The US Cyber insurance market in 2025 is defined by anomalies, with client-favorable conditions resulting from increased capacity and more new entrants every year.
Munich Re projects the global Cyber insurance market to reach $16.3 billion by the end of 2025, adding that gross premiums are on track to double by 2030 due to increasing awareness of both cyber risks as well as the available insurance solutions. In the meantime, widespread premium reductions and additional capacity are still defining the Cyber insurance market, with limit availability increasing, even as risks become more prominent.
"Those markets that were previously only offering a $1 million or a $2 million limit have since gone to $5 million," says Risk Placement Services (RPS) National Cyber Practice Leader Steve Robinson. "We're now seeing more that can do $10 million and even some at $15 million, and that's reflective of the capacity. A lot of carriers are trying to get creative so they don't lose premium or market share by offering products that are of greater value."
Despite these forces, a lot of extra capacity remains in the market, with Insurtech and managing general agent (MGA) startups and other new players jumping in, while some existing carriers are loosening their underwriting standards to maintain market share. Cyber insurance remains an area of growth opportunity for Property and Casualty (P&C) insurers, particularly in the face of large-scale risk factors.
There's a reason that Gallagher Re has predicted that the cyber insurance market, if it continues to grow at its current rate, will exceed property or casualty in terms of annual reinsurance premium between 2032 and 2033.
As the company wrote in 2022: "From 2025, increasing clarity over Cyber's future as an insurance heavyweight buoyed by market confidence in the ability of data to predict claims will drive a 'data arms race' by reinsurers and cybersecurity vendors, as scale is required to fully realize technology potential in loss ratio improvements. We expect this convergence between technology solutions, cybersecurity techniques, and reinsurance will create a virtuous cycle, as investors seek to protect their capital invested in the space."
New Threats, New Risks
Even as premiums are falling, the digital threat landscape continues to evolve rapidly, presenting significant challenges for organizations across all sectors. During the first quarter of 2025, cyber attacks worldwide increased by 47%, reaching an average of 1,925 weekly attacks. These attacks were spread across a range of sectors, with education seeing the most (4,484 per week on average), followed by government systems (2,678) and telecommunications companies (2,664).1
Reports consistently highlight the prevalence of financially motivated attacks, with a notable increase in sophisticated social engineering tactics, involving fund transfer fraud and invoice manipulation.
Ransomware also remains a significant concern, with one report citing attacks up 126% so far this year and North America accounting for 62% of global targets, with threat actors increasingly targeting the Consumer Goods and Services sector. However, there are variations in the reporting about ransomware, with some analysts reporting a decline in overall attack frequency2 while others showing the opposite.
These inconsistencies reflect an evolving threat landscape, with actors maneuvering to find any advantage they can. This situation underscores the importance of working with a broker who has a finger on the pulse of these ongoing developments.
Ransomware is expected to cost victims as much as $275 billion annually by 2031, but it's not alone in the evolving world of cyber risk. Third-party attacks have affected the automotive industry, the education industry, IT security, and more, within the last year.
Human error, whether through falling victim to phishing scams or neglecting security protocols, remains a significant vulnerability. Compounding the problem is the phenomenon of "MFA fatigue," in which users — overwhelmed by frequent multi-factor authentication (MFA) prompts — may become more likely to approve fraudulent login attempts. Robust employee training programs and fostering a security-conscious culture within organizations are becoming increasingly critical to cybersecurity strategy.
Understanding Cyber Targets
While artificial intelligence (AI) offers potential for enhanced security defenses, it's also being leveraged by malicious actors to develop more sophisticated and evasive attack methods. These efforts includes creating highly realistic phishing campaigns and automating certain attack phases, making threats more difficult to detect and respond to.
The threat landscape for cyber risk is also expanding beyond traditional targets, with an increased frequency of cyber attacks targeting "blue collar" industries such as construction, manufacturing, and wholesale distribution. These sectors, which may historically have had less mature cybersecurity defenses and weren't considered a high hazard from a data breach standpoint, are increasingly becoming attractive targets for cyber criminals.
"A lot of these types of companies are handling large ACH wire transfers to pay vendors or suppliers in the course of their day-to-day business," says RPS Area Assistant Vice President Zach Piern, "and there's a misconception that they don't have as much cyber risk as those in healthcare, finance, etc. But I'm seeing more and more claims where they're targeting those types of companies."
These types of attacks can be devastating for clients. For instance, a $3-million-revenue heating and air conditioning contractor might have to send out $500,000 wire transfers periodically. If a threat actor can get into their system and monitor who they're paying and when, the threat actor can use that data to prey on the company through social engineering and other means. The result could bankrupt this small employer.
"Even in industry sectors that weren't previously thought of as having a huge cyber risk, they're getting hit pretty hard," Piern says, "and in a lot of cases, they're getting hit the hardest by these types of claims. It's a frequency issue, but we've been seeing the severity pick up as well."
Learn more about what's next for the Cyber insurance market in the 2025 Cyber Market Outlook.
Sources
1"Q1 2025 Global Cyber Attack Report from Check Point Software: An Almost 50% Surge in Cyber Threats Worldwide, with a Rise of 126% in Ransomware Attacks," Check Point Research, 16 April 16, 2025.
2"Global Ransomware Attacks: Notable Decline in April 2025 Amid Evolving Threat Landscape," Business Tech Weekly, 7 May 2025.
