The Colonial Pipeline ransomware attack that temporarily crippled the largest fuel pipeline in the United States and led to a run on gasoline by panicky consumers, will further harden a tightening insurance market, experts say.

The crisis will intensify ongoing trends toward lower capacity and higher rates as well as ransomware sublimits and coinsurance, they say.

It will also encourage insurers to demand policyholders adopt basic cybersecurity measures before agreeing to provide coverage and will increase demand for the coverage, particularly among sectors that have been slow to adopt it, they say.

President Biden issued an executive order last week calling for enhanced security measures and data collection for companies that conduct business with the federal government.

Some experts point to the thwarted attempt earlier this year by an unknown hacker to put lye into a small Florida city’s water treatment facility as an example of the nonfinancial impact ransomware attacks could have.

The Colonial Pipeline incident, though, may be the first in the United States that affected a wide swath of the public, observers say.

“The attacks just seem to be getting worse, and the underwriting community has already responded” with coinsurance coverage and sublimits, said John Farley, New York-based managing director of Arthur J. Gallagher & Co.’s cyber liability practice.

“The underwriters are going to continue to raise their expectations of insureds in terms of cybersecurity systems policies and procedures, and raise the level needed to qualify for cyber insurance,” said Jeffrey M. Dennis, head of privacy and security at Newmeyer & Dillion in Newport Beach, California.

There has been a big shift among insurers for some time toward putting the onus on companies to have basic security measures, such as multifactor authentication, in place before they become eligible for cyber insurance, said Megan North, Seattle-based vice president and broker at Amwins Group Inc.

The Colonial Pipeline incident “validated the underwriting scrutiny that we’re currently seeing,” said Anthony Dagostino, New York-based executive vice president, global cyber and technology practice, at Lockton Cos. Inc.

He added the energy sector has lagged other sectors such as retail, banking, health care and manufacturing in the rate it has turned to cyber insurance. “I think this is going to change that,” he said.

Sectors that were among the first to adopt cyber insurance had privacy concerns, but many other sectors had already begun to evaluate the coverage and this incident will lead to increased buying, said Matt McCabe, New York-based senior vice president in Marsh LLC’s cyber practice.

The incident is a wake-up call for many domestic and global businesses that are operating with legacy and end-of-life systems, Ms. North said. The latter refers to when the developer has stopped creating software updates and patches.

Earlier this month, Axa France, Axa Group’s French general insurance unit, said it will no longer reimburse ransomware payments when underwriting new policies, stating it is awaiting regulatory authorities’ position on the subject. Experts say they do not expect others to follow Axa’s lead.

The Colonial Pipeline incident may also affect other types of coverage, such as certain contingent business coverages that would apply in the event of a supply chain disruption, said Marcus A. Christian, a partner in Mayer Brown LLP’s cybersecurity and data privacy practice in Washington.

State and local governments are recognizing the need for some sort of response from the government, like the federal backstop for terrorism insurance losses or a pooled risk approach, said Jeff Schermerhorn, Los Angeles-based regional leader, FINEX, cyber and errors and omissions, at Willis Towers Watson PLC.