Blog insurance news
Arkadiusz Krysik
Published: Oct 9, 2025

2025 Cyber Insurance Statistics and Trends

Cyber threats are one of the key emerging risks in today’s economy, and the cyber insurance market is thriving.

As frequency and impact rise, cyber insurance providers are scaling capacity, refining underwriting around controls, and coupling coverage with fast, expert incident response.

This article distills the latest stats and trends to show how the market is evolving and what it means for buyers and insurers alike.

Key Takeaways

  • Global cyber insurance premium volume reached about $16.6B in 2024 (up from ~$14B in 2023), signaling continued expansion. (Source: Risk & Insurance)
  • The U.S. cyber segment remained profitable in 2024, with the loss ratio staying below 50%. (Source: AM Best)
  • Demand is rising: the number of U.S. cyber policies in force grew 11.7% in 2023 to 4,369,741. (source: NAIC)
  • Despite more incidents, the average payment dropped 77% in 2024 and pricing fell 7% in Q1 2025, with broader coverage and higher limits available for well-controlled risks. (Source: Aon)

Cyber Insurance Explained

Cyber insurance is a specialty line designed to absorb the financial and operational shock of modern cyber threats – from ransomware and business-email compromise to privacy violations and destructive malware.

Unlike standard property or liability policies, it is engineered around intangible assets and always-on systems, where cyber risks propagate through networks, suppliers, and cloud platforms.

At its core, cyber insurance converts unpredictable digital events into a managed, contractually defined response, helping organizations keep customers, regulators, and partners confident when incidents occur.

Policies typically blend first-party and third-party cyber insurance coverage.

First-party elements fund immediate response – digital forensics, data restoration, crisis communications, breach notification, customer protection services, and business interruption losses. Third-party elements address liability arising from data breaches, regulatory investigations, contractual indemnities, and media or privacy claims.

cyber crime vast majority national institute

Global Cyber Insurance Market Growth and Size

The cyber insurance market is now a core (but still relatively small) specialty line.

The cyber insurance market grew at an ~32% compound annual rate from 2017 to 2022, roughly tripling in size over five years.

Global premiums doubled from 2017 to 2020, and then doubled again from 2020 to 2022.

By 2022, worldwide cyber insurance premiums reached about $13 billion, up from roughly $4–5 billion in 2017.

This trajectory far outpaced growth in most other insurance lines.

Depending on the source and methodology, global cyber insurance premiums for 2024 are estimated at ~USD 15–17 billion: Munich Re puts 2024 at USD 15.3bn, while Guy Carpenter estimates USD 16.6bn and Swiss Re projects ~USD 15.6bn for full-year 2025.

cyber resilience protect data

Key Cyber Insurance Claim Drivers

A handful of incident types dominate cyber claims across the cyber insurance market.

While loss experience ultimately varies by sector and geography, the patterns below explain why cyber insurers insist on baseline controls (MFA, EDR, backups) and why these controls increasingly influence cyber insurance premiums.

  • Ransomware: Continues to be the largest loss driver. Allianz attributes ~60% of large-claim value (>€1m) to ransomware. Coalition finds ransomware is ~21% of claims but with the highest average loss (~US$292k). Average ransom demands fell ~22% to ~US$1.1m, and negotiated reductions are ~60%. Attackers are shifting toward mid-sized firms; 88% of SME data breaches involve ransomware vs 39% for large firms. Many carriers now require MFA and EDR as pre-requisites for coverage. (Sources: Allianz; Coalition)
  • Business Email Compromise (BEC) & Fund-Transfer Fraud (FTF): High frequency, lower severity relative to ransomware. Collectively ~60% of claims in Coalition’s dataset, with BEC 29.7% and FTF 29.8%. Typical consequences include fraudulent wire transfers and legal costs; underwriters emphasise email security controls and employee training. (Sources: Coalition; Allianz)
  • Data breaches / privacy violations: The average global data-breach cost reached almost US$5m (2024). Allianz notes non-attack incidents (privacy violations, technical failures) account for ~28% of large-claim value, showing that not all severe losses stem from overt cyber attacks. Regulatory fines (GDPR, HIPAA) and notification costs drive severity, notably in healthcare and retail. (Source: Allianz)
  • Business interruption (BI): Often the most expensive cost component of a cyber event; Allianz reports BI represents >50% of large-claim value. ICS exposure and supply-chain disruptions amplify BI losses in manufacturing and energy. (Source: Allianz)

Global Premiums

Global cyber insurance premiums have expanded rapidly from a niche base.

