Cyber-Insurance Market Analysis Sees Both Opportunities and Challenges

The global cyber-insurance market is on track to reach $16.3 billion in 2025, up from $15.3 billion in 2024, according to a new report from Munich Re. 

The report, Cyber Insurance Risks and Trends 2025, noted that global cyber-insurance premiums in 2024 represented less than 1 percent of the total global premium volume for all property and casualty insurance, underscoring the potential for the insurance industry with cyber insurance going forward. 

"Although cyber-premium growth slowed in the past two years, Munich Re's experts expect the global premium volume to more than double by 2030, growing at an average annual growth rate of more than 10 percent," the report said. 

The Munich Re report said that thus far, the cyber-insurance market has proven itself capable and efficient in protecting insured critical digital assets of all sizes of organizations. The report said the global insurance industry can withstand multiple extreme cyber-exposure scenarios, such as those that might arise from widespread malware attacks or large-scale outages of cloud service providers. 

The report noted that cyber risks are at the top of the mind for C-suite executives at most organizations. Ransomware attacks remain a particular threat, according to the report, and are high in both frequency and scale, remaining the leading cause of cyber-insurance losses. The ongoing trend of cybercrime-as-a-service malware and hacking tools continues to lower barriers to entry into the criminal ransomware business, Munich Re said. 

"A further increase in the frequency, automation, and sophistication of ransomware attacks is to be expected," the report said. "AI, in particular, will drive the scale, speed, and precision." 

Looking at major cyber trends for this year and beyond, the report said that in addition to evolution in types of cyber attacks, other factors influence the cyber-risk landscape. In particular, artificial intelligence (AI) is the top major challenge for cyber security, Munich Re said. Cyber criminals are likely to both weaponize AI to increase the efficiency and effectiveness of their attacks and to look to target organizations' AI applications. 

"From a risk accumulation perspective, Munich Re's cyber actuaries and accumulation experts see a requirement to closely monitor the impact of AI," the report said. "Another crucial aspect to continuously analyze in future is the influence of AI on the claims experience. Since AI-enhanced cyber attacks can especially increase the frequency of claims, this may impact events usually covered by cyber insurance, like business interruption, data breach liability, data restoration, or effects of ransomware attacks."

Other key cyber-security "trendsetters" likely to have an impact in 2025 and in the future include regulation, information technology (IT) skills shortages, technological advances, and geopolitical tensions, the Munich Re report said.