According to Woodruff Sawyer & Co.’s annual survey released Monday, 58% of cyber insurers expect cyber risk will increase “slightly” in 2025. This marks an increase from 44% in 2024 but remains lower than 74% in 2023.
Cyber insurance rates dropped for many businesses in 2024, with 66% of Woodruff Sawyer clients experiencing cost reductions.
But, the analysis comes with about as big an “if” as you can imagine. This line delivers that “if”: “We expect rate decreases to continue as we move into 2025, barring any widespread cyberattacks that result in a greater financial impact than any event we’ve seen.”
The future does indeed have plans all its own.
Below are some more takeaways from Woodruff Sawyer & Co.’s report.
Key Trends in Cyber Insurance for 2025
Data Collection Coverage Remains Uncertain
Cyber insurance coverage for wrongfully collected information remains unsettled. Insurers frequently negotiated terms in 2024, a trend likely to continue this year.
Cybersecurity Tools Offered by Insurers
More insurers began providing cybersecurity tools directly in 2024. This trend strengthens their role in cyber risk management.
CISO Liability Coverage Expands
Carriers now offer stand-alone policies for chief information security officers (CISOs). This supplements cyber and directors and officers (D&O) policies.
Third-Party Risk Management Under Scrutiny
Insurers demand stronger contractual protections, cybersecurity certifications, and vendor-purchased cyber insurance for third-party risk management.
Emerging Cyber Risks in 2025
Technology Supply Chain Attacks
Delayed vulnerability patching allows hackers to exploit flaws for months or years. Insurers will intensify underwriting scrutiny on vendor risk management.
SEC Enforcement and Cybersecurity Regulation
A Republican-led SEC could reduce cybersecurity-related regulatory risks for public companies and CISOs. However, compliance remains essential.
Artificial Intelligence (AI) Risks
AI adoption is increasing, but many risks remain unknown. Businesses may need cyber insurance to mitigate potential AI-related liabilities.
Privacy Violations and Non-Breach Claims
Privacy litigation under laws like the Video Privacy Protection Act (VPPA) is rising. Companies must ensure they have clear user consent policies.
Underwriters Expect Increased Cyber Risk and Premiums
A survey of cyber insurance underwriters found:
- 37% expect cyber risk to increase significantly in 2025.
- 48% predict higher premiums.
- 53% foresee expanded coverage.
- 26% anticipate less underwriting scrutiny, up from 12% in 2024.
Cyber insurance remains a critical safeguard as businesses navigate evolving digital threats.
