By continuing to access our website, you agree to our privacy policy and use of cookies.

Skip to Main Content

Press "Enter" to search

Cyber

Cyber Insurance Trends to Watch in 2025

Here’s what to monitor as cyber risks and guidelines evolve.

January 30, 2025

With the fast-changing nature of cyber threats, cyber insurance can be an especially volatile and dynamic segment. Frequent market changes can make pricing predictions difficult to pin down. The CrowdStrike and Change Healthcare incidents highlighted the greater impact of just one cyberattack across multiple organizations and business sectors. Given the potential impact of systemic events like these, insurers may implement stricter underwriting guidelines in 2025 and may be less aggressive when it comes to lowering rates. While current price predictions indicate lower rates, they may vary from policyholder to policyholder.

Here are some trends to watch this year.

Ransomware Threats

Ransomware attacks have skyrocketed over the past decade, and blockchain analysis firm Chainalysis reported that 2024 could be the largest grossing year yet for ransomware payments. Notably, in what’s being touted as the highest ransomware payment on record, cybercrime group Dark Angels received a payment of $75 million—nearly double the highest amount from 2023.

Moving into 2025, healthcare organizations, schools, government agencies and other infrastructure-related organizations are expected to be increasingly targeted in ransomware attacks. Given the essential nature of these operations, attackers believe victims in these sectors are more likely to pay a ransom to avoid prolonged disruption.

Artificial Intelligence Exposures

Cybercriminals can use artificial intelligence (AI) technology to create and distribute malware, crack passwords, deploy social engineering scams, identify software vulnerabilities and analyze stolen data. This technology can enable such activities to be carried out faster and with greater success rates, allowing cybercriminals to cause major damage and evade detection.

Heading into 2025, businesses should be particularly mindful of emerging AI-driven threats like deepfake scams, in which synthetic audio or video is used to impersonate executives or employees to commit financial fraud or initiate data breaches.

Supply Chain Vulnerabilities

Vendors and suppliers often don’t have the same level of cybersecurity as a target organization, making them an easier point of entry for a malicious party. Supply chain exposures can stem from a variety of parties and practices within an organization, including third-party services or vendors with access to information systems, poor information security practices by suppliers, compromised organizational software or hardware, software security vulnerabilities in supply chain management or among third-party vendors, or inadequate third-party data storage measures. Supply chain attacks are an increasing challenge for insureds, and Gartner predicts that 45% of organizations will experience attacks on their software supply chain by 2025.

Data Collection Concerns

Many businesses have begun leveraging biometrics, pixels and other tracking technology to gather personal information from stakeholders for various HR, advertising and marketing processes; however, doing so poses several data privacy concerns. For instance, businesses that don’t comply with applicable international, federal and state legislation (e.g., the General Data Protection Regulation, the Health Insurance Portability and Accountability Act, the Biometric Information Privacy Act and the California Privacy Rights Act) when collecting, processing and storing stakeholders’ data could face substantial regulatory penalties, costly lawsuits and associated cyber losses.

In 2025, businesses should be aware of heightened regulatory scrutiny and evolving privacy laws around data collection, especially as more states and countries strengthen their data privacy frameworks.

Tips for Insurance Buyers

Consider the following tips to strengthen your organization’s cyber risk profile:

  • Focus on employee training to prevent cybercrime from affecting your operations. Employees should be aware of the latest cyber threats (e.g., AI-powered attacks, cyber warfare, ransomware and business email compromise scams) and how to mitigate them.
  • Establish an effective, documented cyber incident response plan to remain operational and minimize damage in the event of a data breach or cyberattack. Test this plan regularly by running through various scenarios with staff. Make updates to the plan as needed.
  • Conduct thorough cyber risk assessments of third-party vendors before entering a partnership. Review their cybersecurity practices, ask about their data protection protocols and ensure they meet your company’s standards for safeguarding sensitive information.
  • Consult insurance professionals and legal counsel to determine your organization’s regulatory exposures regarding applicable data protection and cybersecurity laws. Make compliance adjustments as needed.

Connect with Hylant’s experts to discuss your cyber risks or find the best cyber insurance options for your specific needs.

Related Reading: Cyber Insurance, Ransomware Attacks and What Happens When You Legally Can’t Pay

The above information does not constitute advice. Always contact your insurance broker or trusted advisor for insurance-related questions.

Your Monthly Playbook for Managing Risks

Get expert-driven strategies you can actually use and stay ahead of emerging risks with our Fresh Perspectives monthly newsletter. Sign up now for the latest insights delivered directly to your inbox.

By entering your contact information and submitting the form, you understand that Hylant may send similar information in the future. You can unsubscribe anytime by using the link at the bottom of any Hylant email.

Related Insights