Cyber Risks & Liabilities in 2025

 Cyber Insurance Market Trends to Watch in 2025 

With the fast-changing nature of digital threats, cyber insurance can be an especially volatile and dynamic segment, and frequent market changes can make pricing predictions difficult to pin down. The CrowdStrike and Change Healthcare incidents highlighted the greater impact of just one cyberattack across multiple organizations and business sectors. Given the potential impact of systemic events like these, it’s possible insurers will implement stricter underwriting guidelines in 2025 and may be less aggressive when it comes to lowering rates. While current price predictions indicate lower rates, mileage may vary by policyholder. Here are some key market trends to watch this year:

• Ransomware threats—Ransomware attacks have skyrocketed over the past decade, and blockchain analysis firm Chainalysis reported that 2024 could be the largest grossing year yet for ransomware payments. In 2025, it’s expected that health care providers, schools, government agencies and other infrastructure-related organizations will be increasingly targeted in ransomware attacks.
  
  

• Artificial intelligence (AI) exposures—Cybercriminals can utilize AI technology to create and distribute malware, crack passwords, deploy social engineering scams, identify software vulnerabilities and analyze stolen data. This technology can enable such activities to be carried out faster and with greater success rates, which allows cybercriminals to cause major damage and even evade detection. Businesses should be particularly mindful of emerging AI-driven threats this year.
  
  

• Supply chain vulnerabilities—These vulnerabilities can stem from a variety of parties and practices within an organization, including third-party services or vendors with access to information systems, poor information security practices by suppliers, compromised organizational software or hardware, software security failures in supply chain management or among third-party vendors, and inadequate third-party data storage measures. Supply chain attacks are an increasing challenge for insureds, and technological research and consulting firm Gartner predicts that 45% of organizations will experience attacks on their software supply chain by 2025.
  
  

• Data collection concerns—A growing number of businesses have begun leveraging biometrics, pixels and other tracking technology to gather personal information from stakeholders for various HR, advertising and marketing processes; however, doing so poses several data privacy concerns. For instance, businesses that don’t comply with applicable international, federal and state legislation when collecting, processing and storing stakeholders’ data could face substantial regulatory penalties, costly lawsuits and associated cyber losses. As 2025 begins, businesses should be aware of heightened regulatory scrutiny and evolving privacy laws around data collection, especially as more states and countries strengthen their data privacy frameworks.

This article is not intended to be exhaustive nor should any discussion or opinions be construed as legal advice. Readers should contact legal counsel for legal advice.