Following stagnating growth in 2023, the US cyber insurance market continued to soften in 2024, resulting in a 7% decline in written premium—the first drop on record. Ample capacity kept market conditions highly competitive despite a sharp rise in ransomware activity, including several incidents that affected thousands of customers at impacted organizations.
At the end of 2025, rates remained down from the previous year.
At the same time, ransomware losses were on pace to set a new record high in 2025, and data breach and privacy class-action filings surged dramatically. Early, necessary signs of stabilization in the market are emerging, which demonstrates that as losses continue to develop, corrective action in the market is needed to firm up rates, terms, and conditions.
Despite cyber risk remaining a top concern for organizations, the number of customers purchasing coverage has not meaningfully increased in recent years, holding steady at 4.37 million in 2024. This stagnant buyer base means insurers are competing for the same pool of insureds fueling heightened competition and downward pressure on rates.
With more than 200 insurers now offering cyber products in the US, it is unsurprising that pricing continues to be under pressure. Although there are early indications that rates may be stabilizing, the direction is still uncertain. The rate reported by Marsh has seen some improvement in 2025 after rates bottomed out at -6% in 2024, while the Council of Insurance Agents & Brokers data shows pricing continuing to edge slightly downward this year.
With policy count remaining flat in 2024, the data points to a clear rise in claim frequency at a time when both rates and premiums have been declining. As outlined in Tokio Marine HCC’s 2024 cyber report, the tail on cyber claims has grown longer due to a shift in costs from extortion payments to business income loss and a higher prevalence of litigation and class actions following cyber events. That’s further compounded by the wake of websites tracking litigation and the rise in non-extortion breach claims, adding additional pressure to loss performance. Claims involving litigation now exhibit a tail of roughly three to four years, with extreme cases extending to six to seven years, particularly for large excess portfolios.
Beyond deteriorating loss ratios, market performance is also impacted by rising distribution costs, escalating technology spend associated with the expansion of digital distribution, and investment in cyber threat intelligence tools and resources.
While aggregate loss ratios and claim volumes illustrate the growing pressure on the cyber insurance market, they do not fully explain what is driving today’s loss experience. Understanding these underlying loss drivers is essential to evaluating future risk trends and underwriting outcomes.
Healthcare Sector Concerns
Although the distribution of cyber losses has shifted across industries since the ransomware surge began in 2019, healthcare remains one of the most consistently targeted sectors, by both threat actors and plaintiff law firms. Ransomware frequency in healthcare jumped 90% in 2025, and claim severity nearly doubled between 2022 and 2024. Double extortion, where attackers not only encrypt systems but also steal and threaten to release patient data, has become the norm.
These attacks trigger almost every major coverage component of a cyber policy, including breach response, liability, business interruption, data restoration, and extortion payments. As a result, ransomware events involving healthcare organizations now cost two to three times more than comparable attacks on non-healthcare entities.
Healthcare networks are uniquely complex and deeply interconnected. Legacy systems, vendor-managed medical devices, and constrained cybersecurity resources dramatically expand the attack surface, meaning that healthcare is one of the most difficult sectors to secure. Moreover, when hospital systems go down due to an attack, patient safety is jeopardized, which creates financial and human consequences that are inseparable.
The healthcare sector has long been among the top industries targeted by ransomware groups, but the risks it faces extend well beyond direct attacks. The February 2024 Change Healthcare incident disrupted 94% of US hospitals and affected nearly half of the US population, demonstrating how a single point of failure can have nationwide impact.
Change Healthcare is not the only vendor capable of creating such systemic disruption. Electronic health record (EHR) platforms represent another critical dependency among US hospitals, and the market is dominated by at least two large providers, making an attack on one of them potentially much more consequential than the Change Healthcare event.
Even though healthcare is clearly a highly targeted sector, many still underestimate the complexity of its cyber and privacy exposure. Healthcare risks cannot be priced or managed in the same way as retail, manufacturing, or construction. The sector demands deep specialization, disciplined underwriting, and robust risk management controls.
Call to Action
Healthcare cyber risk requires more than capacity; it demands accountability at all stages of risk management. Sustainable performance in this segment rests on three fundamentals: disciplined pricing, enforceable controls, and coordinated claims management.
- Pricing with Purpose
Healthcare cannot not be diluted by a soft market. It requires underwriting grounded in the sector’s technical and legal realities, informed by measurable cyber hygiene, and priced accordingly. Without disciplined, data-driven pricing, misalignment persists and long-term market stability is compromised.
- Controls that Strengthen Defenses
Healthcare insureds must demonstrate measurable improvements in security posture such as: mandatory multi-factor authentication (MFA), legacy system modernization, stronger vendor oversight, and timely remediation of insurer-identified vulnerabilities. Cyber resilience is inseparable from patient safety and must be treated as an operational requirement, not a discretionary spend.
- Claims Management as a Partnership
Durable underwriting depends on active collaboration between carrier, broker, and insured. Claims engagement should be continuous, transparent, and focused on learning from every event to reduce future loss.
Healthcare cyber management demands accountability across the risk chain. Carriers that price with intent, enforce controls, and partner with policyhodlers through claims will protect their portfolios, strengthen critical infrastructure, and help stabilize the market beyond the next renewal cycle.