7 August 2025
Cyber Insurance Market Update 2025
The cyber landscape in 2025 is shaped by innovation and risks evolving in tandem. As digital transformation accelerates and AI adoption scales, this new wave of digital dependencies is laying bare critical vulnerabilities that are now prime targets of increasingly sophisticated cyberthreats.
INTRODUCTION AND MARKET CONDITIONS
Adding to the pressure is a complex and layered risk environment: geopolitical instabilities, fragile supply chains, fragmented global regulations and a widening talent gap. Today, staying cyber-resilient relies more than ever on a mix of proactive risk planning and smart, insurance-backed risk transfer that keeps up with the changing threat landscape. Building on these challenges, the cyber insurance market in 2025 reflects a new level of maturity, both in scale and resilience
KEY UPDATES
- A more mature, resilient market: The global cyber insurance market is slated to expand from USD16.66 billion in GWP (gross written premiums) in 2023 to a projected value of USD120.47 billion by 2032. This predicted growth, at a compound annual growth rate (CAGR) of 24.5% from 2024 to 2032, is reinforcing the market’s ability to absorb events such as Crowdstrike and ChangeHealthcare without triggering a shift in market dynamics.
- Buyer-friendly environment: Market sentiments remain somewhat soft, and it is currently a ‘buyers’ market’ with favourable terms, broader access and competitive pricing.
- Consistent coverage: Core policy languages remain relatively steady even in the face of evolving claims and risks, with minor restrictions in niche areas like biometric privacy and supply chain interruption. Improved underwriting consistency: After navigating a steep learning curve during the last hard market, underwriters are now more comfortable with reduced information requirements and consistently follow established risk assessment processes.
- Rates remain competitive: Premium rates have stabilised, reflecting a reduction of about 5-15% on most renewal programmes, following the significant 10%-30% rate decline of the previous years. While most industries experience a flattening of rates, notable shifts persist in verticals such as healthcare, transportation, retail and higher education.
THREAT LANDSCAPE
Cyber insurance is, by nature, a dynamic market that welcomes shifting yet more sophisticated cyber risks with its innovations. In 2025, key threats include the resurgence of ransomware, the emergence of AI-driven attack methods, widening supply chain vulnerabilities and rising geopolitical tensions contributing to state-linked cyber campaigns.
Insurers are now moving beyond traditional underwriting, taking a more active, consultative role in helping organisations keep pace with evolving threat patterns, often leveraging claim trends to highlight adaptive risk strategies. For instance, insurers flagged payment fraud as a leading driver of claims in 2025 Q1, a pattern that was echoed by a spike in business email compromise incidents, often the entry point of social-engineered financial scams. In an increasingly volatile threat landscape, these patterns reinforce the value of the tripartite relationship between broker, insurer and client, which goes above and beyond risk transfer.
“Our focus today is on helping clients understand, identify and mitigate their cyber risks.” NICK BARKER Technology & Cyber Practice Leader at Gallagher
TYPE OF THREAT SCENARIOS
RANSOMWARE
Ransomware remains the top cyber threat in 2025, marked by a sharp rise in ransom payments and the spread of double and even triple extortion tactics. Ransomware claims have climbed 32.5% in 2024, in tandem with ransomware incidents re-approaching peak levels of 2021. High-profile incidents involving UK retailers and even global luxury brands underscore their continued dominance and evolution.
On 22 April 2025, M&S confirmed that a cyber attack had disrupted its online ordering systems. The breach is believed to have begun as early as February, with threat actors deploying the Russian DragonForce ransomware strain. The attack wiped out 9% of M&S’s share value — around EUR 700 million — and could cost an additional EUR 300 million in the upcoming year, exacerbated by an inadequate cyber insurance limit.
Just days later, Co-op faced a similar ransomware attack. While operational disruption appeared limited, the attackers claimed to have exfiltrated the data of over 20 million individuals. Notably, Co-op did not have cyber insurance coverage in place, a decision that may carry significant financial repercussions.
More recently, North Face and Cartier have come under the throes of ransomware as well, following a wave of targeted cyber attacks on luxury retail brands like Harrods, Adidas, and Victoria’s Secret.
