The cyber insurance market is at a turning point, with ransomware attacks becoming more frequent and complex. However, cyber insurance professionals are observing fewer payouts and greater resilience among policyholders. This shift is attributed to improved cyber hygiene and smarter underwriting practices by insurers.
Changing Ransomware Landscape
Christa Johnson, team lead of the cyber product group at Gallagher Bassett, notes that while ransomware attacks are booming, the number of payments has decreased. “Ransomware is always booming,” she said. “But now, we’re seeing more incidents, and generally, fewer payments, which I do attribute to all the insurers and companies being better with their cyber hygiene.” Verizon’s data breach investigations report supports this observation, showing that only 36% of organizations paid ransom in 2024, down from previous levels, with median payouts dropping from $150,000 to $115,000.
At-Bay, an insurer, reported a 19% increase in ransomware incidents and a 13% rise in their severity, yet fewer payouts were made. This trend indicates a more mature threat ecosystem where cybercriminals are adapting their tactics.
The Role of AI in Modern Ransomware Attacks
The evolving tactics of cybercriminals, including the use of artificial intelligence (AI), are making attacks more stealthy and convincing. Johnson highlighted that phishing emails are now professionally crafted using generative AI tools, making them harder to identify as scams. “They’re beautiful, unfortunately,” she said. “And it’s harder for employees to recognize them as scams.”
Sophie Law, senior cyber underwriter at Arch Insurance, echoed these concerns, noting that ransomware remains a significant issue with added systemic implications. Recent high-profile cyberattacks on UK retailers have shown that large-scale breaches can have global ripple effects.
Adapting to the New Cyber Insurance Landscape
As the threat environment shifts, cyber insurers are adopting new underwriting strategies, localized solutions, and creative collaboration. Law described the cyber insurance market as “buoyant” despite increased competition, with a need for underwriters to differentiate themselves through innovative solutions.
Johnson emphasized the importance of adaptability and collaboration in the cyber insurance ecosystem. “The cyber landscape is ever-changing,” she said. “Sometimes it’s hard to get everyone talking – underwriting, claims, brokers – but that collaboration is going to be the most important thing moving forward.”
Key Considerations for Brokers and Clients
In a crowded and evolving market, experts stress that affordability shouldn’t be the only consideration. Brokers should focus on policy quality, claims support, and carrier stability, especially when emerging technologies and systemic risks could lead to large-scale losses. Law advised that “the cheapest price is not necessarily the best price.”
Conclusion
The cyber insurance market is navigating a complex landscape of increasing ransomware attacks and improving cyber hygiene. As the market continues to evolve, ongoing education and collaboration will be crucial for staying protected. “It’s important to stay informed and keep up with cyber trends and claims,” Johnson said. “The more we talk, the better off everyone is.”
