Cyber insurance market shows early signs of maturity

The cyber insurance market is entering a new phase of evolution and showing early signs of maturity, according to recent research from Arctic Wolf. Brokers and carriers are taking on different but connected roles to help customers get policies. Brokers advise clients and arrange coverage, while carriers work behind the scenes to evaluate and manage risk.

Market growth and regional adoption trends

Currently, only 47% of eligible organizations have a cyber insurance policy, indicating a substantial opportunity for market expansion. This adoption rate varies across regions. North America leads the market but has a lower coverage rate of 45% compared to Europe, where 50% of organizations in the U.K. and Ireland and 54% in the DACH region have cyber insurance.

Brokers are increasing their engagement with cybersecurity providers to better support clients. 71% of brokers report partnerships with cybersecurity firms, and 94% offer proactive support, either through in-house services or by connecting clients to service providers.

Over the past year, ransomware attacks accounted for 18% of claims filed by insured clients. Other common claim types include data breaches, theft of funds, and phishing incidents, including BEC. Insurers report that 66% of clients who have filed claims saw their insurance rates increase afterward.

The cost of cyber insurance claims varies depending on factors like incident type, legal and crisis costs, and organization size. Data shows most claims come from small and medium enterprises, with an average claim amount of $205,000.

Organizations using 24×7 SOC or MDR services have lower claim values, with median claims at $75,000 compared to $3 million for endpoint security users.

Rising premiums and common reasons for policy denials

The overall rise in cyber threats is expected to drive further increases in claims. While only 12% of insured organizations made a claim in the past year, 70% of respondents expect claim numbers to grow. This includes 77% of brokers and 63% of carriers, who cite rising threat activity as the main cause.

Cyber insurance rates are also trending upward. Over the past 12 months, 53% of insurers reported increases in rates. Brokers noted a 57% increase, and carriers reported a 50% increase.

Most rate hikes range between 1% and 25%, with 44% of respondents indicating this level of increase. Looking ahead, 72% of respondents expect premiums to continue rising in the coming year. 9% anticipate increases greater than 25%, driven by higher cyber risk, more claims, and inflation.

Not every organization seeking coverage is approved. Denials are common and usually tied to security gaps or financial issues. The top reason for claim rejection is inadequate or missing security controls, accounting for 26% of denials.

Financial instability and failure to provide required information both make up 21% of denials. Brokers are more likely to point to financial instability as the leading cause for denial at 23%, while carriers emphasize missing or inadequate security protocols at 32%.

Key cybersecurity concerns for 2025

Looking ahead to 2025, cybersecurity concerns focus on emerging technologies and ongoing risks. AI, LLMs, and data privacy top the list for IT leaders and insurers. While AI poses new risks, it also offers tools to strengthen cyber defenses.

Ransomware remains the most immediate and financially damaging threat. 78% of brokers and carriers report that victims paid ransom demands in some or all cases they observed. Only 17% said their clients never paid ransom.

Most cyber insurance policies include some form of ransom payment coverage. 90% of policies offer coverage for ransom payments, but 52% provide only partial coverage.

“Organizations need to understand their risk surface, strengthening detection and response, preparing for high-impact scenarios like ransomware and vendor compromise, and investing in employee training. Cyber insurance should be viewed not just as financial protection, but more as a strategic partner in cyber readiness/preparedness,” said Jacob Ingerslev, SVP Cyber & Tech Underwriting at Tokio Marine HCC.