Cyber Insurance Market is Getting Tighter, which obviously has a big impact on CISOs!

Darkreading.com reported that “Cyber-risk leaders may not want to get too cozy with the current dynamics in the cyber-insurance market. After a couple of years of softening rates and cutthroat competition, the pace of premium rate reductions shows signs of slowing, and insurers are asking for more proof of best practices before writing policies or paying claims.”  The January 5, 2026 entitled “CISOs Face a Tighter Insurance Market in 2026”( https://www.darkreading.com/endpoint-security/cisos-face-tighter-insurance-market) included these comments:

Boards and enterprise risk management stakeholders increasingly see cyber insurance as a non-negotiable part of cyber-risk management strategies, but while it may be easier and cheaper to get coverage now, all it takes is one or two mega loss events — a supply chain problem or AI-related incident — to cause underwriting stances to shift dramatically.  

Even in a soft market, the drumbeat for proof-based cyber insurance is growing louder. Managing general agents (MGAs) and insurance companies are becoming more serious about holding customers accountable for implementing baseline security controls. And both security and insurance industry players are making steady progress on implementing more sophisticated ways for customers to prove their security stance at underwriting and during claims.

"They want more proof, not just you putting something in an application and a pinky promise that you have controls in place," says Heidi Shey, principal analyst for the Security & Risk team at Forrester.

No surprises here!