How Businesses Can Strengthen Their Cyber Defenses for 2025 and Beyond

Insureds have better defenses, but attackers are becoming more sophisticated too.

By: Courtney DuChene | February 27, 2025

Insureds are likely relieved that cyber insurance rates have stabilized since 2021 and 2022 when renewal price increases of 80%, 90%, or 100% were plausible. In the final quarter of 2024, rates only increased 0.2% to 1.6%, according to an S&P Global report.

This market stabilization is the result of insureds proactively adopting risk management tools to reduce their vulnerability to an attack. Ransomware, once a scourge for insureds, accounted for less than 20% of cyber claims in 2022 and 2023, according to a report from Marsh.

“There’s a trend toward larger, more sophisticated businesses being more on the ready with disaster recovery plans, business continuity plans, and incident response plans. They’re more likely to be able to restore their operations from backups,” said Patrick Thielen, global head of cyber at Liberty Mutual.

Companies are upping their defenses, but attackers are increasing their sophistication, too. Double extortion, artificial intelligence and other strategies are helping hackers break into company networks and steal vulnerable data.

“While many companies now have robust training around cyber security, they need to remain vigilant as new AI-enabled scams have become increasingly sophisticated and harder to detect,” said Melissa Carmichael, head of U.S. cyber at Beazley.

“Staying ahead of the constantly evolving privacy and data regulations will present additional challenges for companies in 2025.”

Two Cyber Attacks to Watch for in 2025

According to Thielen, cyber attacks can be split into two broad buckets: those that use automation and other tools to hit a broad number of targets and those that dive deep to penetrate a business’s system and cause extensive damage.

The first type of attack will be familiar to many insureds. For the last few years, ransomware attackers have employed a “spray and pray” approach, where they send out vast numbers of phishing and other kinds of attacks, to multiple different businesses, with the hopes that someone will fall for it and grant them access to a system they can hold hostage until their demands are paid.

“They’re finding human beings in moments of weakness, where maybe they’re in a hurry or they’re easily tricked into doing something,” Thielen said.

These attacks were successful for years because “once a company gets to a certain number of employees, it’s not a matter of if someone clicks on a link phishing, it’s a matter of when,” explained Justin Skvarce, AVP of cyber claims at Arch Insurance. Now, larger businesses have more sophisticated backups and defenses, so the spray and pray approach is largely being used by attackers targeting small- to medium-sized businesses who are more likely to have less sophisticated defenses.

The second kind of attack businesses are likely to see in 2025 are those from attackers who have decided they want to target larger, more sophisticated businesses with their ransomware demands. These hackers are anticipating better security and are developing more specific attacks.

They scour the web and do extensive research, at times even mentioning specific projects an employee might be working on, to make their phishing attempts more personalized. Once they have the data, they don’t rely on freezing the company’s operations — they know they have backups. Instead, they threaten to leak sensitive data and damage the company’s reputation in attacks known as double extortion.

“We’ve seen ransomware operations transform into highly organized enterprises,” said Shelley Ma, incident response lead at Coalition.

“Threat actors are taking their time. They’re not just thinking about who do we want to hit, but how do we want to hit them? What will be the most damaging hit?” added Gwenn Cujdik, North America incident response and cyber services lead, cyber, technology and media liability, AXA XL.

Attackers direct these types of highly researched, targeted attacks toward larger firms. “On the enterprise side, we see a sort of a different dynamic, where actors are spending more time and more energy digging deeper to get broader access within corporate networks. Their goal in doing that is essentially to try to inflict more severe pain on the part of the victim for the sake of having potentially larger economic gains on the other side,” Thielen said.

AI Equals More Sophisticated Attacks, Better Defenses

Artificial intelligence (AI) is one of the buzziest new technologies, so its natural businesses might be wondering how cyber criminals are using it to their advantage.“Threat actors are well funded, motivated and more sophisticated. They are also agile and adopt new technologies to maintain a lead over their target,” said Keith Savino, managing partner at Trucordia.

When people think of AI in cyber attacks, they often imagine dramatic scenarios where attackers are creating audio or video spoofs of a real person. That’s not necessarily realistic to worry about right now.

“Everybody knows about some of the more crazy deep fakes — folks that are on a zoom call, and the people that are on the call are all AI generated,” Cujdik said.

“I think that that’s something that is pretty rare, in part because the technology is expensive right now, and it’s also not sophisticated. Some attempts to use this are kind of laughable.”

What AI is doing is making it easier for attackers to send out many, many phishing emails. Those spray and pray attackers? They can now send out tons of AI generated emails. These emails have perfect grammar and are often more convincing than those written by the attackers themselves.

“AI allows attackers to generate 1,000s of unique and high quality phishing emails in seconds,” Ma said. “These AI generated emails can perfectly mirror someone’s writing style, or they can discuss a real project that’s being worked on.”

