Cyber premiums fell for the first time ever. That's not good news.

US cyber insurance direct premiums fell 2.3% to $7.08 billion in 2024, the first year-over-year decline since the NAIC began collecting cyber data in 2015. 1 Prices fell 1.6% on average across Q2, Q3, and Q4 2024. 2 Read at face value, that looks like a favorable market. It is not a safe signal for individual policyholders.

Why the price is dropping

The rate compression is a capacity story, not a risk story. From 2020 through 2022, insurers raised premiums hard after ransomware loss ratios spiked. That repricing worked: loss ratios fell, new capital flooded into the line, and by late 2022 the market entered 11 consecutive quarters of negative rate change. 3 The top five carriers still wrote roughly 30% of the market in 2024, but that share has dropped steadily from 48% in 2020 as smaller writers competed on price. 3 More carriers chasing the same buyers means softer rates.

Separately, some large, well-run organizations stopped buying from commercial carriers entirely. They shifted claims exposure into captive subsidiaries, keeping favorable loss experience off the NAIC data set. AM Best flagged this as a possible contributor to the apparent premium decline. 2 The commercial pool is quietly losing its best risks. What remains skews toward buyers who cannot self-fund.

正在加载图表…

US cyber direct written premium, 2020-2024. Sources: NAIC supplemental data via Aon 2024 US Cyber Market Update 3; AM Best 2025 segment report 2; AI-generated illustration

US cyber insurance: 2024 snapshot

Key market metrics, full-year 2024

Direct written premium

$0.00−2.3%YoY

Loss ratio

0+2.0%vs. 2023 avg

Active US cyber writers

Consecutive qtrs of negative pricing

正在加载统计卡片…

What the loss ratio is actually saying

The line is still profitable: the 2024 loss ratio ran at approximately 49%, slightly above the 40%-47% band of 2022-2023. 3 Beazley, the cyber-focused specialty carrier that breaks out cyber separately in its investor disclosures, reported a 48.5% loss ratio through the first half of 2025 while pricing down a further 6.8%. 3

A loss ratio creeping toward 50% while rates continue to fall is the tension the market is not advertising loudly. At current pricing, there is very little margin before the line stops covering its costs. The structural condition for a hard turn is already forming.

What could tip it:

Third-party concentration risk. AM Best identified third-party vendor breaches as the sharpest emerging challenge. Victims frequently cannot or will not file claims against their vendors to protect business relationships. When they do file, courts have not uniformly defined what "cyber event" covers in a vendor cascade. 2
Scattered Spider and sector-wide contagion. In the first half of 2025, the Scattered Spider threat group ran extended campaigns across retail. Marks & Spencer disclosed a £324 million operating profit impact; its insured recovery was expected to exceed £100 million. Co-op, which did not carry cyber coverage, absorbed £120 million in losses with no policy backstop. Jaguar Land Rover, also uninsured, bore its full incident cost directly. 3
Privacy litigation at scale. State attorneys general are running large data-collection enforcement actions. Meta settled with Texas for $1.4 billion over biometric data capture in July 2024. Alphabet settled with Texas for $1.375 billion in May 2025. 3 Cyber policies increasingly need to absorb first-party privacy defense costs; underwriters are still pricing that exposure cautiously given that the frequency and severity trajectory is unclear.
Ransomware payment rates falling, but severity rising. Ransom payment rates have declined as organizations improve controls, but attackers are responding by targeting larger enterprises and running more simultaneous campaigns. 4 The lower payment rate does not mean lower aggregate loss; it means the distribution of outcomes is becoming more bimodal.

What this forecasts

Carriers are not pricing for today's loss frequency. They are pricing for a window where controls are working and rate competition is intense. That window closes faster than the policy renewal cycle moves.

The Marsh data shows that US cyber insurance take-up rates have risen across all industries through 2024 as rates fell, a rational buyer response. 4 But take-up rising into a soft market means more exposure is being placed right before the probable repricing. When underwriters do reload rates, the change will arrive at renewal, not on a schedule that allows for advance planning.

The NAIC's 2025 Cybersecurity Insurance Report confirmed global cyber premiums grew roughly 7% on an overall basis in 2024. 5 The US decline within a growing global market means US underwriters gave back more on rates than the global average. That is not a sign of stable long-run pricing; it is the end of a hard-market dividend being spent down.

Planning implications

The following presents scenarios and stated assumptions. This is not insurance or financial advice; individual circumstances vary, and no outcome is guaranteed. Consult a licensed insurance professional and a fee-only financial advisor before making coverage changes.

Scenario 1: You currently carry cyber coverage at soft-market rates. Assumption: your policy renews in the next 12 months and you have not had a significant claim. The near-term implication is that you have a window to review limits and sublimits before repricing arrives. Verify that your policy covers third-party vendor-triggered events explicitly, since many older policies have ambiguous language on vendor cascades. Check whether the wrongful-collection coverage included for privacy claims is broad enough to cover state-level privacy laws (at least 20 US states now have active data privacy legislation 4). Lock favorable terms now rather than at the next renewal if the policy allows mid-term endorsement.

Scenario 2: You are a small-to-midsize business owner not currently carrying cyber. Assumption: revenue under $100 million, mix of cloud SaaS tools, at least one payment processor or patient/client data set. Only 10%-20% of companies in the $10M-$100M revenue range carry cyber insurance. 3 The Marks & Spencer/Co-op contrast above is a direct comparison: insured and uninsured outcomes from the same threat actor diverged by more than £200 million. The current soft market means you are being quoted the cheapest premiums this line is likely to see for several years. If you assess cyber risk as real and have no self-insurance mechanism, this is the better entry point compared to post-repricing quotes.

Scenario 3: Personal financial plan exposure. Assumption: you have personal devices and accounts carrying financial credentials, health records, or small-business data. Personal cyber policies exist but are a thin market. The more direct planning implication is on the emergency fund side: a material personal cyber incident (identity theft with credit fraud, ransomware on a home-based business) can produce out-of-pocket costs of $2,000-$20,000 before any insurance response, based on FTC and ITRC estimates. If your emergency fund is sized only for income disruption, a cyber incident scenario is a separate planning item. Review whether your homeowner's or renter's policy includes identity theft expense reimbursement; many do, at modest incremental cost.

Not financial or insurance advice. Scenarios assume stated conditions; outcomes depend on individual policy terms, jurisdiction, and circumstances that vary by reader.

Cyber premiums fell for the first time ever. That's not good news.

Why the price is dropping

What the loss ratio is actually saying

What this forecasts

Planning implications

参考来源