Cyber Rates Keep Falling While Ransomware Sets Fresh Records

The ransomware ecosystem has reached a new scale of activity. Travelers' Q1 2026 Cyber Threat Report identified 2,400 organizations posted to leak sites, the second‑largest quarterly total on record, and a record 84 active ransomware groups, including 19 newcomers. The report also highlighted that more than 85 % of claims began with a compromised virtual private network, while AI‑generated phishing and voice‑impersonation attacks are now routine entry vectors. These trends signal a shift from isolated incidents to a persistent, diversified threat baseline.

At the same time, cyber insurance pricing continues its multi‑quarter decline. Marsh’s global index shows a 5 % drop in rates this quarter, with the United States slipping 2 % and emerging markets experiencing steeper falls. The softening reflects excess capacity and competitive pressure, yet loss frequency is rising sharply, as evidenced by the surge in ransomware victims and larger ransom payouts—more than half exceeding $200,000. The mismatch between falling premiums and escalating losses is compressing combined ratios and prompting carriers to reassess reserve assumptions.

For underwriters, the data translate into actionable policy conditions. The overwhelming VPN entry point suggests that mandatory multi‑factor authentication and network‑segmentation attestations can be priced as underwriting covenants, giving carriers a defensible risk‑mitigation lever. Product teams must also revisit social‑engineering sublimits, since AI‑driven scams erode traditional human‑recognition controls. Reinsurers are likely to demand tighter aggregation modeling, given the concentration of attacks across dozens of groups. Ultimately, carriers that embed robust cyber hygiene requirements while calibrating pricing to the rising frequency will protect margins in a market where rates are unlikely to rebound soon.