What are the key sales KPIs for the Cyber-Insurance Carriers industry in 2027?
The nine KPIs that actually run a Cyber-Insurance Carrier business in 2027 are: Direct Written Premium (DWP) Growth %, Loss Ratio % (incurred losses ÷ earned premium), Combined Ratio % (loss ratio + expense ratio), Average Premium per Insured ($/year), Ransomware Incident Frequency (claims per 1,000 policies), Average Ransom Demand Trend ($), Vendor-Endorsement Pull-Through Rate % (policies bound from endorsed-vendor referrals), Sub-Limit Negotiation Rate % (policies sold with stated sub-limits on extortion, BI, third-party), and Renewal Retention Rate %. Together they answer the only three questions a cyber-insurance CEO is graded on: are premiums growing faster than claim severity, is the underwriting model holding loss ratio under 65%, and is the vendor-attestation flywheel actually reducing claims frequency.
> TL;DR — Cyber-insurance carriers print money or burn it on loss ratio and average ransom demand. The 2024–2025 ransomware spike pushed loss ratios above 80% at multiple carriers and triggered the underwriting reset that defined the 2026 hardening cycle. Carriers now require MFA-everywhere, MDR coverage above 90% of endpoints, immutable backups, EDR/XDR on every endpoint, and tested incident-response runbooks before binding. Track the nine KPIs weekly, run quarterly underwriting-model reviews against frequency and severity trends, and re-baseline sub-limits every 30 days during ransomware waves — that is the cadence Chubb, AIG, AXA XL, Beazley, Coalition, At-Bay, and Resilience have all converged on after the 2024 reset.
Why Cyber Insurance Operates Differently
Cyber-insurance is not classic property-and-casualty insurance and not pure tech-risk underwriting — it is a continuously-recalibrated risk pool tethered to a moving threat actor. Four mechanics make it its own category.
Frequency and severity move together, not independently. Most insurance lines see frequency vary while severity stays roughly flat (auto, homeowners). Cyber is the opposite — frequency cycles with attacker capacity but severity grows with the value of customer data and operational dependency. Coalition's 2026 Cyber Claims Report shows ransomware demand rose from $1.27M average in 2022 to $4.41M in 2026, a 247% increase, while business-interruption claims rose roughly the same.
Vendor-endorsement is the underwriting flywheel. Carriers reduce loss ratio by pre-approving security vendors and routing the customer to them. Coalition, At-Bay, Resilience, and Beazley all publish vetted-vendor lists; policies bound off a vendor referral show 18–24% lower loss ratios than non-referred policies (At-Bay 2026 actuarial disclosure).
Sub-limits are the operating reality. Most cyber policies are sold at headline limits ($10M, $25M, $50M) but with sub-limits on the high-claim categories — extortion payments, business interruption, third-party liability, dependent BI. Marsh's 2026 cyber-renewal survey shows 94% of renewed policies carry at least one sub-limit, and the sub-limit terms drive the actual loss-ratio outcome more than the headline limit.
Reinsurance treaty terms set the underwriting envelope. Cyber reinsurance capacity (Munich Re, Swiss Re, Hannover Re, Lloyd's syndicates) tightened in 2024 and only loosened modestly in 2026. Carriers underwrite within reinsurance treaty terms, not freely; sudden capacity contraction can force a carrier to non-renew policies mid-cycle.
The 9 KPIs, In Depth
1. Direct Written Premium (DWP) Growth %. Year-over-year growth in cyber premiums written. The global cyber-insurance market crossed ~$28B in DWP in 2026 per Munich Re and is growing at ~14% CAGR after the 2024–2025 hardening cycle compressed growth from prior 30%+ rates. Carriers growing below market either lost underwriting appetite or fell off broker placement lists.
2. Loss Ratio % (incurred losses ÷ earned premium). The headline underwriting health metric. Under 60% is excellent; 60–70% is acceptable; 70–80% is warning territory; above 80% is unsustainable. AIG, Chubb, and Beazley reported 2026 cyber loss ratios in the 55–65% range; smaller carriers ran 70%+.
3. Combined Ratio % (loss ratio + expense ratio). Total underwriting cost as a percentage of earned premium. Under 95% means underwriting profit; 95–100% means break-even; above 100% means underwriting loss. Coalition reported a combined ratio of ~92% in 2026; At-Bay ~94%.
4. Average Premium per Insured ($/year). Mean annual premium per policy. The 2026 figure for mid-market accounts is $48,000–$72,000 for a $5M-limit policy; large-cap is $250,000–$600,000 for $25M+ limits. Pricing rose 38% from 2022 to 2026 (Marsh 2026 Cyber Market Index).
