slowly changing, and some policies may not provide coverage for social engineering attacks like ClickFix.
Full text archived locally
✦ AI Summary· Claude Sonnet
CYBER RISK
CYBERSECURITY OPERATIONS
VULNERABILITIES & THREATS
APPLICATION SECURITY
NEWS
Cyber Insurance Rates Are Dropping, but Exclusions Widen
Cyber insurance coverage is slowly changing, and some policies may not provide coverage for social engineering attacks like ClickFix.
Rob Wright,Senior News Director,Dark Reading
June 3, 2026
4 Min Read
SOURCE: POCA WANDER STOCK VIA GETTY IMAGES
GARTNER SECURITY & RISK MANAGEMENT SUMMIT – National Harbor, Md. – The good news for enterprises is that cyber insurance policies are still affordable. The bad news is that coverage exclusions are increasing, and some might catch customers by surprise.
The growing list of exclusions is just one shift among several in the cyber insurance market, according to Paul Furtado, distinguished vice president analyst at Gartner. During a Tuesday session at the Gartner Security & Risk Management Summit, Furtado outlined several changes in the market that policyholders and prospective customers might not be aware of.
Some of those trends are positive. For example, pricing has stabilized, and insurance carriers are providing discounts for "demonstrable levels of security in different organizations," Furtado said.
"Prices are going down, and we see this across the market," he added, noting that carriers have "finally got their models right."
Related:FBI-Flagged Phishing Kit Kali365 Expands Its Reach
But other market shifts could leave organizations in a bind at the worst possible time.
Cyber Insurance Coverage Exclusions Expand
Arguably the most important shift in the cyber insurance market is the increasing number of coverage exclusions. "The list of exclusions continues to grow, more and more," Furtado said.
Employee actions, outdated software, failure to maintain security controls, and mergers and acquisitions are just a few of the exclusions that lead to policies not being paid out, he said. For example, "employee actions" exclusions in some policies might include social engineering attacks.
"If I social engineer someone in your finance department to send me a million dollars, and I did not hack into your system, I did not take control of the system, and did not impersonate somebody," Furtado said. "That's not a cybercrime — that's a failure of your internal controls."
Social engineering exclusions could potentially impact many cyber insurance customers. Bryson Byrd, cybersecurity adviser ay Huntress, tells Dark Reading that ClickFix-style attacks, in which an attacker convinces a targeted individual to run malicious commands to address a fake error message, are rampant: they accounted for 52% of the cyberattacks the vendor saw in 2025. Byrd says he views ClickFix as a social engineering attack much like phishing, because it convinces an individual to take malicious actions that they don't believe are harmful.
Furtado said the increasing nuances of cyber insurance coverage and exclusions require organizations to carefully review their policies and have "very, very specific conversations" with carriers to make sure they aren't caught off guard when an incident occurs.
Related:Securing AI Agents Before They Go Rogue Is Next to Impossible
Exclusions for acts of war and mass cyber events have also shifted. Furtado said Lloyd's of London published definitions of its "cyber war" clauses that most carriers have adopted, and it could exclude certain types of nation-state attacks. Additionally, clauses for mass cyber events such as a widespread outage of a major cloud provider could also reduce policy payouts by as much as half.
"You need to be very direct with your carrier, your broker or, ideally, if you have the opportunity, the underwriter [of the policy]," he said. "If I get hit by a nation-state attack, am I covered? If the answer is, "It depends," then let's go through it. It depends on what?"
Cyber Insurance Sub-limits, 'Tail' Coverage & More
Furtado also noted that while policy prices have dipped, the market has changed in some subtle ways that could present challenges to enterprises.
"There used to be a time when if you needed $100 million in coverage, Lloyd's of London would cover you, no problem," he said. "Now if you need $100 million worth of coverage, then you're probably going to be sitting in front of a panel of insurance companies, and selling them on why they should take you in as a client, to distribute the risk. That's the reality of the environment we're in."
Related:Beyond Assume-Breach: How AI-Native Security Will Reshape Enterprise Defense
Other under-the-radar aspects include coverage sub-limits, which dictate how much of a policy payout can be used to hire a breach coach, for example, or spent on a digital forensics and incident response (DFIR) provider. Furtado urged organizations to once again ask specific questions and read the policy fine print to determine where spending is capped for specific services, and what those caps are.
"If you have a $10 million policy, then it doesn't mean you can take $10 million and give it all to Mandiant," he said.
Furtado also emphasized the importance of so-called "tail" coverage, because the timing of incidents and the coverage in a customer's policy can be tricky. For example, if an organization finds out it was breached last month, but it switched insurance providers on June 1, then the organization may no longer have coverage, because the new policy won't cover previous attacks that were just discovered, and the old policy ended on the May 31. Tail coverage, however, provides a longer tail: i.e., some overlap to protect customers.
