State of the Insurance Market Report

2025 Initial Outlook and 2024 Wrap-Up

Cyber

Arrow-in-Circle-100-100-Blue-Left

The cyber landscape continues to evolve rapidly, as new risks and exposures continue to emerge. This includes artificial intelligence (AI)-related risk, pixel tracking litigation, and prominent systemic events such as CDK and Change Healthcare, and Crowdstrike. While capacity remains, ransomware attacks are resurging, raising insurers’ concerns.

Market Conditions

Carriers are maintaining strict underwriting scrutiny. Organizations are generally seeing a decrease in cyber premiums, at the rate of 5% to 10%. However, those organizations with layered cyber security controls are experiencing premiums decreases of up to 20%, sometimes more.

Insurers are keeping a close watch on AI. New AI tools are aiding cyber risk management, but cybercriminals can also leverage AI to do harm. We see some carriers inquire about the use of AI and governance around it. Companies using AI tools to improve cybersecurity may qualify for better rates and terms.

Insurers have yet to experience the full impact of recent systemic cyberattack events with CDK, Change Healthcare, and Crowdstrike, but they are continuously monitoring any claims activity and losses arising from these events. So far, these events have not negatively impacted the rates but have increased underwriting scrutiny with respect to supply chain usage.

Cyber Rate Forecast
Entities with Good Controls: -5% to -10%
Entities with Layered Cyber Controls: -20%

Recommendations

Start the renewal process 150 days prior to expiration and have a constant dialogue with your broker throughout the year. Clients with better controls, policies, and procedures are receiving preferred rates. Failure to implement the proper controls and safety standards set forth by the cyber insurance industry could result in declinations of quotes upon renewal from some carriers or significant rate increases from others. It is in your best interest to remain up-to-date on the most appropriate cyber safety measures for your industry.

Also, implement the following safety protocols to secure your renewal and keep rate increases to a minimum:

Checkmark-2024-SOTM

Multi-factor authentication (MFA) for remote access and privileged accounts.
MFA uses a two or more-authentication verification system to give users access to accounts, applications, virtual private networks (VPN), and more. MFA goes beyond a username and password for additional verification, mitigating cyber threats.

Checkmark-2024-SOTM

Endpoint detection and response (EDR) provides real-time visibility across all endpoint activity by detecting red flags such as malicious behavior.
Additionally, it can analyze endpoint data and respond to threats. We are now seeing EDR tools use AI technology to assist with identifying malicious behavior and we expect this to increase.

Checkmark-2024-SOTM

Security training to help employees recognize common cyber threats, such as phishing scams, social engineering, poor password hygiene, and other risks.
It is preferable that training tools use analytics to help organizations determine which of its employees require re-training with respect to identifying email scams and using weak passwords.

Checkmark-2024-SOTM

Frequent, secured, encrypted, and tested backups for important records and data to be stored offsite, including business contracts and licenses, meetings, patents, trademarks, shareholder stock records, and important documents.

Checkmark-2024-SOTM

Privileged access management (PAM) to mitigate the risk of privileged access.
The core capabilities of PAM include discovery of privileged accounts across multiple systems, infrastructure, and applications; credential management for privileged accounts; credential vaulting; and control of access to privileged accounts.

Checkmark-2024-SOTM

Email filtering and web security to eliminate spam.
This basic, but important, filtering system should be seen as a foundation of cybersecurity, analyzing emails for phishing and other red flags, and dumping them into a separate folder.

Checkmark-2024-SOTM

Patch management and vulnerability management in tandem, to unveil and prioritize risks based on their individual threat level, as well as amending said risks by automatically upgrading software to its most recent version.

Checkmark-2024-SOTM

Incident response and business continuity plans to allow an organization’s IT team to detect any red flags and provide the time necessary to respond and recover from incidents, such as service outages, cyberattacks, or data loss.

Cyber-Recommendations-SOTM-2024
Cyber-Callout-SOTM-2024

Connect with our
Cyber Practice

Three-Person-Business-Meeting-1250

Risk Strategies Cyber Liability insurance specialists have the experience, tailored coverage, and resources to help your business manage today’s rapidly evolving cyber risks and liabilities.

Find out how we can help >>

Our Cyber Liability insurance team has the scope of products and deep expertise you need to meet today’s challenges.

Learn More

Explore the Report

Industries

Insurance experts in our industry specialty practices work with our clients and are in the market placing insurance coverage every day. Review their outlook for your industry.

Business Insurance

The experts that support key business product lines across our organization are in the market placing insurance coverage every day. Take a look at their observations on the insurance landscape.

Explore More

Browse other areas within our State of the Insurance Market Report.

Download the Report

Our industry and product line specialists have collaborated to provide an update on current trends and market conditions. We invite you to explore their insights by downloading our latest State of the Insurance Market Report.

The contents of this report are for general informational purposes only and Risk Strategies Company makes no representation or warranty of any kind, express or implied, regarding the accuracy or completeness of any information contained herein. Any recommendations contained herein are intended to provide insight based on currently available information for consideration and should be vetted against applicable legal and business needs before application to a specific client.