The US cyber insurance market
The United States cyber insurance market is the largest globally and continues to expand rapidly. The market is characterised by a high degree of specialisation, with carriers competing across different business segments (SMB, mid-market, enterprise) and verticals (healthcare, financial services, technology, retail).
The US regulatory environment is complex. Unlike many other countries, the US operates under a "patchwork" framework where cyber insurance costs and coverage are influenced by federal requirements (SEC disclosure rules for public companies, HIPAA for healthcare), state-specific laws (California's CCPA/CPRA, New York's NYDFS 23 NYCRR 500), and industry-specific standards (PCI DSS for payment processors). This regulatory complexity means that carriers pricing for the US market must account for significant variation across geographies and sectors.
Additionally, the US market distinguishes between "admitted" insurers (licensed in a specific state and regulated by state insurance commissioners) and "surplus lines" insurers (not licensed in the state but allowed to write hard-to-place risks). Understanding this distinction is important when evaluating coverage.
US market characteristics and what they mean for you
Market size and competition
The US cyber insurance market represents the largest concentrated cyber book globally, with hundreds of carriers competing for business. This competition benefits customers: you have genuine choice, pricing is aggressive, and innovation is rapid. New carriers enter regularly, and product features evolve quickly.
InsurTech disruption
Specialist InsurTech carriers like Coalition, Corvus, and At-Bay have reshaped the SMB and mid-market segments. These companies use technology (risk scoring, real-time monitoring, API integrations) to streamline underwriting and claims, reducing friction and cost for customers. They often offer direct purchase options, though most still work through brokers.
Admitted vs. surplus lines
Admitted insurers are regulated at the state level and offer consumer protections including guaranteed claim payout (via state guaranty funds if the insurer becomes insolvent). Surplus lines policies offer more flexibility and access to capacity for hard-to-place risks but come with fewer consumer protections. Most businesses purchase from admitted carriers; surplus lines are typically used for enterprise or specialty risks.
State-by-state regulation
While all 50 states require breach notification, several states have introduced specific cybersecurity regulations affecting insurance pricing: California (CCPA/CPRA), New York (NYDFS 23 NYCRR 500 for financial services), and others. Healthcare providers must comply with HIPAA. These regulations increase compliance costs for insurers, which are reflected in your premium.
Financial strength and AM Best ratings
In the US, AM Best ratings are the gold standard for evaluating insurer financial stability. A+ is excellent, A is very good, A- is good. Ratings below BBB are generally considered substandard. S&P and other rating agencies are also used. Always check financial strength ratings before choosing a carrier β your premium is worthless if they can't pay your claim.
Leading US cyber insurance carriers
Below is an overview of the major carriers operating in the US market. This is not a ranking or endorsement β the right carrier depends on your specific risk profile, industry, and requirements. Always work with a specialist broker to evaluate options for your situation.
AIG Cyber & Specialty
One of the largest cyber insurance carriers globally, AIG holds significant market share across SMB, mid-market, and enterprise segments. Known for broad coverage, strong financial strength (AA- by S&P), and capability to write large accounts. AIG's incident response panel includes major forensics firms.
Strengths: Tier-1 financial strength; market leader in large deals; broad product suite; global reach.
Considerations: Claims experience varies; can be slower than specialist carriers on SMB deals.
Chubb Cyber Insurance
Chubb is a global insurance powerhouse with deep cyber expertise. Strong presence across SMB and mid-market, with dedicated enterprise underwriting. Known for competitive pricing in the mid-market and strong claims capability.
Strengths: Excellent financial strength (AA+ by S&P); competitive on mid-market; strong claims response; good customer service.
Considerations: Larger minimum premiums than some specialist carriers; may be more expensive for very small businesses.
Travelers Cyber Insurance
A US-based traditional insurer with strong market position, particularly in the mid-market. Known for stable pricing, good claims experience, and agent relationships. Travels can write substantial limits and has good capacity.
Strengths: Strong financial stability; agent network; stable pricing; good limits availability.
Considerations: May be less tech-enabled than specialist carriers; not the cheapest option for SMBs.
Coalition Cyber Insurance
One of the largest specialist cyber insurers, Coalition has focused on SMB and lower mid-market with a tech-enabled, direct-purchase model. Known for streamlined underwriting, competitive SMB pricing, and good customer service. Backed by significant venture capital and reinsurance partnerships.
Strengths: Fast underwriting for SMBs; competitive pricing; good technology; strong growth trajectory.
Considerations: Newer entrant (founded 2017); capacity limits for very large deals; AM Best rating to review carefully.
Corvus Insurance Cyber
Another leading specialist, Corvus uses technology and data science to underwrite SMB and mid-market cyber risk. Offers competitive rates and good incident response capability. Known for fast quotes and direct relationships with brokers.
Strengths: Strong SMB/lower mid-market pricing; tech-enabled underwriting; fast turnaround; good claims experience.
Considerations: Newer player; capacity limits; limited enterprise presence.
Beazley Cyber Insurance
Beazley is a Lloyd's-based specialist with strong presence across all US market segments. Known for deep cyber expertise, flexible underwriting, and strong panel quality. Market leader in many verticals.
