Estimated reading time: 3 minutes
The cyber insurance market remains soft, reports broker Gallagher Specialty, and now is the time to purchase coverage before cyber insurance premiums increase. “There is currently a healthy abundance of capacity, and the market continues to observe greater flexibility in underwriting and security controls. The competition and growth strategies in underwriting have led to better premiums and favourable terms, making this year the best time to negotiate unique and broad coverage. Underwriters right now have a greater risk appetite to cover clients they historically might not have covered,” concludes the company’s Cyber Insurance Market Update 2025.
Gallagher predicts favorable rates will not continue forever as the cyber insurance market is poised to harden: “(T)ides are shifting, with a heightened threat environment, the proliferation of AI-enabled attacks, and imbalanced claims versus premiums at play.”
Cyber Insurance Premiums Down, But Decline is Slowing
The cyber insurance premium trends appear to be stabilizing. Policy renewal rates are down 5%-15%, following previous years where overall premiums had declined 10%-30%, according to the report. But industries such as healthcare, transportation, retail, and higher education, however, face lingering rate pressures due to elevated claims.
Cyber Insurance Market Continues to Grow Rapidly
The overall cybersecurity insurance market is projected to surge from $16.66 billion in gross written cyber liability insurance premiums in 2023 to $120.47 billion by 2032, fueled by a 24.5% compound annual growth rate, estimates Gallagher. This is just the latest in widely diverging estimates the cyber insurance market size. See our roundup of cyber market size estimates here. Despite the range of estimates, all the reports anticipate continued rapid growth in cyber liability premiums.
Threats Continue to Expand for Cyber Insurers
Gallagher reports ransomware remains the top cyber threat, with ransom payments increasing and criminals increasing double and even triple extortion tactics (double extortion is when hackers both encrypt and steal sensitive data: triple extortion often describes attacks when the hacker encrypts and steals an enterprise’s data, but also also contacts customers or others whose data has been stolen to demand payment.) Ransomware claims jumped almost a third in 2024 and such cyber attacks are “re-approaching peak levels of 2021.” Additional threats include AI-enabled attacks, such as “vishing” (voice or video phishing).
Greater regulation on the Way
Gallagher also notes increasing regulation of cybersecurity, which may impact the threat environment and, subsequently, cybersecurity pricing and policies. In the EU, new regulatory action includes the Digital Operational Resilience Regulation (DORA) and upcoming Cyber Resilience Act mandate ICT risk standards and “security by design” for digital products. The NIS2 directive expands requirements for essential services, with fines up to €10 million. In the U.S., proposed HIPAA updates could hike penalties by 40% for healthcare breaches. Several governments have been considering regulations to control ransomware payments, with the UK debating whether to ban such payments by public and critical sectors and mandate better reporting to and coordination with government authorities.
Related Posts
