Cyberattacks are accelerating. Cyber insurance is, quietly, retreating.

At the same time, the broader insurance market is beginning to soften. Premium growth is slowing in several commercial lines, and competition among carriers is gradually returning.

But for agents and brokers, the practical question is not whether the market is hard or soft.

It's whether your client's specific risk profile is getting better coverage or worse coverage than it was a year ago.

A softer rate environment does not necessarily mean your clients are safer. In many cases, it means the gap between what is covered and what can actually go wrong is getting wider.

Every business owner knows the next storm is always on the horizon. The question is whether their program is built for the storm, or built for the premium.

Cyber risk is where that distinction is becoming impossible to ignore.

The threat curve is steepening

The data tells a stark story.

Cloud-based attacks surged 136% in the first half of 2025, driven largely by nation-state actors, including China-linked groups, according to the CrowdStrike 2025 Threat Hunting Report.

Ransomware incidents jumped 126% in Q1 alone, based on findings from the GuidePoint Research and Intelligence Team (GRIT) and Check Point Research.

Meanwhile, supply-chain breaches now account for nearly 30% of all cyber incidents, doubling their systemic impact, according to Prosegur's 2025 Supply Chain Attacks analysis.

The threat curve is steepening.

But here's the more concerning trend for P&C agents and their business clients: Insurers are paying fewer claims.

According to 2024 data released by the National Association of Insurance Commissioners, carriers closed 28,555 cyber claims without payment, compared with just 9,941 paid, a nearly 3-to-1 disparity.

In excess cyber policies, the imbalance exceeded 20-to-1.

Premiums may fluctuate with the market cycle, but the underlying dynamic remains the same: Coverage terms are tightening, and exclusions are expanding.

Many insureds are discovering, post-loss, that collecting requires what one industry observer aptly described as "a perfect event."

For P&C agents, this is more than a market cycle.

It's a structural coverage gap.

Why claims are being denied

Carriers are reacting rationally to systemic risk.

Cloud concentration has created aggregation exposure unlike anything the industry has previously modeled. A single outage or vulnerability in a dominant cloud provider can trigger cascading losses across thousands of insureds simultaneously.

Supply-chain dependency compounds the issue, with third-party vendors serving as force multipliers for loss severity.

To manage this volatility, insurers are narrowing triggers, carving out exclusions, tightening sublimits, and pushing more risk retention back onto policyholders.

The result?

Clients believe they're covered, until they're not.

And in a softer market, that illusion of protection can actually grow stronger because pricing pressure shifts attention back toward premiums instead of coverage architecture.

The opportunity for P&C agents

This is where forward-thinking agents can differentiate themselves.

Rather than relying solely on increasingly restrictive cyber policies, agents should be helping qualified business clients explore alternative risk structures that allow them to retain and finance risk more strategically.

One such structure is the 831(b) plan, often referred to as a micro-captive under Section 831(b) of the Internal Revenue Code.

When properly designed and administered, an 831(b) plan allows a business to set aside capital in a regulated insurance vehicle to insure specific, difficult-to-place, or excluded risks, including cyber exposures that fall outside traditional policy language.

This isn't about replacing commercial insurance.

It's about supplementing it.

A holistic risk mitigation strategy

Traditional cyber coverage may address certain first-party and third-party losses.

But what about:

  • Regulatory fines where insurability is ambiguous;
  • Reputational damage and brand rehabilitation costs;
  • Supply-chain disruption losses not fully contemplated in policies;
  • Social engineering events falling outside fraud definitions; or
  • Cloud service interruption exclusions.

An 831(b) structure can be tailored to finance these coverage gaps, creating a formal, underwriting-supported mechanism for risk retention instead of leaving clients exposed, or hoping claims clear narrow policy triggers.

For P&C agents, this shifts the conversation from policy procurement to holistic risk architecture.

Before renewal season: Key questions to ask clients

Agents should encourage business clients to evaluate:

  • Where do policy exclusions materially conflict with actual operational risk?
  • How concentrated is their cloud infrastructure exposure?
  • What percentage of revenue depends on third-party vendors?
  • How much uninsured cyber risk would they retain in a denied-claim scenario?
  • Is there a formal strategy to finance retained risk?

If the answer to the last question is "no," that's the gap.

Why 831(b) structures are gaining attention

In a softening market, it's tempting to focus on premium relief.

But the real question isn't pricing. It's resilience.

Agents who are fixated on price, rather than making sure their clients' blind spots are covered, won't see their book of business stick with them for the long haul.

Alternative risk vehicles have long played a role during hard markets. What's different today is the speed at which cyber risk is evolving compared to the speed at which traditional underwriting models can adapt.

831(b) plans give businesses the ability to:

  • Build surplus in profitable years
  • Customize coverage around emerging risks
  • Formalize risk retention instead of absorbing losses informally
  • Complement, not compete with, commercial insurance programs

When implemented correctly, these structures operate within a disciplined regulatory and actuarial framework.

They are not shortcuts.

They are strategic tools.

The role of experienced advisors

Not every business is a fit for an 831(b) plan. Structure, governance, risk distribution, actuarial support, and compliance must be carefully designed and maintained.

That's where specialized firms like SRA 831(b) Admin work alongside agents and their clients to develop comprehensive plans that supplement traditional business insurance.

Our role is to ensure the structure aligns with the client's true risk profile, integrates with existing coverage, and withstands regulatory scrutiny.

For P&C agents, partnering with experienced advisors allows you to expand your value proposition without stepping outside your lane.

A strategic inflection point

Cyber risk is no longer a peripheral line item.

It is a core enterprise exposure, none that is increasingly systemic, correlated, and difficult to fully transfer.

The NAIC data should serve as a wake-up call.

When unpaid claims outnumber paid claims nearly three to one, and excess policies are denied at ratios exceeding twenty to one, relying exclusively on traditional insurance is no longer sufficient risk management.

Agents who evolve from policy sellers to risk strategists will lead in this environment, and see stronger client retention as a result.

Cyber insurance may be retreating.

Risk is not.

The opportunity now is to build smarter, more resilient structures, ensuring clients are protected not just when events are "perfect," but when they are imperfect and real.

Dustin Carlson is president of SRA 831(b) Admin. Any opinions expressed here are the author's own.

(Featured image credit: ParinPIX/Adobe Stock)

NOT FOR REPRINT

© Arc, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to TMSalesOperations@arc-network.com. For more information visit Asset & Logo Licensing.