GB Cyber Insurance Update – H1 2025

This is a half-year update looking back at the GB cyber insurance market in H1 2025, providing analysis and insights, covering market trends of pricing, capacity, coverage, and notable cyber incidents.

The cyber risk environment in H1 has been incredibly turbulent, with multiple incidents reported in mainstream media; however, this is countered by very favourable buying conditions for cyber insurance, delivering an acute juxtaposition and highlighting that the decision of how much cyber insurance capacity to purchase is undoubtedly a c-suite responsibility.

How to utilise these insights

1. 01

   Understanding market trends

   • Assess: Evaluate your current cyber insurance programmes/decisions against the latest market conditions and risk environment
   • Anticipate changes: Use premium, capacity and incident insights to inform your tactical and longer-term strategic cyber insurance purchasing decisions

2. 02

   Inform strategic decisions

   • Enterprise risk considerations: decisions concerning the treatment and transfer of cyber risk remains a C-Suite enterprise-level risk for boardrooms – our 2025 Global Cyber, Directors and Officers Survey^[1], showed that as a risk for directors and officers, cyber-attacks and data loss are ranked as third and second in the top seven risk concerns for directors and officers
   • Optimise purchase timing: Capitalise on the current buyer's market to purchase coverage or purchase extra capacity
   • Enhance coverage strategically: Consider how new offerings and innovations may benefit your cyber insurance programme needs and wants

3. 03

   Key observations from H1 include

   • Prolific volume of high-profile malicious incidents: UK retailers were materially impacted by malicious cyber-attacks, resulting in a surge in demand for cyber insurance capacity – see our retail cyberattacks article^[2] for more details
   • Buoyant market capacity: Capacity availability remained very high, supporting ultra-competitive market conditions, continuing the trend prevalent since the latter half of 2023
   • Human error: H1 showed that humans remain the greatest strength and weakness in protecting against cyber-attacks – malicious actors continue to find new and innovative ways of exploiting this dynamic, highlighted by the spate of UK retailer attacks
   • Significant pricing reductions: Despite the claim’s trends, at this time clients commonly accessed substantial pricing decreases, with insurer competitive tension being sustained
   • Enhanced buying conditions: H1 witnessed a continuation of exceptionally favourable conditions, precipitating very competitive rates and pricing
   • Tailored policy coverage: Clients continue to utilise market-leading cyber insurance innovation to expertly tailor policy coverage to their specific wishes

Cyber insurance market trends

Claims and notifications

H1 has been dominated by the continually reported nefarious work undertaken by the ransomware-as-a-service group DragonForce^[3] (and affiliates falling under the ‘Scattered Spider’^[4] moniker), who allegedly perpetrated many of the attacks against UK retailers.

The impact of these incidents being so severe that it is already publicly reported to have resulted in hundreds of millions of profits being lost as a result, and the incidents being constantly reported across mainstream media channels.

Worryingly the techniques at play are not new, nor are they overly sophisticated. As with so many frauds they have been deploying phishing techniques, in recent instances to obtain access credentials from IT helpdesks, making two things clear;

• Phishing has been prevalent for well over a decade (Sony Pictures hack and leak in 2014^[5] as an example, Colonial Pipeline in 2021^[6] yet another) yet it cannot be neutralised, only risk mitigation is possible against this ever-evolving threat vector
• No amount of investment in fantastic security tooling and the very best information security teams can stop malicious actors from bypassing the same by manipulating employees and/or partners business rely on to operate

Scattered Spider^[7] criminals and affiliates have been using these techniques for some time, however, the severity and impact only becoming more severe.

In addition to tried and tested techniques such as phishing, threat actors are ever resourceful in finding new techniques to circumnavigate security measures, developing tooling such as those to bypass Endpoint Detection and Response (EDR) systems, which businesses have invested significant sums in to reduce their exposure to malicious cyber events.

It's clear that threat actors are not letting up in finding any new opportunities to monetise their efforts and/or further their or their master’s ideals.

Cyber insurance market capacity

Capacity remains in very plentiful supply, with insurers seeking to make their proposition as appealing as possible, pushing boundaries of their historic comfort zones to try and outpace their peers.

In the wake of the retail cyberattacks, clients have been utilising the plentiful supply of capacity to increase limits both at renewal and mid-term.

Many insurers secured very favourable outcomes when renewing their reinsurance programmes, emboldening their respective plans to grow in a highly competitive market.

Premiums and self-insured retentions

H1 has delivered results for a swathe of clients that were previously unachievable, resulting in brokers needing to caution clients that the sustainability of such terms feels less certain come next renewal.

Many clients are tactically utilising the extremely appealing premiums on offer to either enter the cyber market or to increase the limits they purchase. Such astute decisions are unsurprising, with capacity pricing often (specific pricing is tailored to individual clients and many variables) assuming it will not be subject to claim in the next 50 to 200 years (5,000 to 20,000 per million of capacity).

Given the events in the public domain, such generous terms are resonating with many new buyers, allowing them to purchase large limits immediately.

Policy coverage

During H1 Willis’ cyber team has continued to work with clients and insurers to break new ground in a number of innovative areas, including Artificial Intelligence.

While expanding and tailoring coverage are critical, H1 has showed why our longstanding efforts on key policy efficacy areas, such as the ability for claim payments to be made at break-neck speed due to affirmative policy provisions are just as, if not more important when a client is reliant on the cornerstone of insurance, the ‘promise to pay’.

References

1. Global Cyber, Directors and Officers Survey 2025. Return to article undo
2. Retail cyberattacks: How to better protect your business and boost cyber resilience. Return to article undo
3. DragonForce: Inside the Ransomware-as-a-Service group. Return to article undo
4. Scattered Spider: Three things the news doesn’t tell you. Return to article undo
5. The 2014 Sony hacks, explained. Return to article undo
6. The Attack on Colonial Pipeline: What We’ve Learned & What We’ve Done Over the Past Two Years. Return to article undo
7. Scattered Spider: Three things the news doesn’t tell you. Return to article undo