Ransomware attacks are becoming more common and sophisticated, but the response from the insurance industry is changing. As of June 2025, experts are noticing that while the number of cyber incidents is rising, fewer companies are actually paying ransoms. This trend indicates that businesses are improving their cybersecurity practices and resilience.
Insurance providers are evolving too. They are no longer just waiting to pay out claims. Instead, they are taking a more active role in helping businesses strengthen their defenses. This includes smarter underwriting and creating policies that encourage best practices in cybersecurity.
Christa Johnson, the team lead for the cyber product group at Gallagher Bassett, shared insights on the current landscape. She noted that while ransomware remains a significant threat, the frequency of payments has decreased. This shift is largely due to companies enhancing their cyber hygiene.
Data from Verizon’s latest report supports this observation. It revealed that only 36% of organizations paid a ransom in 2024, down from 50% in previous years. Additionally, the median ransom payment has dropped from $150,000 to $115,000, even as incidents have increased in severity.
However, the tactics used by cybercriminals are also advancing. Johnson pointed out that attackers are now using artificial intelligence to make their phishing emails look more legitimate, making it harder for employees to identify scams. These emails are now polished and professional, which adds to the challenge of recognizing potential threats.
Sophie Law, a senior cyber underwriter at Arch Insurance, highlighted the growing concern about systemic risks. Recent high-profile cyber attacks on major retailers demonstrate how coordinated breaches can have widespread effects. This has made it clear that the insurance market must adapt to these new challenges.
As the threat landscape evolves, so too does the approach to cyber insurance. Insurers are adopting new strategies, focusing on localized solutions and collaboration. Law mentioned that the market is currently buoyant, with plenty of opportunities for innovation despite increased competition.
Both Johnson and Law emphasized the importance of adaptability and collaboration among insurers, brokers, and clients. They stressed that while lower prices may be appealing, it’s crucial to prioritize policy quality, claims support, and the stability of insurance carriers.
As more businesses recognize the need for cyber coverage, ongoing education about cybersecurity trends remains vital. Staying informed helps organizations protect themselves against the ever-changing threats in the digital realm.