All these breaches involved sophisticated social engineering, with attackers impersonating IT help desks and tricking employees into revealing credentials. These cases highlight an ongoing trend: ransomware actors increasingly exploit human vulnerabilities, combining technical precision with psychological manipulation.
SUPPLY CHAIN VULNERABILITIES
In 2024, threat actors shifted focus towards service providers and IT infrastructure firms, exploiting their access to reach a larger target, underscoring the urgency for end-to-end supply chain resiliency. For instance, the US healthcare sector faced multiple breaches involving billing and data processing vendors, crippling operations and exposing sensitive data.
In the UK, the Synnovis ransomware disrupted pathology services across London hospitals. A ransomware attack crippled CDK’s management software, disrupting thousands of auto dealerships across the US, reportedly culminating with a whopping USD 25 million ransom payment.
These incidents bring to light a critical truth: As attack methods grow more lateral, it is no longer sufficient to focus on internal factors like network security and employee management; identifying single points of failure across the digital supply chain is just as important.
AI INFLUENCE
2024 witnessed threat actors widely adopt AI to scale and sharpen attacks, from crafting convincing phishing emails to automating malware delivery, thus exposing vulnerabilities with speed and precision. In 2025, this trend will most likely continue, thanks to the sheer ease of accessibility to AI-based phishing tools, which now costs threat actors as little as USD 50 to execute.
On the fringe, AI-designed audiovisual deepfakes are deployed to impersonate senior executives to authorise fraudulent transactions. Although rare, these vishing attacks may be highly effective, signalling a glimpse of what’s possible and what companies should watch out for in the future. As AI becomes more embedded in global business practices, balancing innovation with strong governance and detection controls has become the need of the hour, alongside securing robust insurance you can fall back on.
ONGOING GEOPOLITICAL CONFLICTS
On a broader scale, geopolitical instabilities have also been conducive to an uptick in cyber risks globally. Beyond just the heightened sense of unease, such tensions may lead to state-sponsored, targeted cyber attacks, which can ripple across global supply chains.
Recently, Chinese state-sponsored attacks on major US telecommunication players like AT&T and Verizon exploited vulnerabilities in network devices to gain access to sensitive metadata and disrupted the global communication space. This attack is a stark echo of the 2017 NotPetya attacks. Widely attributed to Russian state actors and initially targeting Ukrainian businesses, the vulnerability quickly spread through global IT firms, crippling operations and causing billions in losses.
Such vulnerabilities repeatedly highlight how regional conflicts can evolve into a widespread threat, especially in a global, interconnected market.
A NEW ERA OF CYBER REGULATIONS
As cyber risks become more dynamic in nature, global regulators are moving towards a more nuanced legal environment with an emphasis on greater accountability across the chain and proactive cyber risk management. Several key factors are driving this shift: Stronger Protection for a Digital Economy: With digitisation at the heart of every industry, regulators are expanding their protections to promote digital resilience. The EU’s Digital Operational Resilience Regulation (DORA) sets ICT (Information and Communications Technology) risk standards for financial services, while the upcoming Cyber Resilience Act outlines security requirements for digital products, ensuring security by design, better incident reporting, and consistency across the digital economy.
Tighter Oversight Over Critical Infrastructure: The past few years of polycrisis have revealed just how exposed critical infrastructure is to cyber threats, with ripple effects that can disrupt entire economies. In response, regulators are pushing for stronger mandates with heavier penalties for data breaches. In the US, for example, the proposed HIPAA updates — aimed at bolstering healthcare resilience — increase penalties up to 40% for all tiers, even for accidental breaches and first-timers. Meanwhile, the EU’s NIS2 directive expands cybersecurity requirements for essential and digital service providers, with fines of up to EUR 10 million, thus driving greater accountability across supply chains and critical systems.
A Holistic Approach to Tackling Ransomware: In response to the surge in ransomware incidents across various sectors, regulators are diligently working to implement a more comprehensive and stringent approach to combat these threats. For instance, the UK’s forthcoming ransomware legislative proposals aim to curtail payments to cybercriminals by restricting public-sector and critical-sector organisations from making such payments. Additionally, the proposals emphasize the importance of engaging with authorities before ransomware payments and establishing a time-sensitive incident reporting framework for suspected victims.
