The Cyber Insurance Paradox: Rising Risk, Falling Premiums

U.S. cyber insurance renewal premiums have declined year-over-year for the past three quarters and are expected to remain under pressure unless a major cyber event occurs, Fitch reports.

Although the line remained profitable in 2024, overall direct written premiums fell for the second consecutive year, driven by declining rates and a reduction in the number of active policies.  

Carriers are grappling with growing market competition and must maintain underwriting discipline while adapting to a claims environment increasingly shaped by technological shifts, especially artificial intelligence, rather than evolving regulations or legal precedents.

Fitch anticipates continued volatility in the cyber insurance sector as it adapts to changes in coverage limits, policy terms, legal frameworks, and threat landscapes. Demand for cyber insurance remains strong due to widespread executive concern over cyber risk, but coverage uptake is uneven. Larger, more sophisticated companies typically have some level of cyber insurance, while smaller firms are less likely to be covered.

Statutory financial data offers only a partial view of the segment’s profitability, as it omits certain underwriting and adjustment costs and does not reflect the influence of ceded reinsurance, which is common in this market. Meanwhile, cyber insurance-linked securities (ILS) are gaining traction but face substantial modeling challenges, which hinder broader investor adoption.

Catastrophic cyber risk remains difficult to quantify. While carriers and modeling firms continue to refine risk aggregation and loss estimates, these models are still less mature than those used for natural disasters. The reporting framework has also evolved, with premiums now segmented into primary, excess, and endorsement categories. Further analysis is expected in Fitch’s upcoming summer report.

Takeaway: The cyber insurance market is finally running into the same wall defenders have been hitting for years: ransomware risk is hard to quantify, even harder to contain, and nearly impossible to predict.  

Carriers are struggling to apply traditional actuarial models to a threat landscape where a single misconfigured service or unpatched endpoint can lead to catastrophic loss. Unlike fire or flood, ransomware is a dynamic, intelligent threat that is constantly evolving and escalating. The math doesn’t work when your adversary can change tactics overnight.

That is why premiums are falling even as risk is rising. Insurers are walking a tightrope. They are trying to retain customers while narrowing the terms of coverage. The devil is in the details.  

Misconfigurations, failure to follow best practices, delays in breach notification, and buried exclusions can all become reasons to deny claims when organizations need that coverage the most. If your policy is full of loopholes or tied to vague compliance checklists, do not be surprised when the payout doesn’t come.

Cyber insurance is still an important part of a mature risk strategy, but let’s be clear: it is not a substitute for robust security. It does not stop lateral movement. It does not protect your backups. It does not keep your credentials off Telegram.  

If you are not actively reducing exposure, hunting threats, and preparing for worst-case scenarios, then you are just hoping the policy bails you out. Insurers cannot model chaos. And right now, that is exactly what ransomware brings to the table.

Halcyon eliminates the business impact of ransomware. Modern enterprises rely on Halcyon to prevent ransomware attacks, eradicating cybercriminals’ ability to encrypt systems, steal data, and extort companies – talk to a Halcyon expert today to find out more and check out our quarterly RaaS and extortion group reference guide, Power Rankings: Ransomware Malicious Quartile.