Cyber

Market Update

Cyber Insurance Marketplace

Abundant cyber insurance capacity persisted throughout the first half of 2025. Cyber continues to be a profitable insurance line, and insurers are focusing on growing their cyber books. Insurers are backing an ever-increasing number of cyber MGAs that usually focus on small and middle market organizations.

Insurers continue to innovate with respect to coverage. Several insurers have released new policy forms in 2025 that broaden coverage, address a few pain points, and add features that will be popular with insureds. Nevertheless, insurers are tightening up language around third-party risk exposures, especially when it comes to vendor responsibilities, data handling, and breach response.

Insurers also continue to invest in providing meaningful risk control services. These can be truly beneficial for organizations that take advantage of them.

Premium decreases are still possible for organizations that embrace practices to manage their privacy and cybersecurity risks. The size of decreases has moderated, though; now they are typically limited to 10% or less.

All of this paints a picture of a healthy cyber insurance marketplace for insurers and for buyers. It speaks well for the industry that this is the case in the face of a challenging risk environment.

Cyber Premium Pricing

The following survey response data from the Council of Insurance Agents & Brokers’ Commercial Property/Casualty Market Report covering Q2 2025. Cyber premiums fell an average of 1.5%.¹

Cyber Risk Environment

Ransomware

As is so often the case, ransomware was a dominant trend in the first half of 2025. In the second quarter alone, the average ransom paid increased by more than 100% to $1.13 million.² That number isn’t the result of a few big ransoms being paid. The median ransom also increased by 100% to $400,000. A third of all attacks were against organizations with fewer than 100 employees or less, and another third against those with 101 to 1,000 employees.³ 74% of all attacks involved the theft of data from victims. The good news is that only 26% of ransomware attacks in 2Q2025 resulted in ransom payments—a reflection of growing resilience on the part of organizations.

The role of third parties in high-profile ransomware attacks is significant. Threat actors are compromising vendors as a means to get inside the IT systems of their intended victims. An attack in May against a well-known cryptocurrency exchange is a good example. The exchange used IT vendors outside the U.S. In an unusual turn of events, instead of hacking into the vendors’ computer systems, the threat actor simply bribed the vendors’ employees to give them information about the exchange’s customers that was then used to trick those customers into sending funds to the threat actor.

Supply Chain Attacks

Attacks on supply chain vendors continue to produce significant disruptions and losses for their customers. In June, a cyberattack impacted a large food wholesale distributor of food supplies to grocery stores across the U.S., and to many regional and local natural foods grocers. The company reported that the attack would likely have a significant financial impact, including reduced sales, increased operational costs, and expenses related to investigating and fixing the breach.⁴ The cascading effects of such were immediate. Disruptions left store shelves empty and affected businesses relying on the company to supply goods for sale. The disruptions continued throughout July and into August.

Emerging Threats

New attack vectors continue to emerge. GPS spoofing—as seen with the May 2025 grounding of MSC Antonia in the Red Sea—shows how cyber threats extend beyond traditional IT systems. Spoofing occurs when a fake GPS signal is broadcast to a receiver, tricking it into believing it’s in a location other than its actual position. This can disrupt navigation systems, misdirect vehicles, and even manipulate location-based applications.⁵