Has ransomware entered a new era? Though attacks have surged in frequency and complexity, cyber insurance professionals are noting fewer payouts and greater resilience and cyber hygiene posture among policyholders.
In this new landscape, they said, carriers are no longer just passive payers but proactive partners driving resilience through smarter underwriting, policy innovation, and incentives for best practices.
“Ransomware is always booming,” said Christa Johnson (pictured below), team lead, cyber product group at Gallagher Bassett. “But now, we’re seeing more incidents, and generally, fewer payments, which I do attribute to all the insurers and companies being better with their cyber hygiene.”
Verizon’s data breach investigations report corroborates this observation. The report noted that only 36% of organizations in 2024 paid ransom, up from half previously, and median payouts fell from $150,000 to $115,000. Similarly, insurer At-Bay saw 19% more ransomware incidents and a 13% increase in their severity, but also reported fewer payouts.
However, cybercriminals are also evolving their tactics in response to increased cyber hygiene. According to Johnson, this shift reflects a broader, more mature threat ecosystem, where the weaponization of artificial intelligence (AI) by cybercriminals is making attacks stealthier and more convincing than ever.
For example, phishing emails, once riddled with spelling errors and easy to spot, are now professionally crafted using generative AI tools. “They’re beautiful, unfortunately,” Johnson said. “And it’s harder for employees to recognize them as scams.”
Sophie Law (pictured below), senior cyber underwriter at Arch Insurance, echoed this concern, noting that ransomware remains a perennial issue, but now with added systemic implications.
Recent high-profile cyber attacks on UK retailers have shown once again that large-scale, coordinated breaches can have ripple effects globally. These systemic attacks are the next battleground for cyber insurance.
“As a marketplace, we have a far greater understanding of the issue of systemic risk,” Law said. “We’ve had an early warning call, thanks to CrowdStrike. I think the market got off relatively lightly. But we're now all aware of the pitfalls.”
While the technology enabling attackers is becoming more powerful, so too is the market’s awareness. Johnson pointed to a more nuanced understanding of what cyber hygiene truly means in 2025.
“It’s not just about having backups,” she said. “You have to know where they are, test them regularly, and make sure the passwords for the backups aren’t stored somewhere the threat actor can access.”
To keep pace with a shifting threat environment, cyber insurers have embraced new underwriting strategies, localized solutions, and an emphasis on creative collaboration.
Law noted that the cyber insurance market is in a “buoyant” phase, despite heightened competition.
“There’s lots of capacity, lots of opportunity, but that means we as underwriters need to come up with creative solutions and differentiate ourselves,” Law said. “Clients are demanding, and they should be.”
Johnson agreed that adaptability and collaboration are essential in today’s cyber insurance ecosystem.
“The cyber landscape is ever-changing,” said Johsnon. “Sometimes it’s hard to get everyone talking – underwriting, claims, brokers – but that collaboration is going to be the most important thing moving forward.”
Amidst a crowded and evolving cyber insurance market, both experts agree on one thing: cheap does not equal better. Brokers must focus not only on premiums but on policy quality, claims support, and carrier stability, especially when emerging technologies and systemic risks could lead to large-scale losses.
“I would want our brokers to know that London is a safe pair of hands for their unusual risks,” said Law. “The cheapest price is not necessarily the best price.”
And while increased awareness is pushing more buyers to seek cyber coverage, the key to staying protected lies in ongoing education.
“It’s important to stay informed and keep up with cyber trends and claims,” Johnson said. “The more we talk, the better off everyone is.”
