AM Best maintains stable outlook for global cyber insurance in 2025 amid growth, AI, and rising threats

AM Best, the credit rating agency, has reaffirmed a Stable outlook for the global cyber insurance market heading into 2025, underscoring a combination of factors that will influence the sector’s performance in the coming years.

Despite a moderate softening in the market since 2023, demand for cyber insurance remains resilient and is expected to continue at a steady pace.

According to AM Best’s analysis, profitability should be sustained over the intermediate term, even as competitive dynamics remain intense.

Improvements in cyber security practices among policyholders have contributed to reducing vulnerabilities that could lead to losses, thus bolstering insurer results.

The market is supported by ongoing capital inflows from reinsurers and alternative capital providers, including insurance-linked securities (ILS).

Additionally, AM Best highlights the role of artificial intelligence in enhancing risk selection and underwriting processes, which increases operational efficiencies and improves pricing accuracy. Regulatory and compliance requirements are also significant drivers encouraging greater adoption of cyber insurance, particularly in sectors with stringent data protection rules.

However, challenges persist that temper the outlook. AM Best notes the continued escalation of ransomware attacks, business email compromise (BEC), and funds transfer fraud (FTF), which remain key sources of claims.

The interconnectedness of digital systems creates systemic risk concerns, as cyber incidents in one part of the ecosystem can cascade and cause widespread disruption.

The increasing use of AI by threat actors is expanding the scale and sophistication of cyber attacks, while insurers themselves face growing risk as targets due to their extensive repositories of sensitive client data.

While the global cyber insurance market has experienced some softening, growth prospects remain favorable. According to data cited by AM Best from Munich Re, global cyber insurance premiums rose by 7% in 2024 to approximately USD 15.3 billion and are projected to grow at an average annual rate exceeding 10% through 2030.

The US continues to lead the market, accounting for nearly 59% of global premiums, but AM Best expects that international markets, particularly in Europe and Asia, will steadily increase their share as these regions mature and cyber insurance adoption expands.

A key growth opportunity is identified in the small and medium-sized enterprise (SME) segment, where many businesses remain underinsured or without adequate cyber protections.

Despite rate reductions driven by heightened competition since 2023, insurers continue to allocate substantial capital to meet evolving demand.

Increasing cyber risk awareness, coupled with improved cyber hygiene among insureds, has led to stronger defences and more rapid responses to incidents, benefiting both clients and insurers.

AM Best emphasises the development of more collaborative relationships between insurers and policyholders, with digital tools facilitating ongoing risk management efforts.

Reinsurance capacity continues to grow, enabling primary insurers to offer broader and more comprehensive coverages. AM Best points out that reinsurers remain pivotal in supporting market growth, with a recent shift toward non-proportional covers that provide greater protection against large losses.

Alternative capital markets, including cyber catastrophe bonds, are also playing an increasingly important role. For example, in 2024, over USD 750 million was deployed through cyber catastrophe bond issuances, including Beazley’s USD 210 million PoleStar 2024-3 transaction, one of the largest to date.

Artificial intelligence is transforming underwriting by enabling the analysis of vast datasets and real-time monitoring of insureds’ cyber postures. AM Best highlights that the industry is moving away from traditional manual questionnaires toward continuous, API-driven evaluations, which allow for dynamic premium adjustments and more precise risk selection.

Regulatory frameworks remain a critical factor supporting cyber insurance demand. Data protection laws, especially in sectors like healthcare and financial services, are driving businesses to incorporate cyber insurance into their risk management strategies.

AM Best points to evolving legislation, such as the European Union’s Cybersecurity Act, as likely to further increase awareness and adoption. US regulatory bodies like the Cybersecurity and Infrastructure Security Agency (CISA) also set standards that influence insurers’ coverage requirements and encourage organisations to align with recognised cybersecurity frameworks.

Ransomware, BEC, and FTF continue to be the primary drivers of cyber insurance claims. Despite rising adoption rates, protection gaps persist, especially among SMEs. The number of ransomware incidents increased by 11% worldwide in 2024, with the US remaining the most targeted country.

AM Best notes that the adoption of Zero Trust security models, which require continuous verification of users and devices, is becoming a key strategy to mitigate these threats.

Large-scale cyber disruptions, such as the 2024 global outages impacting CrowdStrike and CDK, underscore the risks of systemic failures. Such incidents can overwhelm insurer capacity, particularly in relation to business interruption claims, and expose gaps in coverage related to cascading effects through supply chains.

Modelling and quantifying systemic cyber risk remains a significant challenge due to the complexity of digital ecosystems and the limited availability of historical loss data.

While AI presents new defensive capabilities, AM Best warns that cybercriminals are also leveraging AI to automate and amplify attacks, often crafting highly personalised and convincing attacks against individuals and businesses. Businesses must therefore enhance employee cybersecurity awareness and deploy AI-powered solutions to address these evolving risks.

The insurance industry itself has become a target for cyber attacks due to the valuable data it holds. AM Best notes multiple recent attacks on insurers, emphasising the critical need for enhanced cybersecurity defences to protect sensitive client information and prevent operational disruption.

Cybersecurity experts, including those from Google’s Threat Intelligence Group, have identified specific threat actors targeting the US insurance sector. AM Best continues to monitor these developments and reports no current adverse impact on insurer credit ratings.

In summary, AM Best’s 2025 outlook for global cyber insurance underscores a stable market environment supported by strong demand, capital availability, technological advancements, and regulatory momentum, while recognising ongoing risks that require vigilance and adaptation.

This website states: The content on this site is sourced from the internet. If there is any infringement, please contact us and we will handle it promptly.