Cyber Insurance Premiums Surge 30% in 2025 Amid Ransomware Spike and Stricter Underwriting

On May 16, 2025, reports confirmed that cyber insurance premiums have increased by an average of 30% year-over-year, driven by a relentless surge in ransomware attacks and stricter underwriting requirements. The global cyber insurance market, valued at approximately $16.3 billion in 2025, is grappling with heightened risks from sophisticated cyber threats, including AI-driven attacks and supply chain vulnerabilities. Insurers are responding by tightening policy terms, demanding robust cybersecurity measures, and limiting coverage for high-risk sectors, leaving businesses facing higher costs and fewer options.

The rise in premiums follows a 74% increase in ransomware losses reported by the FBI in 2023, with payments spiking to $1.1 billion, a trend that continued into 2024. Munich Re’s 2025 Cyber Risk Report notes that ransomware remains the leading cause of cyber insurance claims, with new variants like Ransomhub and FOG leveraging “self-service” models to enable less-skilled cybercriminals to execute sophisticated attacks. A notable example is the July 2024 CrowdStrike outage, which, while not malicious, caused widespread disruptions across airlines, banks, and healthcare, underscoring systemic vulnerabilities and prompting insurers to scrutinize third-party risk management.

Insurers are now mandating stringent cybersecurity protocols, such as multi-factor authentication (MFA), zero-trust architecture, and comprehensive incident response plans, to qualify for coverage. According to Woodruff Sawyer’s 2025 Cyber Looking Ahead Guide, 51% of businesses must demonstrate MFA compliance, and 48% of underwriters predict further premium increases due to evolving threats like AI-powered phishing and deepfake scams. A Hong Kong firm’s $25.6 million loss to a deepfake video scam in 2024 exemplifies the growing sophistication of these attacks. Companies failing to meet these standards face sky-high premiums, policy exclusions, or outright denials, with 44% of claims denied in 2024 due to policy exclusions, per CyberMaxx.

Social media posts on X reflect growing frustration, with business owners lamenting the “unaffordable” cost of coverage and some small and medium-sized enterprises (SMEs) opting to forgo insurance altogether. Only 10% of SMEs have cyber insurance compared to 80% of large corporations, according to Swiss Re, making them prime targets for cybercriminals exploiting weak security. The Gallagher 2025 Cyber Insurance Market Outlook warns that supply chain attacks, which surged 742% in 2023, and regulatory pressures, like Canada’s pending Bill C-27, are further driving underwriting scrutiny.

Despite the hardening market, the cyber insurance sector remains profitable, with S&P Global Ratings reporting solid underwriting margins in 2024 and a projected market size of $23 billion by 2026. Reinsurers are expanding capacity through insurance-linked securities and catastrophe bonds, but stricter terms, such as war exclusions for state-sponsored attacks and 8- to 12-hour deductibles for business interruption, limit coverage scope. The Merck vs. Ace American Insurance case in 2024, where a court ruled the NotPetya attack was not excluded under a war clause, has prompted insurers to refine policy language to avoid similar payouts.

Businesses are urged to invest in proactive cybersecurity, including Managed Detection and Response (MDR) services and regular penetration testing, which can reduce premiums by up to 20%, per Compass IT Compliance. As cyber threats evolve, with 560,000 new malware strands daily and a projected $24 trillion in global cybercrime costs by 2027, cyber insurance is no longer optional but a critical component of risk management. Companies must balance rising premiums with robust security to navigate this challenging landscape.