Estimated reading time: 5 minutes
Soft Cyber Market Faces Intensifying Ransomware Risk
Ransomware continues to spread while cyber insurance pricing weakens, according to CyberCube’s Global Threat Briefing H2 2025. The report warns that capacity still exceeds demand after three straight years of rate decreases. Competition pushes carriers to relax premiums, limits, and cyber coverage terms. At the same time, threat actors are growing more aggressive and global. CyberCube says this mismatch demands sharper analytics, tighter underwriting discipline, and careful growth strategies.
CEO Pascal Millaire calls cyber insurance “one of the most attractive opportunities in the property and casualty sector.” He links that opportunity to the world’s rising dependence on technology, data, and artificial intelligence.
Ransomware Spreads Beyond Traditional Hotspots
Ransomware now hits nearly every central region and sector. A world map in the report highlights heavy activity in the United States, reflecting its scale and advanced digitalization.
CyberCube’s analysis shows rapid growth in Latin America, Africa, the Middle East, and parts of Asia. These regions face fast digital adoption, patchy cyber defenses, and rising geopolitical tensions.
The report links the acceleration of ransomware in these markets to four macro forces. These include weak rule of law, corruption, opaque financial systems, and conflict dynamics. Growing digital interdependence also expands systemic exposure across borders.
For cyber insurers, this spread of ransomware reshapes accumulation models and country appetites. Portfolios tied too heavily to any one region risk correlated losses from a single large campaign.
CyberCube’s Analysis Shows Public Sector Exposure and Opportunity
CyberCube uses the Public Sector as a central case study. The sector has high exposure, a mixed security maturity, and a growing reliance on digital systems.
A chart on page six positions industries by exposure and security posture. Public entities sit near the midline. They lag sectors such as Energy, Utilities, Oil and Gas, and Aviation. They still rank ahead of some Financial, Retail, and Manufacturing organizations.
CyberCube’s analysis shows several key points for insurers:
- Many public entities remain heavily exposed yet insufficiently secured.
- Systemic risk is elevated but offers material growth potential.
- Treating the entire sector as uniformly unattractive leaves profitable niches untouched.
Since 2023, public bodies worldwide have reported more than 1,300 cyber incidents. The United States and Germany are in the lead as a result of network size and disclosure rules. Other G7 states, including France, the United Kingdom, Canada, Italy, and Japan, confront growing espionage and infrastructure threats.
Budget Pressures and Misconfigurations Keep Public Bodies Exposed
The report notes some improvements in cyber hygiene. Public institutions now refresh outdated technologies more consistently. However, network misconfigurations persist as a leading cause of vulnerability.
Exhibit 4 tracks negative cyber signals such as unpatched software and poor configurations. These indicators often worsen first during budget cuts and staffing shortages.
CyberCube stresses that many organizations in this sector are both highly exposed and under-secured compared with global averages. Yet it also identifies “pockets of opportunity” for insurers that can distinguish well-managed entities from laggards.
State and Local Governments: A Testbed for Underwriting Innovation
The report highlights state and local government executive offices, classified under SIC 91, as a promising subsector.
Exhibit 5 and Exhibit 6 show wide variance in security posture across G7 state and local offices. Some maintain robust controls, while others struggle with basic hygiene.
CyberCube argues that this diversity supports granular segmentation. (Re)insurers can:
- Focus on lower-risk administrative programs.
- Apply tiered pricing aligned to measurable controls.
- Charge appropriate rates for riskier clusters, rather than exiting altogether.
Such approaches may help carriers write Public Sector Ransomware risk profitably, even in a soft market.
Get The Cyber Insurance News Upload Delivered
Subscribe to our newsletter!
LockBit 5.0 Sharpens Focus on Portfolio Threat Actors
LockBit 5.0 remains a major ransomware strain targeting public bodies with legacy systems and limited security resources.
Using its Portfolio Threat Actor Intelligence (PTI) platform, CyberCube evaluates organizations’ susceptibility to LockBit’s tactics and preferred technologies. PTI splits portfolios into low-to-high risk tiers based on tech stacks, size, industry, and known vulnerabilities.
CyberCube finds that 53% of state and local government offices worldwide face high risk from LockBit. These entities combine targeted technologies with notable security gaps.
About 16% of this segment shows both high exposure and weak controls. Roughly 19% pairs high exposure with strong cyber defenses.
This variation creates room for selective underwriting. Carriers can support clients that invest in controls while pricing or limiting capacity for laggards.
Analytics Point the Way Through Lean Conditions
The report emphasizes that cyber (ransomware) insurance growth must become more diversified. Future expansion depends on underinsured SMEs, new geographies, and emerging classes such as AI-driven risk.
William Altman, Head of Cyber Threat Intelligence Services and report author, underlines this pivot. He states that as the market approaches 2026, success will depend on “precision, insight, and the ability to align opportunity with exposure.”
CyberCube promotes its Exposure Manager, PTI, and Global Insurance Exposure Database as tools to guide that alignment. These analytics aim to translate complex cyber exposure into financial terms. They also support portfolio stress testing against specific threat actors and sectors.
Millaire notes that deeper corporate reliance on digital infrastructure will keep cyber risk frequency and complexity rising. He argues that cyber resilience and the insurance products behind it will become core elements of global risk management.
Watch Our Podcast On Ransomware Insurance and Negotiations
Conclusion: Turning Ransomware Pressure into Disciplined Growth
CyberCube’s latest briefing describes a market under pressure from two sides. Ransomware expands in scale and geography, while underwriting conditions soften.
Yet the report also outlines a path forward. Insurers can lean on advanced analytics, threat-actor intelligence, and fine-grained segmentation. They can target resilient Public Sector entities and fast-growing regions with transparent risk selection.
The message for cyber (re)insurers is clear. To thrive in a soft market, they must treat ransomware as a data-rich, insurable risk. Precision, insight, and disciplined diversification will separate sustainable growth from opportunistic capacity.
Related Ransomware and Cyber Liability Insurance Posts
