DarkReading.com reported that “The good news for enterprises is that cyber insurance policies are still affordable. The bad news is that coverage exclusions are increasing, and some might catch customers by surprise.” The June 3, 2026 article entitled ” Cyber Insurance Rates Are Dropping, but Exclusions Widen” (https://www.darkreading.com/cyber-risk/cyber-insurance-rates-drop-exclusions-widen) included these comments:
The growing list of exclusions is just one shift among several in the cyber insurance market, according to Paul Furtado, distinguished vice president analyst at Gartner. During a Tuesday session at the Gartner Security & Risk Management Summit, Furtado outlined several changes in the market that policyholders and prospective customers might not be aware of.
Some of those trends are positive. For example, pricing has stabilized, and insurance carriers are providing discounts for “demonstrable levels of security in different organizations,” Furtado said.
“Prices are going down, and we see this across the market,” he added, noting that carriers have “finally got their models right.”
But other market shifts could leave organizations in a bind at the worst possible time.
Arguably the most important shift in the cyber insurance market is the increasing number of coverage exclusions. “The list of exclusions continues to grow, more and more,” Furtado said.
Employee actions, outdated software, failure to maintain security controls, and mergers and acquisitions are just a few of the exclusions that lead to policies not being paid out, he said. For example, “employee actions” exclusions in some policies might include social engineering attacks.
Anyone surprised?
First published at https://www.vogelitlaw.com/blog/good-news-that-cyber-insurance-rates-are-dropping-but-bad-news-that-exclusions-expanding