According to a 2025 report on cyber insurance trends published by Munich Re, the global cyber insurance market totaled $15.3 billion in 2024, and is expected to reach $16.3 billion by the end of 2025. Although these amounts are substantial in an absolute sense, the 2024 market valuation represents less than 1% of the global premium volume for property and casualty insurance in 2024. Cybersecurity’s comparative lack of representation in the global insurance premium market may stem from slower growth in the cybersecurity insurance market in the past few years. However, likely as a result of continued increases in digitization, cyber events occurring more frequently, and the regulatory framework evolving, cybersecurity insurance appears poised to grow at a more sustained pace, with Munich Re predicting the global premium volume for cybersecurity to average an annual growth rate of 10% per year through 2030.
Mind the Gap – A Closer Look at Slow Adoption
Despite positive and growth-oriented forecasts for the cybersecurity insurance market, a vast majority of the cyber risks that companies small, medium, and large face remain uninsured and under protected.
Colloquially dubbed the “cyber protection gap,” primary reasons for the existence of this gap include (1) undesirable price of coverage, (2) lack of product awareness on the part of uncovered entities, (3) limited product understanding on the part of uncovered companies, and (4) insufficient scope of services as relating to an entity’s desired breadth of cybersecurity coverage.
Consistent with this gap, other findings indicate that only an estimated 47% of eligible organizations have a cyber insurance policy in place. This rate varies across region—North America falls in slightly below Europe, with an adoption rate of 45% to 50% respectively.
Ransomware – A Reason to Reconsider Cybersecurity Insurance
Several external threats to at-risk entities may create motivation for companies of all sizes to further invest in cybersecurity insurance coverage. While potentially affected entities continue to express concerns with the growing adoption of artificial intelligence, according to the Munich Re report, ransomware remains the leading cyber threat facing organizations today.
In 2024, the average ransom demand reached $600,000, and ransomware continues to be the leading cause of cyber insurance losses. Further, certain industries are hit harder than others by ransomware attacks; from 2017 to 2024, manufacturing, healthcare and retail made up the top three industries with the largest share of ransomware losses.
Organizations should still remain on the lookout for other major cyber trends, including the use and targeting of artificial intelligence in cybersecurity breaches, the increasing vulnerability of traditional security methods from quantum computing and the proliferation of the number of devices in the areas of information technology, IIoT (Industrial Internet of Things) and OT (Operational Technology used in productive environments).
Practical Tips and Takeaways
As we recently discussed, cyber insurance provisions are becoming an increasingly common point of negotiation in technology and outsourcing agreements. It is important to understand that the parties to such negotiations may come to the table with disparate expectations on who should be obligated to obtain what levels of cyber insurance. A general understanding of these cyber insurance market trends may help an organization better understand the practical aspects of the corresponding contractual obligations, which can then inform the negotiation of, and agreement to, the appropriate obligations for a given transaction.