Why Cyber Insurance Premiums Dropped in 2025 — and What's Coming Next

Cyber insurance premiums dropped roughly 11% in 2025, according to Lockton. That headline traveled fast — brokers cited it at renewals, CFOs used it to push back on quotes, and trade press treated it as confirmation that the market had finally stabilized.

But the number nobody is quoting sits right next to it: cyber incidents surged 129% and ransomware severity intensified — per Lockton. Premiums fell while the underlying risk grew. That is not stability. That is a structural tension building inside the market, and it has direct implications for how your business should think about coverage right now.

This article explains why premiums dropped, what forces are holding them down, and why the current pricing window may be shorter than it looks.

Why Cyber Insurance Premiums Dropped in 2025

Three forces converged to push premiums lower. Each one is real. None of them eliminates the risk.

Carriers Got More Disciplined — and More Profitable

After years of steep losses in the early 2020s, cyber insurers tightened underwriting standards significantly between 2022 and 2024. They required multi-factor authentication (MFA — a security control that verifies identity through multiple steps), endpoint detection tools, and documented incident response plans before quoting. Businesses that couldn't demonstrate basic security hygiene either paid much higher premiums or couldn't get coverage at all.

2024 was widely reported as a profitable year for cyber insurers, encouraging carriers to expand capacity further. When carriers compete for premium volume, prices fall. That is what happened in 2025.

New Capacity Entered the Market

Munich Re projects the global cyber insurance market will reach $29 billion by 2027, up from approximately $14 billion in 2023 — a doubling of market size driven by rising take-up rates and increased carrier capacity.

Munich Re — Cyber Insurance Market Outlook

Profitability attracted new entrants. Reinsurers — the companies that insure the insurers — increased their appetite for cyber risk after watching loss ratios improve. Munich Re, one of the world's largest reinsurers, projected the global cyber insurance market would grow to $29 billion by 2027, signaling long-term confidence in the line. That reinsurance capacity flowed downstream, giving primary carriers more room to compete on price.

More carriers competing for the same pool of insurable businesses means lower premiums, at least in the short term.

Underwriting Got Smarter

Carriers also got better at segmenting risk. Instead of applying broad rate increases across entire industries, underwriters began pricing individual accounts more precisely — rewarding businesses with strong security controls and penalizing those without. WTW's 2025 cyber market outlook noted that businesses with mature security postures were seeing the steepest premium reductions, while higher-risk accounts continued to face pressure.

The result: the 11% average drop masked significant variation. Some businesses saw premiums fall 20% or more. Others saw flat renewals or modest increases. The average obscures the spread.

The Structural Tension Underneath the Headline

Here is the part most coverage skips.

Incidents Went Up. Premiums Went Down.

The average cost of a data breach reached USD $4.88 million globally in 2024 — the highest ever recorded. That represents a 10% increase over 2023 and nearly a 25% rise since 2020.

IBM Cost of a Data Breach Report 2024

Cyber incidents surged 129% and ransomware severity intensified — per Lockton. IBM's Cost of a Data Breach Report put the average cost of a breach at USD 4.45 million globally. That figure has climbed consistently for more than a decade.

Industry data showed approximately a 5% decline in Q4 2024 premiums, reported across multiple market sources — a trend that continued and accelerated through 2025. So the cost of a breach went up, the number of breaches went up, and the price of transferring that risk went down. That combination does not persist indefinitely.

What it means for your business: the current pricing environment is favorable, but it is not a signal that cyber risk has decreased. It is a signal that carriers are currently willing to absorb more risk than the underlying data might justify. That window closes when loss ratios deteriorate.

Ransomware Severity Is Still Climbing

Ransomware — malicious software that encrypts a victim's data and demands payment for its release — remains the dominant driver of large cyber losses. Gallagher's 2025 cyber market report noted that ransomware demands and associated business interruption costs continued to climb even as frequency data showed mixed signals across sectors.

The Wiley Rein cyber practice group flagged a specific risk that most businesses underestimate: supply chain attacks. A breach at a third-party vendor can trigger covered losses at your business even if your own systems were never directly compromised. Most mid-market cyber policies have not been updated to reflect this exposure adequately.

Take-up rates — the share of businesses actually purchasing cyber coverage — have grown steadily across mid-market and enterprise segments. More businesses buying coverage means a larger pool of insured risk. If loss ratios spike, the correction will be broad.

Ransomware attacks increased 18% in 2024, with the average ransom payment rising to $2.73 million — nearly a $1 million increase over 2023. Business interruption remains the largest component of cyber losses, often exceeding the ransom amount itself.

Sophos — The State of Ransomware 2024

Premium vs. Risk: What the Data Actually Shows

Every risk metric moved in one direction. Every pricing metric moved in the other. That divergence is the story.

What Most Businesses Get Wrong About the Soft Market

A soft market — a period when insurance premiums fall and coverage becomes easier to obtain — creates predictable mistakes.

Treating a lower premium as a coverage review. Premiums fell, so the renewal felt like a win. But a cheaper policy is not necessarily a better policy. Coverage terms, sublimits (the maximum payout for specific claim types within a broader policy), and exclusions matter more than the premium line. A policy that costs 15% less but excludes supply chain events or caps ransomware payments at $500,000 is not a better deal — it is a different product.