Strengths: Excellent cyber expertise; flexible on coverage; strong claims handling; multi-segment capability.
Considerations: Minimum premiums can be higher; primarily accessed via brokers.
Zurich Cyber Insurance
A traditional global insurer with significant US cyber presence. Zurich offers competitive products across SMB and mid-market, with strong financial backing and diverse panel options.
Strengths: Strong financial stability (AA- by S&P); good pricing in mid-market; reliable claims; global capability.
Considerations: Can be more expensive for smallest SMBs; less innovative than specialist carriers.
Hartford Cyber Insurance
The Hartford is a US-based traditional carrier with significant presence in the SMB and lower mid-market segments. Known for stable pricing, agent network relationships, and regional underwriting presence.
Strengths: Good SMB pricing; strong regional presence; agent relationships; stable underwriting.
Considerations: May be less tech-enabled; limited enterprise capacity.
At-Bay Cyber Insurance
A specialist cyber insurer focused on SMB with a tech-enabled, subscription-based model. Known for competitive SMB pricing, good incident response, and streamlined underwriting.
Strengths: Competitive SMB pricing; tech-enabled; good customer service; innovative model.
Considerations: Primarily SMB focus; limited mid-market/enterprise; capacity constraints.
Lloyd's of London Cyber Syndicates
For larger and more complex risks, Lloyd's syndicates (including Beazley syndicate, Axis Specialty, XL Catlin, and others) provide access to substantial capacity and flexible, bespoke coverage. Typically requires broker engagement and has minimum premium thresholds ($50,000+).
Strengths: Unlimited capacity; highly flexible; expert underwriters; custom coverage design.
Considerations: High minimum premiums; must use a broker; less standardised products; longer underwriting cycle.
How to evaluate US cyber insurance providers
Financial strength
This is non-negotiable. Check AM Best ratings (A+ or A preferred), S&P ratings (AA+ to A are strong), or Moody's (Aa1 to A1). A low rating or unrated carrier is a red flag β you need confidence that they can actually pay your claim when it matters most.
Claims handling speed and quality
The first 24 hours after a cyber incident are critical. Can you reach someone 24/7? Do they have a dedicated hotline? Will they respond within two hours? Call references or search online reviews to understand real claims experience. Some carriers are known for fast, customer-friendly claims; others have reputations for slowness or defensiveness.
Incident response panel quality
Your policy should include access to forensic investigators, legal counsel, and PR specialists. The best carriers partner with tier-1 firms (Mandiant, CrowdStrike, Deloitte, etc.). Ask your broker for the panel composition β it's a good proxy for overall quality.
Coverage breadth
Read the policy wording carefully. Does it cover ransomware? Social engineering? Crisis management? Business interruption? Forensics? Third-party liability? The cheapest policy often has the most exclusions. Compare apples-to-apples coverage, not just premiums.
Sub-limits and exclusions
Many policies have sub-limits on specific categories (e.g., "ransomware limited to $500,000"). Understand your specific risk and ensure the policy covers it adequately. Exclusions for prior incidents or known vulnerabilities can also be problematic β flag these with your broker.
Industry specialisation
A provider that specialises in healthcare will understand HIPAA and breach notification timelines. One that focuses on retail knows PCI DSS. Generalists can work, but specialists usually offer better pricing and risk advice for your vertical.
Risk management services
The best carriers help you avoid claims in the first place. Look for free security assessments, vulnerability scanning, employee training, or security tool integrations. This reduces your risk and often earns you premium discounts.
Premium competitiveness
Get multiple quotes and compare β coverage, limits, financial strength, and claims capability should all be factored in. Don't choose based on price alone; a premium 30% cheaper might come with 50% less coverage or a weaker claims team.
Specialist broker vs. direct purchase
Some US carriers (Coalition, Corvus, At-Bay) offer direct purchase online. But we recommend using a specialist broker for most businesses. Here's why.
Brokers shop the market
A good broker has relationships with dozens of underwriters. They'll get competitive quotes for you from multiple carriers. You might buy directly from one insurer, but a broker can often find better terms elsewhere β or discover coverage you didn't know you needed.
Brokers negotiate on your behalf
Underwriters leave room for negotiation. A broker will push back on exclusions, request higher limits, or negotiate better terms. You won't get this flexibility buying direct.
Brokers explain policy wording
Insurance policies are technical and dense. A good broker explains what's actually covered, flags risks, and points out gaps. Trying to read the policy yourself is time-consuming and easy to get wrong.
Brokers help with claims
When a breach happens and you need to claim, a broker in your corner is invaluable. They'll advocate for you, explain the process, and push back on unfair claim denials.
Finding a good US broker
Look for brokers that specialise in cyber insurance (not general business insurance brokers who dabble in cyber). They should have licenses in your state, a strong carrier panel, good reviews, and ideally be part of a professional organisation like the National Association of Insurance Commissioners (NAIC) or similar.
Key questions to ask your US broker
Once you've been matched with a broker, ask these questions before committing to a policy.