Global Cyber Insurance Market Reaches $16.6 Billion in 2024 - Risk & Insurance : Risk & Insurance

web

riskandinsurance.com·riskandinsurance.com/global-cyber-insurance-market-reache...

This article covers the 2024 global cyber insurance market, including ransomware trends, AI-enabled attacks, and systemic risk modeling. It is tangentially relevant to AI safety as it documents the financial and risk landscape around AI-assisted cyber threats and critical infrastructure vulnerabilities.

Metadata

Importance: 22/100news articlenews

Summary

The global cyber insurance market grew to $16.6 billion in 2024, with North America leading at $10.5 billion. Ransomware and double-extortion attacks remain primary loss drivers, while generative AI is emerging as a tool for threat actors. Risk modeling uncertainty remains high, with aggregate loss estimates ranging from $20 to $46 billion at a 1-in-200-year return period.

Key Points

•Global cyber insurance premiums reached $16.6B in 2024, up from $14B in 2023, with North America accounting for ~63% of the total.
•Ransomware 'double-extortion' tactics—encrypting and exfiltrating data—appeared in over 90% of Q3 2024 ransomware incidents.
•Generative AI is increasingly being leveraged by threat actors to weaponize and deliver cyberattacks.
•The July 2024 CrowdStrike outage affected 8M+ Windows machines, highlighting systemic IT dependency risks.
•Cyber risk modeling remains inconsistent, with aggregate loss estimates varying from $20B to $46B at a 1-in-200-year return period.

Cited by 2 pages

Page	Type	Quality
AI Cyber Damage: Bounding the Tail	Analysis	--
Cyber Insurance Market Signals	Analysis	--

Cached Content Preview

HTTP 200Fetched May 4, 20264 KB

Global Cyber Insurance Market Reaches $16.6 Billion in 2024

 
 North America leads with $10.5 billion in cyber premiums as market stabilizes after period of significant rate increases, Guy Carpenter reports. 
 
 By: R&#038;I Editorial Team | April 30, 2025 
 
 Topics: Cyber | News 
 
 
 
 
 
 
 
 
 
 The global cyber insurance market has expanded to an estimated $16.6 billion in premium volume in 2024, up from an estimated $14 billion a year earlier, with North America accounting for nearly two-thirds of the total premium, according to Guy Carpenter.

 After experiencing significant compound rate increases in 2021 and 2022, the cyber insurance market has entered a period of stabilization with modest softening in certain segments, according to the report. Rates flattened or decreased throughout 2023 and continued adjusting in 2024, contributing to the current market size.

 
 
 
 
 The geographical distribution of cyber business is gradually shifting. While North America dominates with a projected $10.5 billion in cyber premiums, Europe ($3.9 billion), Asia-Pacific ($1.7 billion), and Rest of World ($0.5 billion) represent potential growth regions. This trend has prompted cyber specialists and insurtechs to expand their operations into European markets after achieving success in the U.S. Slowing premium growth in the U.S. likely reflects market maturity rather than diminishing appetite or capacity, Guy Carpenter noted.

 Industry demand for cyber insurance remains relatively consistent globally. In North America, the top sectors by share of cyber premium income are information technology (19%), retail (13%), financial services (11%), health care (11%), services (11%), and manufacturing (10%).

 Evolving Threat Landscape and Loss Drivers

 Ransomware and malware attacks continue to dominate as primary loss drivers, followed by cloud events and data theft incidents, according to Guy Carpenter. The years 2023-2024 saw heightened threat actor activity, particularly in ransomware campaigns, with increased frequency though not necessarily matched by severity. This reflects improved security hygiene among insureds, which has forced cybercriminals to adapt their tactics, the report says.

 The evolution toward &#8220;double-extortion&#8221; campaigns—in which threat actors exfiltrate a victim&#8217;s sensitive data in addition to encrypting it—represents a significant shift in the threat landscape, Guy Carpenter noted. Over 90% of ransomware incidents in Q3 202, for example, included elements of data exfiltration and compromise.

 
 
 
 
 Non-malicious events also present significant risks, as demonstrated by the July 2024 CrowdStrike outage—considered one of the largest IT failures in history, the report noted. A flawed software update affected more than 8 million Windows machines worldwide. However, loss impact was mitigated as 90% of systems were restored within 12 hours, generally within policy waiting periods. This event highlighted the market&#82

... (truncated, 4 KB total)

Resource ID: e723d5ae3788c5df | Stable ID: sid_WAgPuceXKg