Cutting limits because the market is "soft." Some businesses use a soft market to reduce coverage limits and pocket the savings. That is a reasonable decision if your risk profile has genuinely decreased. It is a poor decision if your revenue grew, you added new technology vendors, or you expanded into regulated industries. Your limit should track your exposure, not the market cycle.

Assuming current pricing reflects current risk. The 11% drop reflects carrier competition and improved loss ratios from prior years. It does not reflect a 129% increase in incident volume or rising ransomware severity. Pricing lags risk in both directions — it was too high during the hard market of 2021–2022 relative to actual losses, and it may be too low now relative to emerging exposures.

Not benchmarking your coverage against peers. The average premium dropped, but your premium should be priced against your specific risk profile, not the market average. Businesses that don't benchmark their coverage against industry peers and historical loss ratios have no way to know whether their pricing is accurate or their coverage is adequate.

What's Coming Next: 2026 and Beyond

The soft market is not permanent. Several forces are likely to push premiums higher over the next 12 to 24 months.

Loss ratio deterioration. If incident volume continues to climb at the rate Lockton documented, claims will follow. Carriers will respond by tightening terms and raising rates, as they did in 2021. The question is timing, not direction.

Systemic risk events. A single large-scale supply chain attack or critical infrastructure event — the kind that triggers simultaneous claims across thousands of policyholders — could harden the market faster than any gradual trend. Reinsurers are watching this exposure carefully. Munich Re's growth projections assume manageable systemic loss scenarios. A major event would revise those assumptions quickly.

Regulatory pressure. New cyber disclosure requirements from the SEC (the U.S. Securities and Exchange Commission), state-level data protection laws, and emerging AI liability frameworks are expanding the definition of what constitutes a covered cyber event. Broader coverage triggers mean higher expected losses, which eventually flow through to pricing.

AI-generated threats. Phishing attacks — fraudulent communications designed to steal credentials or deploy malware — are becoming harder to detect as attackers use AI to generate highly personalized, convincing messages at scale. Social engineering losses, where claims arise from human manipulation rather than technical exploits, are an area where many policies have limited or ambiguous coverage.

The businesses that use the current soft market to strengthen their coverage rather than reduce their spend will be better positioned when the cycle turns.

The Bottom Line

Cyber insurance premiums dropped in 2025. That is true. But they dropped while cyber incidents surged 129%, ransomware severity intensified, and the average breach cost held above USD 4.45 million. The soft market is a pricing cycle, not a risk cycle. Those are two different things.

The right move right now is to use favorable pricing to secure better coverage terms, higher limits, and broader scope — not to cut spend and assume the risk has gone away. When the market hardens again, and it will, the businesses that treated the soft market as a buying opportunity will be better covered at a lower relative cost than those who treated it as a reason to disengage.

Aiden analyzes your business across 140+ data vectors in seconds, pairs that output with human underwriting expertise, and helps you make coverage decisions based on your actual risk — not the market average. Learn more at aidenrisk.com.

FAQs

Why did cyber insurance premiums drop in 2025?

Cyber insurance premiums dropped approximately 11% in 2025 primarily because carriers became more profitable after tightening underwriting standards between 2022 and 2024. That profitability attracted new reinsurance capacity, which increased competition among primary carriers and pushed prices lower. Smarter risk segmentation also allowed carriers to reduce rates for businesses with strong security controls.

Does a lower cyber insurance premium mean my risk has decreased?

No. Premiums reflect carrier competition and historical loss ratios, not current threat levels. Cyber incidents surged 129% in 2025 even as premiums fell. A lower premium means the market is currently pricing risk favorably — it does not mean your exposure has changed.

What is a soft market in cyber insurance?

A soft market is a period when insurance premiums fall and coverage becomes easier to obtain, typically because carriers are profitable and competing for business. The opposite — a hard market — occurs when losses rise, capacity tightens, and premiums increase. Cyber insurance has historically cycled between these phases faster than most commercial lines.

What should my business do during a soft cyber insurance market?

Use favorable pricing to improve your coverage rather than reduce your spend. Review sublimits for ransomware and business interruption, check for supply chain exclusions, and consider increasing limits if your revenue or technology footprint has grown. Cutting limits during a soft market to save money can leave you underinsured when the cycle turns.

How do I know if my cyber coverage is adequate?

Adequacy depends on your specific risk profile — your industry, revenue, technology stack, vendor relationships, and regulatory environment — not the market average. Benchmarking your coverage against peers and historical loss ratios in your sector gives you a more accurate picture than comparing your premium to a published index.

What is driving ransomware severity even as premiums fall?

Ransomware attackers are demanding larger payments, targeting more critical systems, and increasingly using supply chain access to compromise multiple victims simultaneously. Business interruption costs — the revenue lost while systems are offline — often exceed the ransom demand itself. These severity trends exist independently of the pricing cycle.

When might cyber insurance premiums start rising again?

Most market observers expect the soft market to persist through mid-2026, but a significant systemic event, sustained loss ratio deterioration, or a wave of AI-enabled attacks could accelerate a correction. Regulatory changes expanding covered event definitions are also likely to put upward pressure on pricing over the next 12 to 24 months.