The cybersecurity landscape is due to change in 2025, as the growing use of tools powered by generative artificial intelligence, new regulations and enhanced cyber insurance all push companies to improve defenses against data breaches.
But with organizations like
Roughly 50% of risk managers say that information technology and cybersecurity vulnerabilities are their top concerns, according to
When asked what types of threats were most concerning, 32% said data breaches were top of the list, while 21% said ransomware attacks and 13% said phishing attempts.
Andy Lunsford, founder of incident management software provider BreachRx, said the "perfect storm" of increasingly severe "class action lawsuits, SEC scrutiny of executive trading surrounding breaches and personal liability" poses a costly problem for organizations of all sizes.
"This new reality will force companies to fundamentally rethink their approach to cybersecurity," Lunsford said. "Compliance alone won't suffice; robust, cross functional and proactive risk management will become critical to mitigate the threat of lawsuits that could far exceed traditional penalties."
Read more:
Ransomware attacks became commonplace across the financial services industry in 2024, as hacking groups stole sensitive consumer data from companies like
Experts predict that the evolution of generative AI could dethrone ransomware as the top tool for hackers in 2025, as detection methods for altered videos, photos and other media still lag.
"These threats are now fuelled by innovative tools such as AI, meaning the tactics threat actors deploy have become increasingly sophisticated. … This means that organizations will be required to balance the need to protect themselves without [blindly] investing in costly cyber protection," Stuart Favier, client manager at the U.K.-based IT consultancy firm Northdoor Plc, said.
Read more:
Further predictions from Experian's Data Breach Industry Forecast for 2025 show that as AI usage increases, governments and companies could shift away from static identifiers like driver's licenses and Social Security cards in favor of more dynamic personally identifiable information.
"Creating an incident response plan, performing background checks on employees and conducting cyber risk assessments for vendors and customers who keep assets with the financial services company are additional ways a business can be cyber smart," Tim Francis, vice president and enterprise cyber lead for Travelers, said. "The consequences that come with a cyberattack should be enough to convince companies that taking cyber threats seriously is the best approach."
Learn more about the top cybersecurity issues plaguing insurers in 2024 and what trends are likely to improve or worsen in 2025.
Rising frequency of hacks drives cyber reinsurance growth
Experts are predicting that the growing trend of cybersecurity breaches in 2024 will drive similar growth in the reinsurance market in 2025, particularly for policies protecting against cyber incidents.
For this year, the spread of
Speaking at the
"Five years ago, the size of the market was maybe a third of what it is today, so we think it's something like $15 to $16 billion," Flaherty said. "Depending on who you ask, who's come out with their numbers, it could be three times that in the next 10 years."
Read more:
Efficient data mining can help cut breach recovery costs
The
In speaking with Digital Insurance, Christian Geyer, chief executive and founder of data-mining firm Actfore, highlighted how shortening breach response times can lower the costs of "regulatory fines, legal fees [and] forensic investigations" posed to carriers and companies.
"By ensuring timely breach response, carriers help limit business interruption, ransomware payments and additional costs that can arise from delayed or inadequate responses — thereby driving down their own costs," Geyer said.
Read more:
What tactics can insurers use in the war against deepfakes?
Deepfake technology, or synthetic visual media like videos and images generated by artificial intelligence, is proving to be an insurance quagmire for carriers flooded with fraudulent claims and other challenges. The question is how insurers can sharpen their detective skills to sniff out the truth.
Abhishek Peter, manager of digital marketing for FECUND Software Services, said in an opinion article for Digital Insurance that a balance of AI tools trained to detect manipulated materials and skilled human intervention can be the core of a strong defense.
"The fight against deepfakes is not just about minimizing losses — it's about safeguarding the integrity of the entire insurance ecosystem," Peter said. "The insurance industry must strike a delicate balance between automation and human oversight to stay ahead in this new battleground."
Read more:
A small business approach to a large problem — cybersecurity
Data from Verizon Business' 2024 Data Breach Investigations Report found that systems breaches and social-engineering attacks topped the list of security threats to insurance and financial service organizations. With small businesses accounting for 23% of breaches, how can leaders defend themselves at the appropriate scale?
Alla Reznik, senior director at Verizon Business, said working with small business clients on training employees and recommending tools for monitoring cybersecurity levels is the first step in building up defenses against breaches.
"If they don't have a CISO [chief information security officer] and they don't know how to deploy something, we will set up a solution on their mobile devices or router," Reznik said. "We hope small businesses realize cyber security doesn't have to be scary. … They can do it with simple steps, and get to the levels they really should have."
Read more:
Social engineering hacks pose growing problem for insurers
Even tactics like multi-factor authentication, which are still a recommended security measure and one of the strongest, aren't infallible and can be bypassed by hackers through SIM swapping, according to Matt Cullina, head of TransUnion's global cyber insurance business, who discussed the topic in an opinion article for Digital Insurance.
"Social engineering has evolved into one of the most significant threats for policyholders and cyber insurers alike," Cullina said. "As the fallout from social engineering scams drive up insurance claims, understanding the growth and evolution of the technique is important to reshaping policies and coverage."
Read more:
