Cracking the Crystal Ball: Cyber Predictions for 2025
👋 Welcome back to the Cyber Savvy Newsletter. Every month, we use this space to explore new and relevant topics in the world of cyber insurance.
What's on the horizon for ransomware, the ever-increasing list of cyber vulnerabilities, and the market?
We were tempted to consult a crystal ball for the answers to these questions, but instead asked our experts in cybersecurity, insurance, and regulatory risk to provide data-driven predictions for what the future of cyber insurance holds in 2025. So let’s dive in …
Due to escalating attacks on critical sectors, like healthcare and telecoms, there will be increased global attention on cyber supply chain risks. Europe will require more businesses to secure digital operations and evaluate vendor-related cybersecurity and associated risks.
In the U.S., we will see increased federal attention to risks associated with insecure edge devices, as well as stricter controls on global access to sensitive technologies and the use of untrustworthy vendors linked to adversarial governments.
Cyber readiness will remain a worldwide priority. Critical organizations must ensure they can perform essential tasks during digital outages by reverting to analog operations. We will also see increased attention to businesses’ ability to recover financially from widespread digital disruptions.
Years ago, ransomware demands were nominal — nothing like the average $1.3 million we saw in the first half of 2024. Threat actors have increasingly upped the ante to make larger profits. In response, businesses have invested time in securing their backups to reduce the likelihood that they need to pay.
To keep profits high, threat actors are increasingly turning to physical threats. Coalition Incident Response (CIR), our affiliate, has recently witnessed increased aggression through targeted and personalized attacks on C-suite leaders and their families. In 2025, they will likely only get more aggressive.
Microsoft has announced it will cease technical support for Exchange 2016 and Exchange 2019 in 2025, which means it will not provide security fixes for vulnerabilities that could make the server vulnerable to attacks. When these products reach end-of-life, many businesses will become targets overnight.
Businesses should begin planning their transitions and assessing their email infrastructure now. Coalition previously found that on-premises Exchange users were nearly three times more likely to experience a claim compared to businesses using Google Workspace.
We’re already contacting policyholders and proactively asking them if they’re aware and prepared. Once Microsoft flips the switch in 2025, threat actors will be ready to pounce — and they’ll target the businesses that were slow to act.
We won’t see widespread use of deepfake videos in 2025. We’ve seen a few examples of this type of attack, but they require far too much computing power to execute in real-time at a high quality for the average cyber criminal. Instead, attackers will continue to increase their use of AI to improve phishing emails and voice cloning.
Defenders have an opportunity to get ahead of these threats before they become a part of attackers’ toolkits. For voice cloning, we recommend using shared key phrases among employees in your business so you know the person you’re talking to is legitimate. For email, it’s a matter of strong precautions. Always independently confirm contact information and never transfer money without that verification.
In a year defined by events at Change Healthcare, CDK Global, and CrowdStrike, it’s no surprise that “aggregate risk” has been a key topic of discussion. Despite the very tangible fallout of all three incidents, none have shaken our industry as significantly as cyber risk models predicted. However, the very real threat of aggregate events will continue and at a greater frequency. In the future, the cyber insurance market will need to respond, but the true impact won’t be felt next year.
Market softening will likely continue in 2025, but it’s slowing. Pricing decreases will likely sit in the single digits — around 5-7%. At some point, a large-scale event will lead to reinsurers and retail insurance companies pushing back on pricing, but there’s likely some time before that plays out.
Some cyber insurance providers relaxed their underwriting rules in the soft market to help bolster revenue. This may yield positive returns in the short term but will have downstream effects on managed service providers (MSPs) and their customers. Relaxed underwriting rules lead to lax security practices, which means more costly incidents and tough conversations between MSPs and their customers.
Cyber insurance providers can help customers get ahead of potential cyber threats by requiring a bare minimum of security protections that must be met, including multi-factor authentication and email controls. Those active efforts to improve security standards can help MSPs and insurance providers work together to incentivize fewer and less costly cyber incidents. In turn, MSPs will need to carry more of the weight and make an active effort to improve their customers’ security practices and enforce higher standards.
Adoption rates remain low for small businesses in many international jurisdictions, despite new and existing regulations. Many companies view cyber insurance as just a method of transferring risk and might opt for an investment in cybersecurity technology instead. But when a product transfers risk and helps businesses maintain their systems and respond to threats in a timely manner, the value is clear.
Yes, cyber insurance is an appropriate tool in response to regulatory guidelines. However, for small businesses, it’s just one piece of the puzzle. What really cuts through the noise (and leads to adoption) is the immediate access to expertise and guidance that Active Insurance solutions offer to reduce cyber risk from the start.
Cyber leaders will converge at Activate
In April 2025, Coalition is hosting our first-ever all-day cyber insurance conference for brokers: Activate, where the future of cyber insurance happens.
Top cybersecurity and insurance professionals will gather in Manhattan, NY, to learn from the best in the industry, engage with the latest cyber innovations, and leave with a wealth of knowledge to stay ahead of the complex digital landscape.
Interested in joining us? Register now for the can’t-miss broker event of 2025.