Cyber-Insurance Growth Brings Rising Underwriting Risks

US cyber-insurance premiums rebounded in 2025, increasing nearly 11 percent after 2 years of decline, as policy volume growth offset softer pricing, Fitch Ratings said. The expansion reflects heightened awareness of cyber risk among businesses, though it introduces new underwriting challenges for property-casualty insurers.

The increase was driven largely by a roughly 34 percent rise in policies in force, signaling stronger demand as organizations recognize the operational and financial risks tied to cyber incidents. Businesses are increasingly seeking coverage to address potential disruptions, legal liabilities, and revenue impacts. Adoption remains uneven, however, with larger firms more likely to carry substantial protection, while smaller companies lag due to budget limitations.

Despite the rebound, underwriting conditions show signs of strain. Incurred direct losses rose by 5 percentage points in 2025, indicating that declining rates and broader participation could pressure margins over time. Fitch identified the risk of "naive capacity," where new entrants expand aggressively without sufficient claims experience or technical expertise, as a growing credit concern.

Insurers with advanced underwriting capabilities are better positioned to manage these risks. Firms that integrate cyber-security assessments into underwriting, refine contract language, and strengthen aggregation management are more equipped to navigate the evolving landscape. Policy clarity remains critical, particularly in areas such as war exclusions, silent cyber exposure, business interruption triggers, and losses tied to third-party vendors or infrastructure failures.

Emerging technologies are further complicating the risk environment. The partial release of Anthropic's Mythos model has heightened concerns within financial and cyber-security sectors. Artificial intelligence (AI) is reshaping cyber risk by accelerating vulnerability discovery and lowering barriers for attackers. This shift is expected to increase attack frequency and expand third-party risk exposure. While AI also enhances threat detection and response capabilities, Fitch said vulnerabilities are likely to outpace remediation efforts in the near-to-medium term.

Even with recent growth, cyber insurance remains a relatively small segment, accounting for about 1 percent of total direct written premiums. The cyber insurance-linked securities (ILS) market is also limited, representing roughly 1.4 percent of the $63 billion 144A ILS market, reflecting ongoing challenges in modeling cyber risk at a scale acceptable to capital markets investors.