The cyber threat landscape has grown more volatile and complex in 2025, yet, for now, cyber insurance buyers in Europe are enjoying one rare advantage: falling premiums. Experts from Marsh Europe shared this paradox during a recent cyber market update, offering insights on emerging threats, shifting claims patterns, and evolving regulations.
Source: Marsh Europe Cyber Market Update H2 2025 – Page 9
"Cyberattacks are inevitable in today’s digitised world," said Gamze Konyar, who leads Marsh Europe’s cyber practice. In her opening remarks, she highlighted a string of high-profile attacks in the UK that led to significant business interruption (BI) losses, including a major manufacturing breach and targeted incidents in retail and aviation.
The common thread: increasingly sophisticated social engineering. Threat actor groups such as Scattered Spider and UN 6040 are exploiting remote access vulnerabilities and unpatched VPNs, often using manual ransomware deployment after detailed network reconnaissance. Konyar noted a disturbing new tactic: attackers leaking data to journalists to intensify reputational pressure.
Artificial intelligence is further amplifying risks. "AI is being used both by defenders and attackers," Konyar said. While defenders benefit from enhanced threat detection and autonomous remediation, attackers are leveraging AI for highly automated, low-touch cyber espionage. In one recent case, human hackers made just 10–20% of the decisions during an AI-led attack.
Source: Marsh Europe Cyber Market Update H2 2025 – Page 6
Despite these threats, the cyber insurance market has become more buyer-friendly. "Premiums are down by 12% on average across Europe," said Makarena Bandres, cyber placement leader at Marsh Europe. Most clients are seeing discounts, and deductible levels have fallen 11% since late 2022, with limits rising steadily.
Seventy three per cent (73%) of Marsh clients in Europe received premium discounts in Q3 2025, and 61% saw reductions in primary layers. Rate reductions are steepest in Europe and the UK (-12% and -11%, respectively), with Canada and the US seeing smaller changes (-3%).
"The market remains soft," Bandres said, citing increased competition and new insurers entering the field. The mid-market segment has become especially competitive, with more carriers offering higher limits, new coverage solutions, and even multiyear agreements with rate locks or discounts.
Globally, while rate cuts are continuing, insurers are also managing capacity consolidation due to M&A activity, and watching for major systemic risks, especially ransomware.
Florian Sättler, Marsh’s cyber incident management leader, highlighted key claims trends shaping the market. While 2024 saw a 61% increase in cyber claims notifications, 2025 is on track for a slight decline. However, Sättler warned that the underlying risk is still climbing.
"Non-malicious incidents now make up 20% of all claims in Europe," he said. These include software errors or outages that disrupt operations without any threat actor involvement. Digital supply chain attacks have also become a leading cause of cyber claims notifications.
Ransomware still accounts for 20% of claims, but its character is changing. "We see fewer mass events and more targeted, high-impact attacks," Sättler explained. SMEs (those with revenue under €250 million) remain disproportionately affected due to lower cybersecurity maturity. Only 40% test their incident response plans, and just 54% have endpoint detection and response tools deployed.
To support clients, Marsh has rolled out Marsh Central, a secure, out-of-band incident management platform. Accessible even when internal systems are compromised, it offers:
Europe’s regulatory landscape is shifting again with the introduction of the Omnibus Digital Initiative, which proposes significant amendments to the EU's digital rulebook, including the GDPR, AI Act, and NIS2 directive. Manuel Coelho Dias, who leads Marsh's Cyber Resilience and Regulatory Compliance Practice, said these changes aim to reduce bureaucracy while introducing new obligations.
Among the key changes:
Kouarev-Diaz emphasised that these proposals are still subject to parliamentary review. "Managing regulatory risk is about anticipating change," he said. While the proposed reforms may simplify reporting in the long run, they also add near-term complexity and require proactive planning.
Despite the positive pricing trends, the panel agreed that no organisation is immune to cyber risk. The emphasis, they said, should be on resilience.
"Understand your exposure, align your insurance coverage with your key risk scenarios, and test your incident response plan," Konyar advised. With capacity high and pricing favourable, now is the time to review or purchase cyber insurance.
As Kouarev-Diaz concluded: "Insurance remains a critical control as uncertainty grows. It’s not about perfection, but preparation."
