Cyber Insurance to Hit $16.3 Billion in 2025 as Risks Multiply, Says Munich Re

by
Digital World Faces Record-Breaking Cyber Risk Exposure

Munich Re’s “Cyber Insurance: Risks and Trends 2025” report projects the cyber insurance market will grow to $16.3 billion by 2025. This growth comes as global cybercrime costs skyrocket, with losses estimated between $1 trillion and $9.5 trillion in 2024 alone. The report, released in April, paints a stark picture of an increasingly volatile digital environment. From AI-powered ransomware to deep vulnerabilities in supply chains, the cybersecurity landscape is more dangerous and complex than ever.

Bar chart showing the growth of the global cyber insurance market from 2017 to 2030 in gross written premiums (USD millions), with values rising steadily from around billion in 2017 to an estimated billion by 2030. Data source: Munich Re. Used in article about Cyber Insurance 2025
Wake-Up Call: CrowdStrike Outage Disrupted Critical Sectors

A faulty update by cybersecurity firm CrowdStrike in July 2024 disrupted millions of Windows systems globally. While not a malicious attack, the fallout was massive. It halted operations in sectors like airlines, banking, healthcare, and stock exchanges.

This event underscored the fragility of the digital systems that societies depend on.

Four Threat Types Dominate Cyber Losses

Munich Re identifies four primary cyber threats behind the largest financial losses:

  1. Ransomware Attacks
  2. Business Email Compromise (BEC/BCC)
  3. Supply Chain Exploits
  4. Data Breaches

Government, manufacturing, and technology sectors are the most affected. But no organization—regardless of size—is immune.

Ransomware: Still the Most Costly Threat

Ransomware attacks rose by around 25% in 2024. Only 15% were made public. Data exfiltration doubled.

Notable attacks included:

  • Change Healthcare was hit by AlphV/BlackCat, and patient data of 190 million was stolen. UnitedHealth expects total damages of $2.4 billion.
  • CDK Global, attacked by BlackSuit, faced a $25 million ransom demand. Collective industry losses reached $1 billion.
  • ShinyHunters targeted AT&T, which paid $370,000 in crypto after the group stole call records.
  • A Fortune 50 company reportedly paid a record $75 million ransom to the Dark Angels gang.
See also  Cyber Insurance Sunday – Upload

Munich Re data shows that manufacturing suffered the highest share of ransomware losses. Healthcare ranked second. Business interruption costs made up 51% of total ransomware-related losses.

AI: Friend and Foe in the Cyber Arena

AI is now central to both cyberattacks and cyber defense. Criminals use AI to automate hacking and scale attacks. “Cybercrime-as-a-Service” platforms are increasingly offering AI-enhanced tools to would-be hackers.

Munich Re warns that these developments are lowering entry barriers. As Stefan Golling, Board of Management member at Munich Re, put it, “Organizations can only be successful if they strengthen their digital defenses with robust, multi-layered risk management.”

Business Email Compromise: More Dangerous with GenAI

BEC and BCC scams surged in 2024. Criminals impersonate executives to trick employees into transferring money or data.

Now, attackers are using GenAI to make emails and messages nearly indistinguishable from legitimate communications. They’re even mimicking local accents in voice phishing (vishing) attempts.

According to Munich Re, these scams now involve over 500,000 people, many working under duress in Southeast Asian “fraud factories.” The FBI estimates that global BEC losses have exceeded $55 billion in the past decade.

Data Breaches: Login Credentials Fuel Dark Web Markets

The average cost of a data breach rose 10% in 2024, hitting $4.88 million. More than 5.5 billion accounts were compromised. Much of the data was sold on dark web forums.

“Shadow data”—unmanaged and untracked by IT—was involved in over a third of the breaches. These breaches typically take longer to contain and cost more.

Infographic from Munich Re highlighting key cyber risk hotspots: Ransomware, Scams, Supply Chain, and Data Breach. It shows a record ransomware payment of M, B in scam losses over a decade, 5.5B accounts compromised in data breaches, and an expected B economic cost from supply chain attacks by 2025. Other details include average data breach loss of .88M, GDPR fines of €1.2B, and scam farms involving 0.5M individuals. Used in article about cyber insurance 025
Supply Chains: Cybercrime’s Favorite Target

Supply chain vulnerabilities are among the most pressing cybercrime threats. Munich Re calls them society’s “Achilles’ heel.”

  • 45% of organizations expect major supply chain cyberattacks by 2025.
  • 54% of large firms cite supply chain issues as their top resilience challenge.
  • Cloud provider breaches rose by 75% in 2023, mainly due to weak credentials.
See also  Cyber Insurance Sunday

Experts expect software supply chain attack costs to climb from $60 billion in 2025 to $138 billion by 2031.

Nation-State Attacks and Digital Warfare

State-sponsored hackers are increasingly targeting critical infrastructure such as energy, telecom, and transportation. Between January 2023 and January 2024, critical infrastructure faced over 420 million attacks, up 30% from the year before.

These cyberattacks are now considered national security threats, not just insurance concerns.

Mis- and Disinformation: AI Makes It Worse

Munich Re warns that AI is supercharging disinformation. Through techniques like “LLM grooming,” attackers flood large language models with false content to manipulate outputs.

Businesses are vulnerable, too. Fake news and reputational damage can now be generated and spread faster than ever. Gartner predicts that by 2028, companies will spend over $30 billion annually to fight misinformation.

Quantum Computing: Threat Looms Over Encryption

Quantum computing poses a future risk to today’s encryption methods. Though still emerging, some attackers are believed to be stealing encrypted data today to decrypt later with quantum power.

Cyber Insurance Market Remains Resilient

Munich Re reports that the global cyber insurance market totaled $15.3 billion in 2024, with North America holding a 69% share.

Europe grew at a 26% CAGR from 2020–2024, reaching $3.3 billion. Growth is expected to continue, especially in Asia and Oceania.

CEO Thomas Blunck emphasized the market’s critical role: “Cyber protection is becoming more and more important. Yet many organizations still lack adequate coverage.”

Protection Gap Still Widespread

Despite growing threats, most cybercrime risks remain uninsured. Many small businesses are unaware of their vulnerabilities or can’t afford coverage.

See also  New Berkley Cyber Risk Coverage Eases Burdens on Incident Response Teams

Munich Re’s Chief Underwriter Cyber, Jürgen Reinhart, explained, “Large-scale attacks, non-malicious outages and critical dependencies are cyber risks insurers are able to address. Understanding accumulation scenarios and systemic cyber risks is key.”

Building Resilience Together

Munich Re highlights five investments critical for long-term resilience:

  1. Domain Expertise
  2. Data Collection and Analytics
  3. Underwriting Models
  4. Security Standards
  5. Transparency in Risk Appetite

The company aims to bridge the gap for smaller and underinsured organizations through strategic partnerships and cross-industry collaboration.

Other News: The $26 million Video Call from Hell: Munich RE(Opens in a new browser tab)

Martin Hinton

Martin Hinton is the Executive Editor and Publisher of Cyber Insurance News and Information. With over three decades of journalism experience across six continents, his work encompasses investigative reporting, documentaries, and coverage of cultural, political, and business news. To learn more about his career, click on his name to visit his LinkedIn page.

×