A Momentary Breather Masks Growing Risk
When U.S. cyber insurance premiums finally declined—falling 2.3% in 2024 to approximately $7.08 billion in direct premiums written—it felt like a reprieve for businesses long battered by rising encryption, ransomware, and breach costs (AM Best report) (Cybersecurity Dive) (NAIC report). But this first decline since 2015 masks a deeper paradox: while underwriting costs eased, underlying exposure is intensifying.
Insurers maintained profitability with loss ratios remaining under 50%, yet the number of claims surged by nearly 40% in 2024, with almost 50,000 filed. Average ransom payments plummeted by 77%—a welcome sign of stronger cyber defenses and negotiation practices—but a rising claim frequency signals a field far from calm (NAIC report).
This sets the stage for a deeper inquiry: what does lower pricing mean in a landscape where threat actors evolve even as defenses improve?
Quantifying the Quiet Before the Storm
Three key data points crystallize the paradox:
- U.S. cyber insurance direct premiums written dropped 7% to roughly $9.14 billion in 2024 from $9.84 billion in 2023; domiciled insurers saw premiums decline from $7.25 billion to $7.08 billion year-over-year (NAIC report).
- The number of cyber insurance claims increased almost 40% in 2024, with nearly 50,000 reported, even as average ransom payouts dropped 77%—reflecting greater control over breaches but more frequent incidents (NAIC report).
- Global cyber insurance premiums rose to $15 billion in 2024 and are expected to reach $15.3 billion in 2025; projections estimate growth above 10% annually through 2030, despite pricing pressure, due to sustained demand and enhanced underwriting methods leveraging AI and live risk monitoring (BeInSure).
Together, these data points show that even as pricing eases, the business of insuring cyber risk remains highly active and vital.
Real-World Cases: When Insurance Meets Crisis
Case 1: Change Healthcare Cyberattack (U.S., February 2024)
A “suspected nation-state associated cyber threat actor” breached Change Healthcare’s systems, halting electronic medical claims processing and disrupting payments to providers. Healthcare organizations faced losses up to $100 million per day, with 190 million patients affected. The U.S. Department of Health and Human Services launched a civil rights investigation over privacy implications (Change Healthcare attack). This incident underscores how even insured entities may undergo massive systemic risks with cascading economic effects.
Case 2: Lockton Re – Cyber Reinsurance Capacity Boost (2025)
In the first half of 2025, Lockton Re reported a $250 million expansion in cyber reinsurance capacity, with average premium reductions between 5% and 15%, depending on sector and geography. While mid-market clients benefited most, the rise in capacity offered cedants better negotiating leverage—with some choosing to retain more risk based on improved loss profiles (Lockton Re report). This case highlights how insurance structures adapt in the face of volatile exposure and shifting market appetites.
The Dynamics Behind Lower Rates—and Persisting Risk
Lower premiums are not signals of diminished risk—but rather reflect multiple market forces:
-
Influx of capital via reinsurance and insurance-linked securities (ILS): Over $750 million in cyber catastrophe bonds were issued in 2024, expanding underwriting capacity and enabling more competitive terms for buyers (BeInSure).
-
Improved underwriting driven by AI and real-time data: Insurers are increasingly tapping AI, continuous telemetry, and API-driven data to refine risk assessment. This enables dynamic pricing calibrated to actual exposure rather than historical questionnaires (BeInSure).
-
Regulatory and compliance tailwinds: Legislation like the EU Cybersecurity Act and U.S. mandates from CISA stimulate demand by placing minimum cyber resilience expectations on financial, healthcare, and supply chain actors (BeInSure).
Yet, threats evolve: phishing and social engineering, ransomware, and third-party risk exposure remain dominant claim drivers, even as ransomware payouts drop—indicating broader systemic vulnerability.
What Policymakers, Insurers, and Businesses Should Consider Next
-
Regulators must tighten resilience requirements—not only for insurance eligibility but for critical infrastructure continuity. Mandates for MFA, endpoint detection, and supply-chain vetting should be prerequisites, supported by safe harbors for investments in cyber hygiene.
-
Insurers should continue investing in AI-driven risk modeling and parametric policy frameworks. Dynamic premiums tied to breach metrics and prevention behaviors will help align incentives and reduce systemic tail-risk.
-
Investors and corporate boards must regard cyber insurance as a dynamic risk control—not a substitute for security. The paradox of softening premiums amid frequency spikes reveals insurance is necessary—but not sufficient—for preparedness.
By 2028, businesses that combine risk-aware insurance models with robust internal controls will outperform peers in resilience and operation continuity. Cyber insurance is evolving—but so must the strategies that rely on it.
References
Cybersecurity Dive: Cybersecurity insurance premiums declined 2.3% in 2024
NAIC. “Report on the Cybersecurity Insurance Market” (2025). https://content.naic.org/sites/default/files/inline-files/2025_Cybersecurity_Insurance%20Report.pdf?utm_source=pulse.latellu.com&utm_medium=editorial
BeInSure: “2026 Outlook for Global Cyber Insurance Segment" (global premiums and projections). https://beinsure.com/global-cyber-insurance-segment-outlook/?utm_source=pulse.latellu.com&utm_medium=editorial
Lockton Re: “Cyber Reinsurance Capacity Grows by $250m Amid 5‑15% Rate Declines in H1’25”. https://www.reinsurancene.ws/cyber-reinsurance-capacity-grows-by-250m-amid-5-15-rate-declines-in-h125-lockton-re/?utm_source=pulse.latellu.com&utm_medium=editorial
Change Healthcare cyberattack details. https://en.wikipedia.org/wiki/Change_Healthcare?utm_source=pulse.latellu.com&utm_medium=editorial