The RPC Annual Insurance Review 2025 highlights the growing risks in cyber insurance as attacks intensify and insurers adapt to evolving threats. Key issues include rising ransomware incidents, the impact of AI-driven fraud, and increased regulatory scrutiny worldwide.
The report assesses significant insurance trends across key international jurisdictions and multiple business lines, covering topics such as economic uncertainty, ESG risks, and climate-related claims. While the review is comprehensive, we have focused on the cyber elements, which reveal a fast-evolving threat landscape.
Cyber Insurance Market Expands as Attacks Increase
The demand for cyber insurance is rising as businesses respond to an increasing number of cyberattacks. Companies are strengthening cybersecurity measures to secure coverage, with 97% of insured organizations investing in cyber defenses. This has improved security posture, but cyber risks continue to grow.
In Asia, cyber insurance is expected to triple by 2025, driven by growing regulatory oversight. Hong Kong’s Securities and Futures Commission and Singapore’s Monetary Authority have tightened compliance requirements, encouraging businesses to seek more comprehensive cyber policies.
Ransomware Incidents Hit New Highs
Ransomware attacks reached record levels in 2024 despite improved security across organizations. Ransom payments remain a controversial issue. A UK study found that 53% of firms paid a ransom in 2024, up from 38% in 2023.
Cyber insurers are under pressure to limit ransom payments, as government agencies worldwide discourage them. In the UK, major insurance associations are working with the National Cyber Security Centre (NCSC) to make ransom payments a last resort.
Legal and Regulatory Changes Tighten Cybersecurity Compliance
In the U.S., the Securities and Exchange Commission (SEC) now requires companies to disclose material cybersecurity incidents and report their risk management strategiesannually.
In Canada, cyber insurance costs are rising due to growing cybercrime. The average data breach cost reached $7 million per incident, ranking third highest globally. Pending legislation, Bill C-27, may introduce stricter privacy regulations and increase corporate liability for data breaches.
AI and Deepfake Fraud Pose New Risks
AI-driven cyberattacks are becoming a significant threat. Attackers are using AI-generated deepfake videos and social engineering tactics for financial fraud. An employee in Hong Kong lost $25.6 million in a deepfake video scam impersonating its CFO.
War and Cyber Insurance – Policy Exclusions Tighten
The Merck & Co. v. Ace American Insurance Co. case set a significant precedent in cyber insurance. A U.S. court ruled that the NotPetya cyberattack, attributed to Russian state actors, was not excluded under the war clause. However, many insurers have since updated war exclusions to prevent similar rulings.
Outlook for 2025 – Stronger Cyber Insurance Policies Expected
Cyber insurers will continue refining policy terms to reduce coverage gaps. However, in conjunction with this, businesses must invest in robust cybersecurity frameworks as underwriters demand higher security standards. Regulatory scrutiny will remain high, ensuring cyber insurance remains a critical risk management tool in 2025.