"Essentially, if you're changing providers, then you're going to want this," he said.
Perhaps surprisingly, Furtado noted that AI hasn't had much of an impact on the cyber insurance market in terms of policies and coverage, though that may be coming soon, given that horror stories about rogue AI agents continue to emerge.
"The market itself is watching it, and is paying close attention," he said. "[AI] hasn't had a substantial shift — yet."
Read more about:
CISO Corner
About the Author
Rob Wright
Senior News Director, Dark Reading
Rob Wright is a longtime reporter with more than 25 years of experience as a technology journalist. Prior to joining Dark Reading as senior news director, he spent more than a decade at TechTarget's SearchSecurity in various roles, including senior news director, executive editor and editorial director. Before that, he worked for several years at CRN, Tom's Hardware Guide, and VARBusiness Magazine covering a variety of technology beats and trends.
Prior to becoming a technology journalist in 2000, he worked as a weekly and daily newspaper reporter in Virginia, where he won three Virginia Press Association awards in 1998 and 1999. At TechTarget and Dark Reading, he has won several Azbee awards, including the 2026 National Silver Award for a series on vibe coding.
At Dark Reading, Rob currently covers security operations, cloud security, and Internet infrastructure. He has a keen interest in malvertising activity and the certificate authority industry, and has written extensively on both topics. He graduated from the University of Richmond in 1997 with a degree in journalism and English. A native of Massachusetts, he lives in the Boston area.
Want more Dark Reading stories in your Google search results?
ADD US NOW
More Insights
Industry Reports
How Organizations Are Managing Incident Response
How Enterprises Are Developing Secure Applications
Inside RSAC 2026: security leaders reveal the risks redefining your defense strategy
Essential News & Insights from Black Hat USA 2025
How Enterprises Are Harnessing Emerging Technologies in Cybersecurity
Access More Research
Webinars
The Frontier AI Era: Why Cybersecurity Must Move at Machine Speed
Build vs. Buy: The Hidden Cost of Building Your Own AI Security Stack
Defending in the Shadow Era: When the CVE Feed Goes Dark
Building SecOps That Make the Most of Every Dollar
AI-Powered Cybersecurity for Resource-Constrained Organizations
More Webinars
You May Also Like
CYBER RISK
How Can CISOs Respond to Ransomware Getting More Violent?
by James Doggett
JAN 28, 2026
CYBER RISK
US Cyber Pros Plead Guilty Over BlackCat Ransomware Activity
by Alexander Culafi
JAN 05, 2026
CYBER RISK
Switching to Offense: US Makes Cyber Strategy Changes
by Robert Lemos, Contributing Writer
NOV 21, 2025
CYBER RISK
Microsoft Exchange 'Under Imminent Threat,' Act Now
by Arielle Waldman
NOV 12, 2025
Editor's Choice
CYBERSECURITY OPERATIONS
20 Leaders Who Built the CISO Era: 2 Decades of Change
byDark Reading Editorial Team
MAY 12, 2026
41 MIN READ
APPLICATION SECURITY
It's Patch Tuesday for Microsoft & Not a Zero-Day In Sight
byJai Vijayan
MAY 12, 2026
5 MIN READ
CYBERATTACKS & DATA BREACHES
Instructure Breach Exposes Schools' Vendor Dependence
byAlexander Culafi
MAY 6, 2026
4 MIN READ
Want more Dark Reading stories in your Google search results?
Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
SUBSCRIBE
Webinars
The Frontier AI Era: Why Cybersecurity Must Move at Machine Speed
TUESDAY, JUNE 23, 2026 1:00 PM EDT
Build vs. Buy: The Hidden Cost of Building Your Own AI Security Stack
THURS, JUNE 25, 2026, AT 1PM EST
Defending in the Shadow Era: When the CVE Feed Goes Dark
TUES, JUNE 16, 2026 AT 1PM EST
Building SecOps That Make the Most of Every Dollar
THURS, JULY 9, 2026 AT 1PM EST
AI-Powered Cybersecurity for Resource-Constrained Organizations
THURS, JUNE 18, 2026, AT 1PM EST
More Webinars
BLACK HAT USA | MANDALAY BAY, LAS VEGAS
The premier cybersecurity event of the year returns to Mandalay Bay with a re‑engineered, six‑day program built to ignite innovation, push boundaries, and bring the global security community together like never before. Use code: DARKREADING to save $200 on a Briefings pass or $100 on a Business pass.
GET YOUR PASS