UK Cyber Insurance and Security News: June 2026

Early June brought movement on the two things UK buyers watch most: the law and the price. The Cyber Security and Resilience Bill reached its final Commons stages, while two separate market reports confirmed that cyber premiums are still falling even as claims costs creep up. Here is what happened and what it means if you buy cover or hold Cyber Essentials.

Cyber Security and Resilience Bill reaches report stage and third reading

The Cyber Security and Resilience (Network and Information Systems) Bill had its report stage and third reading in the House of Commons on 10 June, the last step before it moves to the Lords. The Bill rewrites the UK’s NIS Regulations 2018: a wider set of businesses falls in scope, regulators get stronger enforcement powers, and in-scope organisations must notify their regulator within 24 hours of a significant incident, with a full report inside 72 hours. If you supply public bodies or critical infrastructure, expect those reporting duties to flow down into contracts. The 24-hour clock sits alongside the existing UK GDPR duty to tell the ICO about qualifying personal data breaches within 72 hours; our ICO breach notification deadline calculator works that one out for you. Stage details are tracked in the House of Commons Library briefing.

Cyber premiums grew 7% in 2025, but insurers’ loss ratios are climbing

Fitch Ratings reported on 3 June that US cyber direct written premiums rose 7% in 2025, driven almost entirely by more policies in force (up 34%) rather than higher prices, while the direct loss ratio climbed nearly 6 percentage points to 53%. Pricing is flat to modestly down across most sectors. For a UK small business the read-across is simple: the soft market that has made quotes cheaper for two years is still running, but insurers are paying out more per pound of premium, so it will not run forever. If your renewal lands this year, it is a good window to shop around; our guide to cyber insurance costs for UK small businesses covers what a fair price looks like. Details at The Insurer.

Premiums are falling, but underwriters warn the risk behind them is not

A 2 June piece in Insurance Business carried a blunt warning from brokers: cyber prices are “artificially low” because well-funded new entrants are chasing market share, not pricing off claims data, while AI-driven phishing and deepfake fraud push the underlying risk up. Carriers are increasingly competing on bundled security tooling and pre-placement assessments rather than price alone. The practical point for buyers: a cheap policy is only a bargain if it actually responds, so check how a quote treats social engineering and funds transfer fraud before you sign, and read what cyber insurance covers and excludes first. Full piece at Insurance Business.

Infosecurity Europe 2026 ran 2 to 4 June at ExCeL London

Europe’s biggest security event returned to ExCeL London from 2 to 4 June. This year’s programme leaned on two themes that will reach SME buyers soon: preparing for post-quantum cryptography (Forescout’s Rik Ferguson argued the migration needs to start now, not when quantum arrives) and how fast AI adoption is reshaping cloud threats. Insurer questionnaires tend to follow these conference themes with a lag of a year or two, in the same way MFA and EDR questions became standard. If you missed it, the show preview at Intelligent CISO summarises the keynote programme.