Studies have found that 40% of all phishing emails are now generated by AI and the Harvard Business Review found that 60% of people who receive an AI generated phishing email fall for it.

AI does have some benefits. It can help bolster cyber defenses. Companies are using it to detect suspicious emails and filter out those that could be dangerous.

“It’s interesting to see the two sides of artificial intelligence and how it’s being used. On the one hand, organizations are using it as a preventive tool to bolster their cyber defenses,” Rachel Lavender, U.S. and Canada cyber brokerage leader at Marsh, said.

“The flip side of that — and this is the conundrum for organizations — is that the criminals are also using artificial intelligence. Our clients have said they have significant concerns about the attackers using AI to find weaknesses and to write malicious code.”

Strengthening Your Cyber Defenses

As cyber threats abound, businesses need to make sure they are defending their networks against attacks. Using virtual private networks (VPN) and multi-factor authentication (MFA) is critical and many underwriters are requiring them for cyber policies.

VPNs and MFA are great, but most attackers are gaining access through employees, who might be vulnerable to believing a deceptive attacker. Employee training is key to protecting businesses from cyber exposures.

“We’re seeing more and more organizations promoting a culture of awareness and security all the way from the C-suite level,” said Jamie Schibuk, EVP of professional liability, Arch Insurance.

“I think we’ve seen some companies get more creative with their cybersecurity and awareness training where they’re handing out actual pamphlets in a physical form within an organization, creating contests around reporting phishing and things like that.”

Company culture can also make a difference, especially when it comes to getting employees to report potential breaches. Companies that are clear they aren’t punitive and that they prioritize cyber security will have better luck with employee reporting.

“Sometimes people are embarrassed or ashamed that they clicked on something that they shouldn’t have and don’t want to necessarily own up to the fact, but it’s vital that you let the appropriate people within your organization know,” Skvarce said.

A Strong Incident Response Plan

Even with strong defenses in place, insureds can’t protect themselves from every cyber attack. If a hacker gets into their system, they need a tested incident response plan to help regain control of their networks and minimize the damage.

“If you have a ransom demand and your systems are compromised, it’s going to be virtually impossible for you to prepare a response at that point,” said Tim Nunziata, senior vice president, head of cyber risk, management liability and specialty, Nationwide. “Make sure you’re working with your insurance carrier and broker to build out an appropriate incident response plan.”

Insurers play a critical role in ensuring businesses are prepared to respond to cyber attacks. Not only do they provide financial support, they have partnerships with security vendors and experts who can help businesses quickly recover. These tools are especially useful for smaller businesses.

“Small and medium-sized companies might not have their own IT security department, they might not have their own troubleshooter, so they tend to rely more on services that are offered by cyber insurance,” said Martin Kreuzer, senior risk manager, cyber risks, Munich Re.

Most attackers strike when they think business leaders will be less focused. Think: evenings and weekends, when people may have signed off and the network is being monitored less frequently. An incident response plan should account for that.

“We typically see threat actors be more active on networks when they believe that everyone’s kind of stepped away for the holidays, for the weekends and nights,” said Kyle Lutterman, VP, cybersecurity risk engineer, Arch Insurance.

Developing an incident response plan isn’t enough. Businesses also need to update it so it can be relied upon as the threat landscape shifts.

“Once a business has created an incident response plan tailored to that business, it is important to maintain the plan as an integral part of the business’ operations,” said Tony Dolce, head of professional liability, cyber and tech E&O, The Hartford.

Courtney DuChene is a freelance journalist based in Philadelphia. She can be reached at [email protected].

The Green Transformation: How Philadelphia Insurance Bolsters Companies Seeking Alternative Energy Solutions

Wind, solar and geothermal energy solutions are rising in popularity among insureds. Initiatives in this green transformation have environmental underwriting support from the experts at Philadelphia Insurance Companies.

By: Philadelphia Insurance Companies | March 3, 2025

Businesses know the green transformation is well underway, and they are preparing in the best way possible: by working with their environmental insurance partners to get ahead of risk and keep informed.

“Green transformation” is more than a climate shift or weather patterns; it’s a social transference to more environmentally sustainable energy solutions like solar, wind and geothermal sources.

“As companies invest in green transformation, and begin shifting their business models away from exclusive investment, use, or support of traditional energy sources like petroleum and coal, they are starting to look at the alternative energy space,” said Jamie Langes, Vice President of Environmental Underwriting for Philadelphia Insurance Companies (PHLY).

“Insurance can champion this repositioning by supplying financial support needed to companies engaged in green transformation through policies and programs.”

This is a promising growth area for environmental insurers and their clients—one that insurers are increasingly willing to support and help free up capital. Here’s a deeper look at businesses’ interest in green transformation, the potential underwriting challenges of alternative energy solutions and the grounds for a good partnership.

