Cyber Risk Insurance Market Remains Buyer-Friendly

Significant, systemic events dominated 2024 with Aon’s Cyber Solutions U.S. data revealing 1,228 reported incidents across Aon’s Cyber Solutions clients — an increase of 22 percent. Cyber incidents or litigation represented most claims, with 776 reported incidents — up 31 percent.

Despite increased claims frequency in 2024, insurer loss ratios were not materially impacted, and buyers’ market conditions continued through 2024 for cyber amid a well-capitalized and competitive environment. Favorable conditions are expected to continue in 2025, supporting growth in emerging cyber markets; however, the juxtaposition of loss trends and a softening market could mean future market volatility. Risk differentiation remains key to favorable renewal outcomes over the long term.”1

On average, buyers achieved a 7 percent premium decrease in Q1 2025, primarily driven by ample capacity, the introduction of new capacity and incumbent insurers being aggressive with renewal terms to maintain their incumbent renewals.

2020–2025 Cyber Premium Changes by Quarter​

Average Year–over–Year Change (Same Clients)​

Premium changes continued to decrease quarter over quarter while ransomware claims frequency was up.

Cyber Monthly Pricing All Layers

Average Year–over–Year Change (Same Clients)

Despite this difference in activity, it’s still unclear how many of these ransomware incidents are claims with insurance recoveries, versus falling within the self-insured retention (SIR).2

The cyber retail and reinsurance markets demonstrated solid margins, supporting the view that the global cyber insurance industry is stable despite growing competition and the increasing sophistication, severity and frequency of cyber incidents.3 Stronger competition has also resulted in lower self-insured retentions, premiums, an easing of required sub-limits and coverage enhancements for policyholders.4

In 2025, we expect pricing to continue to moderate, with more favorable conditions across an increasingly wider range of risks and geographies. Ample capacity and aggressive competition continue to drive a buyers’ market for cyber despite an increase in ransomware activity in prior years. In most markets, moderate rate reductions, broader coverage and increased limits are available for risks with responsive cyber security controls.

Looking to the reinsurance market in 2025, supply of capital from traditional sources remains abundant relative to current demand, with alternative capacity, such as insurance-linked securities and catastrophe bonds increasing in availability through innovative risk transfer structures. This supply-demand imbalance led to a favorable January renewal cycle for buyers of cyber reinsurance. The suite of reinsurance products and structures will continue to evolve and expand as cyber insurers seek new, more effective, ways to optimize their net position according to their risk appetite. This is a strong indicator that buyer-friendly market conditions, which include slightly lower premiums, broader coverage and more flexible terms, can be expected into the first half of 2025 for cyber insurance purchasers.

Cyber Insurance Steers Risk Mitigation

Cyber-attacks pose a growing balance sheet threat, with three-quarters of completed attacks leading to financial losses.5 Adoption of cyber insurance is widespread and is a board-level consideration. It is reported that 90 percent of organizations with 500 to 1,000 employees have some form of cyber coverage, 50 percent have a standalone policy while 40 percent have cyber as part of a wider business insurance policy6, and 25 percent of Aon clients purchased additional limits in 2024. Stricter underwriting by insurers demands that organizations invest in cyber preparedness to help secure a policy. This investment in readiness can benefit both insurers and insureds. Aon clients that invested in cyber preparedness in 2024 were better positioned to respond to attacks with technology controls and continuity plans in place to restore systems or regain access to data. Despite increased claims frequency across 2024, the average payment dropped by 77 percent. This paradox — rising claims but declining payments — helped to maintain the soft market.

Key Observations:

• In 2024, the average payment amount declined 77%, and the number of ransomware incidents remained flat, compared to the same period in 2023. Despite frequency increasing year over-year, the severity has declined supported by stronger cyber security controls, so we’ve remained in a soft market.
• Despite a decrease in severity, the increase in frequency necessitates guidance around reporting and navigating notices.

Large-scale systemic events took center stage in 2024, as evidenced by the CrowdStrike outage that disrupted operations worldwide and impacted commercial flights, hospitals, and financial services. Technology interconnectedness is growing, coupled with increased regulatory scrutiny on how organizations manage their systemic risks. In this uncertain operating environment, organizations should model their total cyber risk exposure through the financial quantification of relevant cyber scenarios and insurers need this high level of modeling to write or renew policies. Although the ransomware breach of a major healthcare payments technology provider in 2024 did not impact the cyber insurance industry directly, it caused associated and downstream losses for organizations that depended on that vendor. Aon is on the frontline in this trend, using more sophisticated models and tools that enable data-driven scenario analysis with its Cyber Risk Analyzer.7

It is expected that insurers will employ more robust modeling to help protect their portfolios against loss and close knowledge gaps around systemic and third-party risk. By leveraging quantitative modeling and underwriting, they can help improve decision-making to safeguard shareholder equity and help protect customers, employees and the public. This increased focus on advanced risk-selection technologies and claims management, including incident response (IR) and even specialized ransomware response teams, is also helping to make the cyber insurance industry more sustainable and propelling its development.8

Actions for Organizations

• Use Decision Analytics. Cyber events can affect all areas of an organization, and regulatory bodies as well as shareholders are expecting a tighter focus on this risk. Aon’s Cyber Risk Analyzer provides brokers and clients access to loss forecasting, exposure assessment and total cost of risk (TCOR), driving stakeholder alignment across the C-suite and enabling businesses to optimize their cyber-insurance programs relative to their unhedged loss potential.
• Strengthen Cyber Security Posture. Systemic and third-party risks remain undermanaged and deserve focus in 2025. A privacy data breach, unauthorized access or disclosure of personal information, or loss of personal information can also have serious consequences. While a well-known topic, multi-factor authentication is still an underwriting requirement, as is a tested IR plan.
• Be Strategic In-Market. Given the buyer-friendly market conditions, we advocate for insurers to offer expanded coverage to meet evolving risks. Organizations require broader coverage that addresses business and dependent business interruption, supply chain vulnerability, regulatory exposure inclusive of wrongful data collection events, and coverage for AI creation or usage-related events.