In 2020, the cyber insurance market was about US$6bn GWP, and heavily concentrated geographically: Americas 71%, Europe/Africa 29%, Asia/Oceania <1%. That concentration reflected where cover was most available and where cyber insurers had the strongest distribution and data to price emerging cyber risks. (IAIS GIMAR 2023)

Growth accelerated in 2021, reaching US$13.7bn GWP (with a DWP sample of US$6.7bn; median US$74.9m per participating carrier). Market capacity was still highly concentrated—six insurers accounted for >80% of premium—so pricing power and wording standards were driven by a relatively small cohort of leaders. (IAIS GIMAR 2023)

By 2023, worldwide premiums were estimated at US$16.66bn, with the U.S. writing US$9.84bn (~59% of global). Policy adoption kept climbing: 4.37 million U.S. policies were in force, up 11.7% year over year, indicating that buyers were responding to persistent cyber attacks and contractual/board pressures even as rates began to moderate. (NAIC 2024 Cyber Report)

Looking ahead, 2025 projections differ by methodology: Munich Re forecasts ~US$16.3bn global premiums, while IAIS cites industry expectations of ~US$22bn by 2025—an illustration of how assumptions about penetration outside the U.S., limit buying, and loss activity can materially change near-term outlooks.

Longer-term scenarios remain bullish.

Howden argues premiums could exceed US$50bn by 2030, noting that roughly 45% of premiums are ceded to reinsurers today—about US$6bn—and that reinsurance capacity would need to triple to support that scale without destabilizing volatility from large cyber claims. Fortune Business Insights Cyber Insurance Report is more aggressive, projecting ~US$63bn by 2029.

cyber extortion

Global Cyber Insurance Market Distribution

2024 global premium split (Guy Carpenter): North America USD 10.5bn, Europe USD 3.9bn, APAC USD 1.7bn, Rest of World USD 0.5bn.

The U.S. alone represented ~59% of global premium in 2023, underscoring North America’s maturity versus under-penetrated international regions.

cyber insurance sensitive data

Adoption and Cyber Coverage Uptake

Demand for cyber insurance is rising as boards and lenders react to headline cyber incidents, but uptake remains uneven: large enterprises buy broadly while SMEs lag.

  • U.S. adoption is growing: 4.37 million U.S. policies were in force in 2023—an 11.7% year-over-year increase, rebounding after a 2021 dip during the pricing spike. (Source: NAIC 2024 Cyber Report)
  • Big-company penetration is high: Most large enterprises (≈80% of firms with >$10B revenue) now carry cyber coverage; by contrast, only ~10–20% of small and mid-sized businesses have any cover. (Source: )
  • UK snapshot (all firms vs. by size): In 2023, just 37% of UK businesses had cyber insurance; this rose to 55–63% among medium and large firms, but only ~17% of small businesses reported having cover. (Source: )
  • Awareness is still a barrier for SMEs: >60% of small firms are not familiar with cyber insurance offerings—highlighting a major education gap. (Source: )
  • Why SMEs matter to growth: SMEs and micro-firms make up ~90% of companies globally but account for only ~30% of cyber premiums (~US$4.7bn)—closing this gap is the biggest lever for future market expansion.

Sector‑specific Frequency and Severity

Different industries buy and experience cyber risk very differently. Below is a crisp, scan-friendly view of who buys cyber insurance most, and where cyber claims hit hardest—combining the screenshot highlights with the PDF stats we used earlier.

  • Technology / IT & Communications – the single biggest buyer by premium share in North America (≈19%). Take-up among tech/media firms is >60% for large-account clients; exposure driven by always-on platforms, IP theft and service outages. [RiskandInsurance]
  • Retail & e-commerce – large premium share (≈13% NA) and heightened scrutiny after headline cyber incidents (payment data, third-party platform outages). [RiskandInsurance]
  • Financial services (banks, insurers, fintech) – very high penetration (≥60% in risk-managed portfolios) and among top sectors by premium share (≈11% NA); strong drivers are data sensitivity and regulatory duties. [RiskandInsurance]
  • Healthcare / Life sciences – heavy severity and stringent privacy regimes; among top premium-share sectors (≈11% NA). In claims management data: ~12.6% of large-company cyber loss cost, and 738 SME claims in 2019–2023 (notification, regulatory and BI dominate). [RiskandInsurance]
  • Professional & business services (legal, consulting, accounting) – frequent claims and high BEC exposure; top three by share of large cyber claims since 2020. In SME data it’s the #1 by frequency (1,630 claims, 2019–2023). [Allianz; Marsh]
  • Manufacturing / Industrial – growing buyer base due to ransomware and business interruption exposures; now ≈10% of NA premium. [Allianz; Marsh]

[Read also: Pet Insurance Statistics, Facts and Trends (2025)]

Cyber remains a small but strategically important niche in P&C.

