The cyber insurance market remains soft, with favourable terms, easy access to capacity and competitive pricing, Gallagher says.

Rates are slowly flattening after large reductions in recent years, but competition remains strong and the line continues to “lean in the buyers’ favour”, according to the broker’s latest Cyber Insurance Market Outlook.

Gallagher says now is “the best time” to negotiate unique and broad coverage.  

Most industries will enjoy slight premium relief this year, but healthcare, manufacturing, construction, transportation, retail and education could see less favourable terms.  

“Underwriters right now have a greater risk appetite to cover clients they historically might not have covered,” the reprt says. “Nevertheless, tides are shifting, with a heightened threat environment, the proliferation of AI-enabled attacks and imbalanced claims versus premiums for high-hazard risks.”

The Asia-Pacific region including Australia is expected to have the highest growth in cyber insurance uptake due to its historically low levels, rapid digitisation and new regulations.

Gallagher says the cyber market is projected to grow significantly but “not without challenges”.  

In Australia, buyer-friendly conditions that began three years ago showed signs of easing last year, but the trend for slight premium reductions is likely to continue this year. Terms are highly dependent on security controls, governance and cyber strategies at organisations.

Cyber claims trends followed a similar pattern in 2025 to previous years, with businesses targeted by ransomware attacks. Instead of extorting businesses to decrypt data, cybercriminals now threaten to publish sensitive data if payment is not made.

Last year, only 28%-32% of victims paid ransoms that ranged on average from $US1.2-$US1.8 million ($1.8-$2.7 million). Larger breaches involved attackers impersonating IT help desks and tricking employees into revealing credentials.  

“The exploitation of human vulnerabilities, where threat actors combine psychological manipulation with technical precision, is a trend likely to continue this year,” Gallagher says.

“Australian businesses need to assume that systems and credentials will be compromised and proactively improve staff awareness, business continuity and contingency planning, and transfer the risk via insurance where appropriate.” 

Cyber policy language remains relatively consistent, Gallagher says, although certain insurers still restrict cover for system failure, supply chain interruption and biometric privacy, and apply waiting periods. 

Premiums are closely linked to demonstrating investment in cyber resilience, with board involvement. 

Gallagher expects AI, deepfake and social engineering threats will increase and be used as “weaponised attack vectors” in phishing campaigns. 

See the report here.

From the latest Insurance News magazine: Why nightmarish hallucinations (of the AI kind) are keeping business leaders awake at night