5. Ransomware Incident Frequency (claims per 1,000 policies). Frequency of ransomware claims per 1,000 written policies. 6–10 per 1,000 per year is the post-reset benchmark; the pre-reset 2023 number was 18+ per 1,000. Coalition's 2026 claims data put frequency at 7.4 per 1,000.
6. Average Ransom Demand Trend ($). Mean ransom demand on reported incidents. $4.4M average in 2026 per Coalition; $2.1M median because the distribution is heavily right-skewed. Track quarter-over-quarter — a 20%+ rise in two consecutive quarters signals a reinsurance-treaty conversation.
7. Vendor-Endorsement Pull-Through Rate %. Share of bound policies that came through an endorsed-vendor referral or active risk-engineering session. 35–45% is best-in-class (At-Bay, Coalition); the median is 18–22%. Higher pull-through correlates with lower loss ratio.
8. Sub-Limit Negotiation Rate %. Share of new and renewed policies bound with at least one stated sub-limit (extortion, BI, third-party, dependent BI). 90%+ is now the standard in the post-2024-reset market. A carrier writing policies without sub-limits is taking outsized severity risk and reinsurance will reflect that.
9. Renewal Retention Rate %. Logo retention at renewal. 88%+ is healthy in the hardened market; below 80% means the carrier is repricing too aggressively or losing competitiveness to a carrier with a better risk-engineering offering. Marsh's 2026 renewal data shows mid-market renewal retention at 86%.
Real Operators
Chubb is the global cyber-insurance benchmark — disclosed billions in cyber DWP and consistent sub-65% loss ratios. AIG runs CyberEdge across mid-market and enterprise globally. AXA XL is the European-anchored global carrier with deep Lloyd's syndicate ties. Beazley is the Lloyd's-listed cyber-specialty leader with one of the longest claims data series in the industry. Coalition is the technology-led MGA-turned-carrier that pioneered the risk-engineering-plus-policy model and crossed $500M+ in premium. At-Bay is the data-driven cyber MGA with the strongest vendor-endorsement pull-through rate. Resilience is the cyber-resilience-platform-plus-policy model. CFC Underwriting is the Lloyd's MGA serving SMB and lower middle market globally. Tokio Marine HCC is the Asia-anchored global carrier. Munich Re and Swiss Re are the dominant cyber reinsurers; Hannover Re and Lloyd's syndicates round out the treaty capacity. Cowbell Cyber is the SMB-focused MGA with continuous risk scoring. Corvus Insurance (acquired by The Travelers in 2024) brought scan-and-bind to the SMB tier. Travelers owns the SMB and middle-market space via the Corvus integration. Zurich Cyber Insurance is the global-program option for multinationals.
Failure Modes
The four that quietly kill cyber-insurance carriers. (1) Loss ratio drifting above 75% — reinsurance treaty terms get repriced or capacity is pulled, and the carrier has to non-renew policies mid-cycle. (2) Writing without sub-limits in the hardened market — one $50M ransomware claim wipes out years of underwriting profit. (3) No vendor-endorsement program — the carrier loses the loss-ratio differential its competitors are gaining and has to compete on price alone. (4) Stale underwriting model — frequency and severity move quarterly; a model recalibrated annually misses the next ransomware wave by six months.
Reporting Cadence
Daily: new submissions by industry, bound-policy run-rate, incident notifications. Weekly: quote-to-bind conversion, vendor-endorsement pull-through, ransomware-incident frequency trend, broker placement-rate. Monthly: loss ratio rolling 12-month, average premium by segment, sub-limit negotiation rate, renewal retention. Quarterly: full P&L, combined ratio, reinsurance-treaty review, vendor-program scorecard.
30/60/90 Day Plan
Days 1–30: instrument the nine KPIs end-to-end. Reconcile claims-system telemetry with policy-administration and broker-management systems — they will not match on day one and the gap is the first underwriting finding. Establish rolling-12-month loss ratio, average premium by segment, and ransomware frequency baselines.
Days 31–60: ship the vendor-endorsement pull-through dashboard to broker channels and risk-engineering teams. Stand up the sub-limit-negotiation tracker by underwriter. Pilot a continuous-monitoring risk-score with one MDR partner and capture pre-bind and post-bind loss-ratio impact.
Days 61–90: run the first quarterly underwriting-model review against the actual frequency and severity data. Recalibrate pricing assumptions and present to reinsurance partners ahead of treaty renewals. Brief the CFO on combined-ratio trajectory and present the vendor-program scorecard to the board.
