Despite the average cost of a ransomware attack reaching $4.9 million in 2024, the cyber insurance market remains soft, with premium rates falling and capacity still abundant.
What's driving this trend? It's a combination of factors. Insurers are writing broader and more adaptive policies in response to evolving cyber threats, helping to maintain market stability and keep premiums competitive. At the same time, many organizations have scaled their cybersecurity defenses, making it less risky for insurers to write cyber policies with higher limits.
Yet cyberattacks continue to evolve, introducing new mechanisms and extortion tactics that challenge traditional approaches to risk management. Continued policy innovation is essential to address the full spectrum of consequences of modern cyber incidents.
The current soft market provides underwriters with a unique opportunity to test new coverage models while deepening their market insights to effectively mitigate emerging risks.
See also: The Evolving Landscape of Cybersecurity
Recent cyber events haven't swayed the soft cyber insurance market
The most significant cybersecurity incident of 2024 was the CrowdStrike software glitch, which led to a major tech outage that grounded airlines and disrupted patient care at hospitals. But it barely registered for insurers.
Because the culprit was a routine software update — and not a malicious actor — the impact was limited to specific operational disruptions. Additionally, the quick resolution of the issue and its classification outside the typical scope of cyber claims allowed insurers to avoid systemic losses.
However, things could go differently next time. The next widespread cybersecurity event could lead to a surge in claims severity that dramatically shifts market conditions.
Now is the time for underwriters, brokers and insureds to take advantage of the soft market to get ahead of emerging trends and identify creative solutions to offset evolving risks. With the cyber insurance landscape evolving rapidly, proactive measures today can make all the difference when the next major incident hits.
The current market conditions present a unique opportunity to explore new coverage models, strengthen client relationships and position both insureds and insurers to respond with resilience to future threats.
Keep an eye on the following trends and opportunities as 2025 unfolds so you can stay flexible and adaptable, and help your insureds do the same.
1. Insurers will continue to write broad cyber policies.
Organizations face an average of 1,300 cyberattacks per week, a record. However, companies have also gotten better at thwarting these threats.
Logins that require multifactor authentication are now table stakes at many organizations. And three-quarters of companies with cyber insurance invested in strengthening their defenses against ransomware and other cyberattacks to qualify for coverage. That has helped keep rates from rising alongside attack frequency.
As a result, the soft market will likely persist for the foreseeable future, with insurers continuing to offer broader coverage and higher limits. Many policies now include provisions for both first- and third-party losses, encompassing everything from ransomware payments to regulatory liabilities. For insureds, this means greater flexibility and protection — but it also underscores the need to carefully review policy terms to ensure adequate coverage for emerging risks.
How to prepare: Evaluate your current cyber portfolio and explore opportunities to expand coverage options. Ensure that your policy provisions align with emerging risks and consider working closely with specialist brokers who are on the frontlines of new trends and exposures.
2. Ransomware attacks will continue to evolve.
Traditional ransomware attacks in which bad actors encrypt stolen data and demand payment in exchange for the decryption key have become less effective. Many organizations now have robust backup systems, so they can simply restore their data without paying off the attacker.
This has caused cybercriminals to pivot tactics, prioritizing data theft and extortion attacks that focus on stealing personal and sensitive information and threatening to release it publicly. Examples could include company financial records or damaging personal information about executives or clients.
Consequently, insurers are seeing more demand for cyber policies that include coverage for reputation and crisis management costs. Demand for customized policies is especially high among professional services firms. In particular, law firms and wealth management advisers are more likely to be targeted with data theft and extortion attacks due to the sensitive nature of their work.
How to prepare: Stay ahead of evolving ransomware tactics by developing comprehensive policies that address both traditional and emerging ransomware risks. Schedule regular meetings with your brokers, underwriters and breach response teams to share information on claim trends and active cybercriminal groups.
3. AI will make social engineering attacks more efficient.
Social engineering attacks that exploit trust and human error will grow more prolific in 2025. Generative AI has made it easier for scammers to create automated fraud campaigns that are more targeted and convincing.
For example, a classic social engineering attack formula is for scammers to pose as a CEO asking an employee to initiate a funds transfer. Using generative AI, the attacker can more effectively mimic the CEO's communication style and target employees with highly personalized messages that reference specific projects or job duties, making employees more likely to fall victim to the scam.
A higher share of social engineering attacks are also focused on property theft, which makes them even harder for employees to recognize and report. In these scams, fraudsters order expensive goods or equipment, pick it up without making payment and vanish without a trace.
We've already seen an uptick in physical property losses being added to cyber policies, expanding the scope of what cyber insurance covers and requiring underwriters to adapt policies that address blended threats. It's too early to predict how else generative AI-enabled scams might affect the cyber insurance market, but insurers should continue to monitor events closely and adapt their coverage options and limits as risks evolve.
How to prepare: Equip your team with reliable market insights to stay informed about the evolving impact of AI threats on claims so you can adapt your policy terms. Additionally, emphasize to insureds the importance of employee training to recognize social engineering attacks, including those driven by AI.
See also: Trends in Data Breach and Privacy Risk
Staying ahead in 2025 hinges on creative solutions and actionable market data
As the soft cyber market continues, insureds will look to eliminate supplements and consolidate coverage under broader policies with improved limits and policy language. Agents and brokers should work closely with clients to ensure policies include expanded provisions for the wide-ranging consequences of modern cyber incidents.
Meanwhile, underwriters will take advantage of the soft market to develop insurance products that address both emerging and traditional cyber threats. Access to robust market insights will be critical for maintaining flexibility to adapt as the threat landscape evolves.
The time to address emerging cyber risks is before the next major incident occurs. Planning and innovative policy design will be key to staying resilient in the face of increasingly sophisticated attacks.