Conditions for buyers are the best they’ve been in years, which supports further adoption. Marsh reports cyber rates fell ~7% in Q2 2025 worldwide, with even larger decreases in Europe and Latin America. Despite softer pricing, carrier performance remains healthy: Howden finds average combined ratios around ~70% and about USD 9bn in underwriting profit across 2022–2024.

Penetration is widening too. In the U.S., policies in force rose 11.7% to 4.37 million in 2023, a sign that more companies—especially smaller ones—are buying first-time cover.

Capital support for systemic events is also improving, which is good news for long-term resilience.

Beazley now has about USD 510m of outstanding cyber catastrophe bonds and added USD 290m of cyber ILW protection, while Hannover Re renewed a USD 20m parametric cloud-outage cat bond.

All and all howden’s long-term view suggests cyber premiums could exceed USD 50 bn by 2030 if penetration rises (especially among SMEs and outside North America), while Swiss Re tempers nearer-term expectations to ~5% CAGR from 2023 given the current soft market.

Building Software for Specialty Insurance

Cyber is the textbook example of a specialty line: fast-moving cyber threats, complex regulations, and outsized concentration risk.

To compete, cyber insurance providers need systems that go beyond generic policy admin.

Underwriting depends on live security posture (e.g., MFA, EDR, incident-response readiness), external attack-surface signals, and portfolio-level accumulation controls—workflows that call for continuous data ingestion and modeling rather than one-time questionnaires.

Platforms like Openkoda make this specialization practical.

legal fees cyber insurance policy

Openkoda combines rapid application development with full-code flexibility, so teams can stand up a cyber underwriting workbench, broker portal, or claims command center in weeks, not quarters, while avoiding vendor lock-in later.

Openkoda’s rules and rating are editable as standard code, not black-box configuration.

You can modify underwriting and calculation logic (rates, deductibles, limits, sub-limits, co-insurance, minimum premiums), bind conditions, accumulation checks, and referral triggers per class of risk or industry.

On top of that he platform connects easily to scanners, security-ratings feeds, threat-intel, CAT models, payments, e-signature, CRM/broker systems, and reinsurance reporting.

Teams drop in ready-made widgets – underwriting scorecards, control checklists, incident timelines, vendor panels, SLA trackers, and portfolio heatmaps – and adapt them to their own workflows and data models.

Because the UI and data schema are open, you can extend entities like Assets, Controls, Incidents, Vendors, and Third-Party Services without waiting for a vendor release.

multi factor authentication

For any insurer operating in the cyber insurance sector, the Openkoda platform offers a rich set of pre-built capabilities that form the foundation for robust, enterprise-ready applications:

  • Configurable rating & rules engine – edit underwriting, pricing, deductibles, limits, sub-limits, co-insurance, and referral logic in code with versioning and audit.
  • Dynamic questionnaires & control checklists – conditional forms for cyber controls (MFA, EDR, backups, vendor risk) that adapt by industry, size, or posture.
  • Underwriting dashboard – submission triage, risk scorecards, bind/decline guidance, appetite rules, and accumulation checks.
  • Insurance automation – quotes, binders, policies, endorsements, notices; clause libraries; multilingual output; e-signature ready.
  • Ccyber insurance claim management center – FNOL intake, triage rules, tasking & SLAs, reserve tracking, payment approvals, incident timelines, recoveries.
  • Role-based access control (RBAC) & audit trails – granular permissions, immutable logs, PII field-level masking, and encryption at rest/in transit.
  • Multi-tenant & unlimited users – scale to brokers, TPAs, and partners without per-seat surprises.

cyber incidents cyber insurance policy

With them, and a team of seasoned developers experienced in niuances of insurance sector, Openkoda accelerates delivery (weeks, not quarters) while staying full-code and cloud-agnostic.

That means you can prototype quickly, pass security reviews, and still retain complete control of the roadmap as regulations, models, or partner ecosystems change.

[Read also: Accelerating Insurance Digital Transformation: 2025 Outlook]

Closing Thoughts

The cyber insurance market has matured into a critical specialty line as digital risk escalates.

Cyber insurance companies are balancing affordability with disciplined underwriting and smarter incident-response ecosystems.

Buyers increasingly view a well-structured cyber insurance policy as a core part of resilience, complementing controls, training, and recovery planning.

With adoption broadening and capital support deepening, the market is positioned for steady, sustainable growth.

Related Posts