Gallagher’s latest Cyber Insurance Market Update for September 2025 highlights the evolving nature of cyber risk in Australia as organisations accelerate their adoption of artificial intelligence (AI) and digital technologies.
This shift is exposing new vulnerabilities and prompting a reassessment of risk transfer strategies across the sector.
According to Gallagher, the global cyber insurance market is projected to grow from US$16.66 billion in gross written premiums (GWP) in 2023 to US$120.47 billion by 2032, representing a compound annual growth rate of 24.5%.
This anticipated expansion is expected to strengthen the market’s ability to absorb large-scale incidents without significant disruption to pricing or coverage availability.
Market conditions in Australia remain favourable for buyers, with competitive rates and broad access to coverage. While policy language has remained largely consistent, there have been incremental changes in areas such as biometric privacy and supply chain risk.
Underwriters have become more efficient in their risk assessment processes, and the market has stabilised following previous periods of volatility.
However, premium reductions have slowed, and sectors such as healthcare, transportation, manufacturing, and retail are experiencing less relief due to increased claims activity.
Gallagher’s report identifies ransomware as the leading cyber threat in 2025, with claims rising by 32.5% in 2024 and incidents returning to levels last seen in 2021. High-profile attacks on Australian healthcare providers and service firms have demonstrated the ongoing risk.
For example, a ransomware incident at fertility provider Genea resulted in the exposure of sensitive patient data, while a credential theft attack at iiNet compromised the records of 28,000 customers.
Social engineering remains a common attack vector, with threat actors impersonating IT support staff to obtain access credentials. These incidents highlight the need for organisations to address human vulnerabilities as part of their cyber resilience planning.
Supply chain attacks are also increasing, with threat actors targeting service providers to reach a wider range of victims.
The Qantas breach in July 2025, which compromised nearly six million customer records, illustrates the importance of monitoring risks beyond internal systems.
Cybercriminals are also leveraging AI to automate attacks and create more convincing phishing campaigns. The accessibility of AI-based tools has lowered the barrier for entry, and the use of deepfake technology is introducing new challenges for fraud detection and prevention.
Australian regulators are intensifying their focus on cyber risk management. The Office of the Australian Information Commissioner (OAIC) and the Australian Securities and Investments Commission (ASIC) have increased enforcement activity, and recent amendments to privacy law now allow individuals to seek legal recourse for breaches caused by intentional or reckless conduct.
The Security of Critical Infrastructure Act (SOCI) has been updated to include higher penalties and, in some cases, criminal liability for data breaches involving critical infrastructure.
Since May 2025, mandatory reporting of ransomware payments has been required for SOCI-regulated entities and businesses with annual revenue above $3 million.
Similar regulatory trends are emerging internationally, with enhanced requirements and penalties in the US and European Union.
Gallagher’s analysis suggests that the Australian cyber insurance market will remain stable for most sectors, with ample capacity and competitive pricing.
However, industries with higher claims activity may face increased premiums or more restrictive terms in the coming years.
The complexity of claims is rising, particularly in sectors affected by large-scale breaches and litigation related to tracking technologies.
Policyholders are increasingly customising their coverage to address specific risks, but emerging threats such as deepfakes and AI-driven exploits may require further policy enhancements.
Gallagher emphasises the importance of ongoing collaboration between brokers, insurers, and clients to ensure that risk management strategies keep pace with technological and regulatory changes.