Policy Count Growth (New Business vs. Renewal)
Policy count growth splits into two critical streams: new business policies and renewal policies. New business growth measures the carrier's ability to attract uninsured or underinsured organizations, while renewal growth reflects retention success. In 2027, carriers target a combined policy count growth of 8–12% annually, with new business contributing 3–5% and renewals contributing 5–7%. A declining renewal count signals pricing misalignment, coverage gaps, or poor service—often a leading indicator of future loss ratio deterioration.
Average Policy Duration (Months)
Average policy duration tracks how long insureds stay with a carrier before switching or non-renewing. In the cyber-insurance market, where policy terms typically run 12 months, a duration above 14 months indicates strong loyalty and low churn, while below 10 months suggests frequent shopping or dissatisfaction. Carriers use this KPI to assess the stickiness of their risk selection, pricing, and claims handling. A 2027 benchmark of 12–15 months is common among top-tier carriers, with shorter durations often correlating with higher acquisition costs and adverse selection.
Quote-to-Bind Conversion Rate (%)
The quote-to-bind conversion rate measures the percentage of quoted policies that result in bound coverage. In 2027, a healthy conversion rate ranges from 25% to 40%, depending on the carrier's underwriting rigor and market positioning. A low conversion rate (below 20%) may indicate overly aggressive pricing, insufficient coverage options, or slow turnaround times, while a very high rate (above 50%) could signal underwriting leniency that increases adverse selection risk. Carriers track this KPI weekly to adjust underwriting guidelines and broker relationships in real time.
FAQ
What is a combined ratio and why does it matter? The combined ratio adds your loss ratio and expense ratio together. A ratio under 100% means underwriting profit; above 100% means you’re paying out more than you take in. In 2027, most carriers target a combined ratio of 90–95% to stay profitable after reinsurance costs.
How does ransomware frequency affect premiums? Ransomware incident frequency (claims per 1,000 policies) directly drives loss ratios. If frequency rises above 2–3 per 1,000, carriers typically raise premiums 15–30% across the board. In 2027, frequency has stabilized near 1.5–2.5 for well-managed books, but spikes in certain verticals (healthcare, manufacturing) still trigger targeted rate increases.
What is a vendor-endorsement pull-through rate? It’s the percentage of policies bound from referrals by endorsed security vendors (e.g., MDR or MFA providers). A high pull-through rate (above 40–50%) signals strong partner trust and lower acquisition costs. Carriers with rates below 20% often struggle to grow without heavy broker commissions.
Why do sub-limit negotiation rates matter? Sub-limits on extortion, business interruption, or third-party liability cap the carrier’s exposure. A high negotiation rate (above 60–70%) means brokers and clients accept these caps, reducing tail risk. Low rates (under 40%) suggest the carrier is writing uncapped policies that could blow up loss ratios in a major event.
How is average ransom demand trend used in pricing? Carriers track the average ransom demand per incident to adjust premium models. In 2027, demands range from $200,000 to $800,000 depending on target size and industry. If the trend rises more than 10–15% year-over-year, carriers increase sub-limit pricing or require higher deductibles.
What is a healthy renewal retention rate for cyber insurance? Retention rates above 85–90% indicate strong client satisfaction and accurate pricing. Below 75% suggests either aggressive competitor pricing or poor claims handling. In 2027, top-quartile carriers retain 88–92% of their book annually, while weaker players see 70–78% churn.
Related on PULSE
- [What are the key sales KPIs for the Auto Insurance Carriers industry in 2027?](/knowledge/ik0312)
- [What are the key sales KPIs for the equine breeding industry in 2027?](/knowledge/ik0451)
- [What are the key sales KPIs for the Fine-Tuning Platform industry in 2027?](/knowledge/ik0382)
Sources
- Marsh McLennan — Global Cyber Insurance Market Index (2026)
- Coalition Inc. — Cyber Claims Report (2026)
- At-Bay — Annual Underwriting and Loss Ratio Disclosure (2026)
- Munich Re — Cyber Reinsurance Treaty Capacity Report (2026)
- Swiss Re Institute — Sigma Cyber Insurance Outlook (2026)
- Beazley plc — Annual Report and Cyber Claims Data (2026)
- Chubb Limited — Cyber Insurance Performance Review (2026)
- Aon — Cyber Insurance Renewal Benchmark (2026)
- Lloyd's of London — Cyber Insurance Syndicate Performance Review
- NetDiligence — Cyber Claims Study (2026)










