Tech & Sourcing @ Morgan Lewis

According to a 2025 report on cyber insurance trends published by Munich Re, the global cyber insurance market totaled $15.3 billion in 2024, and is expected to reach $16.3 billion by the end of 2025. Although these amounts are substantial in an absolute sense, the 2024 market valuation represents less than 1% of the global premium volume for property and casualty insurance in 2024. Cybersecurity’s comparative lack of representation in the global insurance premium market may stem from slower growth in the cybersecurity insurance market in the past few years. However, likely as a result of continued increases in digitization, cyber events occurring more frequently, and the regulatory framework evolving, cybersecurity insurance appears poised to grow at a more sustained pace, with Munich Re predicting the global premium volume for cybersecurity to average an annual growth rate of 10% per year through 2030.

As ransomware threats, data breach litigation, and supply chain cybersecurity concerns become increasingly more common and costly, buyers of tech, SaaS, and outsourcing services are giving far more weight to cyberliability insurance requirements in their contracts. While cyberinsurance provisions are becoming a routine point of negotiation in technology and outsourcing agreements, expectations on coverage, limits, and scope may vary widely.

The US Treasury Department has issued a request for public comment on a federal cyberinsurance program that would aim to cover the costs associated with severe cyberattacks. The Federal Insurance Office (FIO) and the US Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) are currently conducting a joint assessment for Congress. Because cyberattacks are occurring at such frequent rates, rates for cyberinsurance coverage have soared, making it difficult for businesses to afford coverage if it is even available. The proposed federal program would focus on critical infrastructure and be used as a backstop.