With the ever-evolving landscape of cyber threats, the cyber insurance market can be particularly volatile and dynamic. Frequent market changes make it challenging to predict pricing accurately. The CrowdStrike and Change Healthcare incidents underscored the significant impact of a single cyberattack on multiple organizations and business sectors. Considering the potential consequences of systemic events like these, it’s plausible that insurers may adopt stricter underwriting guidelines in 2025 and be less inclined to reduce rates. While current price predictions suggest lower rates, individual experiences may vary.
Developments and Trends to Watch
Ransomware Threats— Ransomware attacks have surged over the past decade, and blockchain analysis firm Chainalysis predicts that 2024 could witness the highest-grossing year for ransomware payments yet. Notably, the cybercrime group Dark Angels received a record-breaking ransomware payment of $75 million—nearly double the highest amount from 2023. In 2025, healthcare providers, schools, government agencies, and other infrastructure-related organizations are expected to be increasingly targeted by ransomware attackers. Given the critical nature of these operations, attackers believe that victims in these sectors are more likely to pay a ransom to avoid prolonged disruptions.
AI exposures—Cybercriminals can exploit AI technology to create and distribute malware, crack passwords, execute social engineering scams, identify software vulnerabilities, and analyze stolen data. This technology enables them to carry out these activities more swiftly and with higher success rates, allowing them to cause significant damage and even evade detection. As we approach 2025, businesses must be particularly vigilant about emerging AI-driven threats, such as deepfake scams, where synthetic audio or video is used to impersonate executives or employees to commit financial fraud or initiate data breaches.
Supply chain vulnerabilities (third-party vendors)—Vendors and suppliers often lack the same level of cybersecurity as the target organization, making them an easier target for malicious actors. Supply chain exposures can arise from various sources within an organization, including third-party services or vendors with access to information systems, inadequate information security practices by suppliers, compromised organizational software or hardware, software security vulnerabilities in supply chain management or among third-party vendors, or insufficient third-party data storage measures. Supply chain attacks pose a growing challenge for insureds, and Gartner predicts that 45% of organizations will experience attacks on their software supply chain by 2025.
Data collection concerns—As businesses increasingly adopt biometrics, pixels, and other tracking technologies to gather personal information from stakeholders for HR, advertising, and marketing purposes, they must be mindful of the potential data privacy risks. Non-compliance with applicable international, federal, and state legislation, such as the General Data Protection Regulation, the Health Insurance Portability and Accountability Act, the Biometric Information Privacy Act, and the California Privacy Rights Act, can result in substantial regulatory penalties, costly lawsuits, and associated cyber losses. As we approach 2025, businesses should be aware of the heightened regulatory scrutiny and evolving privacy laws surrounding data collection, particularly in light of the growing number of states and countries strengthening their data privacy frameworks.
Please contact us for more information about these cyber trends and additional resources.