However, while these measures are well-intentioned, they may inadvertently slow down an already urgent process. Given the aggressive nature of some ransomware groups, this delay could critically impact the operational continuity of affected businesses.
IMPLICATIONS AND CONSIDERATIONS FOR INSUREDS
A POTENTIAL HARDENING MARKET IN THE UPCOMING YEARS
- 2026 and beyond could feature more expensive premiums for certain industry sectors or lack the flexibility for customisation that the market shows currently.
- Exposures and claims are testing existing language, creating broader concerns for profitability. This may force rate increases, prompting the market to eventually shift.
- Pricing trends show that sharp spikes are not anticipated, and pricing trends are expected to remain more measured given the market’s increased maturity.
COVERAGE DYNAMICS
- Bespoke policy coverage allows clients to capitalise on cyber product innovation to tailor policy coverage to their specific wishes.
- Emerging technologies are being noticed, with shifts towards emerging technologies in cyberspace, such as the introduction of affirmative AI language in policies.
- Emerging risks like deepfakes and AI-based exploitation may still not be adequately covered under traditional policies, necessitating policy reviews and potential endorsements to plug the gaps.
CLAIMS COMPLEXITY POSES A CHALLENGE IN NICHE MARKETS
- Healthcare breach: The Change Healthcare breach of 2024, which affected 100 million US citizens and encompassed nearly 50% of all US healthcare claims, continues to impact the healthcare scenario regionally and globally.
- Litigation surge is evident with a surge in litigations related to meta pixels and tracking technology, the ripples of which are being felt by peripheral industries as well.
- Retail sector breaches, such as the M&S and Co-op ransom threats, have brought the sector to the forefront as a priority area needing urgent attention.
- Transportation sector vulnerability was highlighted by the CDK incident, which has potentially spiked premiums across the sector.
PRICING HOLDS STEADY FOR MOST SECTORS
- Market stability from a capacity and limits perspective, the overall market has remained relatively stable with an abundance of capacity available. Carriers are readily willing to commit approximately GBP 10 million (or currency equivalent on most risks). For now, most industry sectors continue to experience business as usual with competitive pricing leading to rate reductions. A common trend is insureds reinvesting the premium savings into higher limit deployment.
- Sector-specific tightening is occurring in specific sectors like healthcare, retail, and higher education, which have seen a spike in claims in recent years. Underwriters have indicated a potential adjustment in rates by 2026.
“While rating adequacy is getting squeezed alongside a more distressed claims environment, profitability remains. Ultimately, this all points to a more mature market; while events continue to unfold, carriers do not need to react with the same urgency as they did in 2020.” NICK BARKER Technology & Cyber Practice Leader at Gallagher
SUMMARY
The 2025 cyber insurance market has been characterised by flexible policy coverage and pricing. While rates stabilise from the heightened reductions of previous years, competition remains strong as the market continues to lean in the buyer’s favour.
There is currently a healthy abundance of capacity, and the market continues to observe greater flexibility in underwriting and security controls. The competition and growth strategies in underwriting have led to better premiums and favourable terms, making this year the best time to negotiate unique and broad coverage. Underwriters right now have a greater risk appetite to cover clients they historically might not have covered.
Nevertheless, tides are shifting, with a heightened threat environment, the proliferation of AI-enabled attacks, and imbalanced claims versus premiums at play. As cyber risks and claims evolve, insureds must prioritise cybersecurity enhancement through a lens of both risk management and risk transfer. Partnering with consultancy-led risk management and insurance practices like Gallagher can help organisations navigate the complex cyber risk scenario comfortably and enable cushioning against the upcoming years.
Let's talk
The Walbrook Building 25 Walbrook London, EC4N 8AW
Arthur J. Gallagher (UK) Limited is authorised and regulated by the Financial Conduct Authority. Registered Office: The Walbrook Building, 25 Walbrook, London EC4N 8AW. Registered in England and Wales. Company Number: 119013.