Cybersecurity remains a central concern for insurers and asset managers worldwide, according to a recent Moody’s survey of 102 companies across both sectors.
The findings indicate that organisations are maintaining a multifaceted approach to cyber risk, with increased involvement from boards of directors and senior management.
Oversight of cybersecurity is being reinforced, with most firms assigning responsibility to C-suite executives. Briefings to executive leadership and boards are becoming more frequent.
The survey found that 40% of respondents have now linked chief executive compensation to defined cybersecurity performance objectives, an increase from 24% in 2023. This shift points to a heightened emphasis on accountability and organisational resilience.
Investment in cybersecurity continues to rise. Respondents reported allocating a larger share of their IT budgets to cyber defence, with about half planning to hire additional cybersecurity staff in the coming year. Companies are also investing in advanced defence strategies to address evolving threats.
Recent industry data supports the survey’s findings, showing that the frequency of cyber insurance claim notifications remained steady in the first half of 2025. However, the severity of claims has dropped by more than half, and the number of large loss claims has decreased by about 30%.
These trends are attributed to ongoing investments in cyber security and improved incident response protocols among larger insured companies.
Ransomware remains the leading cause of cyber incidents, accounting for approximately 60% of the value of large claims in the first half of 2025. The nature of ransomware attacks is evolving, with attackers increasingly targeting smaller and mid-sized businesses that may have less robust protections.
The financial impact of cyber incidents continues to rise, with the average global cost of a data breach reaching nearly $5 million in 2024. This increase is influenced by stricter data privacy regulations and the growing complexity of cyber threats.
Third-party risk management remains a priority, particularly as cyberattacks targeting supply chains become more sophisticated. Most respondents have implemented formal vendor risk programmes, assessed the cyber risk posed by third-party software providers, and maintained service level agreements with critical vendors.
However, the survey notes that adoption of these practices is slower in EMEA compared to other regions.
The survey highlights disciplined adoption of AI governance, with over 80% of insurers and asset managers establishing formal policies. This proactive stance aligns with regulatory expectations and data protection standards, especially among larger firms and those based in the Americas.
Cyber insurance coverage shows significant regional variation. Ninety per cent (90%) of respondents in the Americas have standalone cyber insurance, compared to 63% in EMEA and 38% in the APAC region.
About 21% of respondents plan to increase their cyber coverage limits in 2025, while the majority expect to keep limits unchanged. Although cyber insurance prices are falling, 24% of respondents anticipate price increases at renewal, 53% expect prices to remain stable, and 22% foresee a decline.
What are your thoughts on this story? Please feel free to share your comments below.
