The cyber insurance segment has experienced many ups and downs in recent years, largely due to ever-changing underwriting dynamics and market volatility. Industry data revealed that average premium increases peaked at 34.3% in the last quarter of 2021 amid surging claim frequency and severity. For the next few years, rising underwriting profitability enabled market stabilization, with average rate hikes steadily declining until they became almost flat at 1.5% by the second half of 2024. In 2025, growing capacity and competition brought on by new market entrants are cultivating a buyer-friendly environment.
Even as cyberattacks become increasingly common and complex, stricter underwriting standards from insurers and greater cyber resilience among policyholders have helped minimize claims costs and keep loss ratios under control, ultimately fostering continued stabilization.
As a result, most insureds are encountering flat premiums or modest rate decreases, with average reductions sitting at 2.1% in the first quarter of the year, according to industry experts. Select policyholders have even seen double-digit rate decreases. Yet, some insurers have turned business away due to ongoing profitability concerns, signaling caution regarding pricing adequacy in the segment going forward.
Trends & Cost Drivers
Although the cyber insurance market shows signs of stability, some concerning trends and cost drivers remain. For instance, as more insureds leverage tracking technology—namely, biometrics, pixels, and cookies—within their operations, they could be subject to significant data privacy issues. Especially as more states and countries strengthen their legal frameworks surrounding private data collection and storage, failure to comply with this evolving legislation (e.g., the Biometric Information Privacy Act, the Video Privacy Protection Act, and the California Invasion of Privacy Act) may leave policyholders with serious regulatory penalties, costly lawsuits, and associated nonbreach privacy claims.
In addition to tracking technology, continued advancements in artificial intelligence (AI) pose considerable cybersecurity concerns for insureds. Cybercriminals can use AI-driven tools to deploy sophisticated scams, infiltrate vulnerable software, and analyze stolen data with ease, all while evading detection by their targets. This, in turn, can result in large-scale business disruptions, damage, and associated cyber losses. Deepfake scams—the use of synthetic audio and video clips to impersonate corporate executives and employees for personal or financial gain—have become particularly prevalent in the past year. In fact, 2024 recorded the largest deepfake loss to date when scammers conned a multinational firm out of more than $25 million, none of which has since been recovered.
Similar to previous years, ransomware attacks also continue to be a key exposure in the cyber insurance space. Analyses from threat intelligence platform Cyble found that such attacks increased by nearly 150% year over year in the first five weeks of 2025.
Even so, industry experts assert that ransomware claims costs have begun to stabilize amid the growing adoption of data backup strategies and incident response planning. With these mitigation tactics in place, more insureds refuse to comply with ransom demands, reducing associated claims payouts. Cyber insurers will likely require additional proof of ransomware preparedness from policyholders in the months ahead and watch for emerging attack methods (e.g., double extortion and supply chain incidents).
Above all, social engineering schemes—mainly business email compromise (BEC) and funds transfer fraud (FTF) scams—currently account for the bulk (60%) of cyber insurance claims, according to a new report from IT company Coalition. Insureds with small and mid-sized operations are the most common targets for these schemes, as their limited resources make them less likely to have proper authentication controls. In response to these claims trends, policyholders can expect cyber insurers to implement further underwriting scrutiny regarding BEC and FTF prevention measures, including advanced email security solutions, protected payment processes, and employee awareness training.
Looking Ahead
What can you expect for the remainder of 2025?
- Continued rate stabilization
- Stringent underwriting standards
- Emphasis on security controls and compliance
Solid loss ratios and increased competition within the cyber insurance segment are anticipated to help keep premium pricing stable and coverage accessible for the rest of 2025. Certain coverage offerings may even expand; however, cyber insurers will likely keep scrutinizing policyholders’ security controls and compliance heavily.
Insurers are actively adjusting to stricter data privacy laws, AI-driven threats, ransomware risks, and social engineering exposures. As demonstrated by several high-profile cyberattacks over the past year (e.g., CrowdStrike and Change Healthcare), all it takes is one major incident to generate severe losses and create seismic shifts in the market. With this in mind, insureds with a strong cybersecurity posture will be best equipped to navigate this fluctuating risk landscape.
