Markets In Focus

Cyber
Market Update

Q2 2025

Download PDF
Cyber Insurance Marketplace
Cyber Risk Environment

Cyber Insurance Marketplace

Cyber continues to be a competitive market though the first quarter of 2025 and rates remain stable as carriers continue to look to take in premiums. Even when price declines are slowing, this is due more to stabilization than a hardening of the market. All of this is taking place despite the growing frequency and severity of cyber claims.

Good terms are readily available, especially for organizations with strong IT security and privacy policy compliance. Even for organizations who have yet to enact robust security measures, some carriers are looking to retain business by offering coverage enhancements if they cannot be flexible on rate.

Rates and renewals are steady across industries as IT security controls become standardized and the severity of claims is better managed by most markets. Contingent business interruption losses illustrate that vendor dependency creates as much exposure to cyber claims today as does direct cyber threats.

Organizations that have filed a cyber insurance claim will have additional scrutiny at renewal. Carriers will want to know what occurred and how, and they will want to see the steps taken and controls implemented to prevent recurrence.

Cyber Premium Pricing

The following survey response data from the Council of Insurance Agents & Brokers’ Commercial Property/Casualty Market Report covering Q1 2025. Cyber premiums decreased an average of 2.1% in the first quarter of 2025,the second-largest premium decrease for all P&C lines.1

Cyber Risk Environment

Cyber Risk Environment

Cyber insurers are taking long looks at their insureds’ management of risks presented by cyber events affecting vendors. Vendor dependencies are an increasing risk exposure which opens companies to vulnerabilities for criminals to exploit. In 2024, third-party related attacks were the leading cause of cyber insurance claims, accounting for 31% of all claims and 24% of material losses.2 According to Coalition Insurance, the average third-party breach claim was $42,000.3

Exposure of wrongful collection can be an internal issue within an organization or through use of third- party technology, such as the ongoing litigation regarding Meta Pixel’s video tracking.4 Dozens of lawsuits have been brought against organizations in industries such as media and health care as a result of their use of Meta’s Pixel tracking. Organizations can be liable for issues including when trackers are not properly configured, or they are unaware of the data that these tracker tools are collecting.

Third party victims downstream from cyber-attacks can still be impacted by data breaches, even after events of the original breach are resolved. Incidents like the PowerSchool ransomware attack, which was discovered in December 2024, illustrate this aspect of third-party vulnerabilities. Even after PowerSchool paid $2.85M, the criminals continue to send extortion emails to third-party schools, proving they had personal data of children attending their institutions.5

Companies in consumer-facing and manufacturing industries such as agriculture, food and beverage, mining, and plastics, filed the most cyber claims while companies in the energy industry filed the largest cyber claim amounts.6 Overall, cyber claims of over $1M were up 14% in the first half of 2024 with the highest percentage occurring in the United States.7

Organizations are encouraged to take proactive steps to avoid becoming victims of their vendors’ cybersecurity incidents or at least minimize the impact of these incidents.8

Contact
Tim
Burke EVP, Head of Cyber | Commercial E&O

Contributors

Tim Burke
EVP, Head of Cyber | Commercial E&O

William Boeck
EVP, Cyber Product Leader

Jim Millar
Account Executive, Cyber Risk Solutions

Angela Thompson
Senior Marketing Specialist, Market Intelligence & Insights

Brian Spinner
Senior Marketing Coordinator, Market Intelligence & Insights

Sources
  1. Vasile, Nicole, and West, Zachary. (2025, May 15). Most Lines of Business Softening, Litigation Influencing Others, The Council’s Q1 2025 P/C Market Survey Show. CIAB. https://www.ciab.com/resources/news-releasemost-lines-of-business-softening-litigation-influencing-others-the-councils-q1-2025-p-c-market-survey-shows/ ↩︎
  2. CeFPro Connect. (2025, March 10). Third-Party Cyber Risks Drive Surge in Insurance Claims, Report Finds. CeFPro Connect. https://connect.cefpro.com/article/view/third-party-cyber-risks-surge#:~:text=Third%2Dparty%20cyber%20risks%20are,management%20and%20proactive%20cybersecurity%20measures.&text=%EF%BB%BF%EF%BB%BF%EF%BB%BF%EF%BB%BFThird,supply%20chains%20and%20legacy%20systems ↩︎
  3. Geller, Eric. (2025, May 7). Ransomware claims dipped slightly in 2024, cyber insurer says. Cybersecurity Dive. https://www.cybersecuritydive.com/news/ransomware-cyber-insurance-coalition-report/747474/?utm_source=Sailthru&utm_medium=email&utm_campaign=Issue:%202025-05-08%20Cybersecurity%20Dive%20%5Bissue:72993%5D&utm_term=Cybersecurity%20Dive ↩︎
  4. IAPP. (2022, October 22). Nearly 50 class actions filed over Meta Pixel’s video tracking. IAPP. https://iapp.org/news/b/nearly-50-class-actions-filed-over-meta-pixels-video-tracking ↩︎
  5. Collier, Kevin. (May 20, 2025). 19-year-old accused of largest child data breach in U.S. agrees to plead guilty to federal charges. NBC News. https://www.nbcnews.com/tech/security/alleged-hacker-largest-breach-us-childrens-data-agrees-plead-guilty-rcna207963 ↩︎
  6. Geller, Eric. (2025, May 7). Ransomware claims dipped slightly in 2024, cyber insurer says. Cybersecurity Dive. https://www.cybersecuritydive.com/news/ransomware-cyber-insurance-coalition-report/747474/? ↩︎
  7. R&I Editorial Team. (2024, October 9). Data and Privacy Breaches Fuel Cyber Insurance Claims Surge. Risk & Insurance. https://riskandinsurance.com/data-privacy-breaches-fuel-cyber-insurance-claims-surge/ ↩︎
  8. Burke, Tim, Boeck, William, and Thompson, Angela. (2024, April 24). Managing Cyber Supply Chain Risk. https://imacorp.com/insights/cyber-risk-in-focus-q2-2024 ↩︎