A Bigger Interest in Green Transformation

Jamie Langes, Vice President of Environmental Underwriting, Philadelphia Insurance Companies

There are plenty of reasons why companies are looking at green and alternative energy solutions. Sustainability is a big reason, as is the profit motive.

Insurance companies are looking at this shift with interest, with some carriers even reducing support for traditional energy sources to help bolster investment opportunities in green energy.

“In the insurance sphere as a whole, carriers are actively engaged in identifying strategies to deploy their capacity, and making conscious determinations regarding coverage offerings that as a marketplace, we have committed to allot to green transformation,” Langes said of carrier interest.

Green energy is important for businesses’ future as it provides a renewable source of energy. As interest turns toward utilizing the big three—solar, wind and geothermal—so too does the financial support to sustain these endeavors.

“The more companies dive into green transformation, and the more insurers support those operations fiscally, we’re projecting this could easily set a market pace in the billions in a very short time,” Langes said.

How Insurance Supports Green Transformation

Venturing into green energy should not be done lightly; that’s why it’s important to work with an environmental underwriting team that has its finger on the pulse of green transformation.

Businesses looking into alternative energy require support from the insurance marketplace in order to secure adequate liability transfer, as well as limit rising risks. Insurance plays its role by supplying financial support to these companies engaged in green transformation to be able to function.

“Insurance capacity is growing, and rate is supporting new ventures from a balance of coverage and premium,” Langes said.

Insurance further provides a risk management perspective that helps sustain start-up costs and exposures for liability. Having the backing of an experienced underwriting team can be the difference between sound risk management and coverage and failure to launch.

“Green transformation is being leveraged as one component of our environmental approach,” said Langes, “and with [PHLY’s] expertise and experience, that approach is finding new ways to do business—including collaboration and a long-term vision, which embraces our role as a financial vehicle for progressing and assisting green transformation and technology through insurance.”

Traditional and Alternative: An Important Underwriting Balance

There is one thing that a good underwriting team must also review when aiding clients in their green transformation: Underwriting for traditional energy sources has the benefit of historical data to help guide decision-making.

“The insurance marketplace has ample actuarial data to gauge pricing parameters and risk acceptance vehicles from insuring traditional sources of energy long-term. As a result, insurers understand how to write that risk explicitly to make sure they’re able to not only support the business but also have the profitability to support their insureds should there be a claims situation,” Langes explained.

In contrast, “Green energy and design risks don’t have that much value proposition data yet since these exposures are still relatively new in the insurance marketplace as an insurable risk.”

To fully bring about green alternatives, underwriters must lean into this transitional period with a pulse on both sides of the energy aisle. It will take additional considerations during the process, including a review of rates, coverage options and availability, and detailed terms and conditions to best service green transformation companies.

“The businesses have to coexist. Existing traditional energy sourcing companies that are investing in green solar, wind or geothermal will still have their original exposures; just less over time,” Langes said.

“The underwriting challenge, therefore, is that we must underwrite the two dichotomies, green transformation along with traditional, as companies transition forward.”

Environmental Underwriting Experts at Your Service

Insurance is a partnership forged by the insurer’s deep understanding of the insured’s risk management needs. At PHLY, the team is dedicated to better understanding its client partners’ businesses inside and out.

Companies looking to join the green transformation can rest easy knowing that the environmental underwriting team at PHLY applies this same level of understanding.

“We’re proactive in our approach, more than reactive,” Langes continued. “This means that what’s next, what’s new, what our insureds’ needs are, remains at the forefront of our decision making. Investing in green transformation is a fairly new endeavor for many insurance companies, but we, at PHLY, have the advantage that we’re always willing to be engaged in the evolving conversation.”

“We are integrating green transformation options into our coverage positions, investing in these initiatives as we would for any operation,” Langes said.

As part of Tokio Marine Group, its parent company, PHLY can further leverage the insurance experts within the umbrella to evaluate, at the highest level, the societal changes and community interest in green transformation and what clients are looking for from their financial insurance partners.

Further, PHLY has built an environmental underwriting team with tenured experience in the marketplace. But it’s more than that: “We not only have the experience but also the expertise,” said Langes. “Many of our underwriters come from the consulting field, so they also understand the technical aspects of sustainable energy solutions. We leverage that into collaboration, and towards being a resource for brokers to help them support their clients for insurance. Tokio Marine and PHLY bring all of that expertise to the table on products and service.”

This dedication to green transformation has enabled PHLY to have competitive and tailored coverage. Underwriters are paying close attention to companies transitioning to alternative energy solutions, as well as looking at related fields to constantly and consistently remain in the know.

To learn more, visit: https://www.phly.com/ESdivision/es-environmental.aspx

This article was produced by the R&I Brand Studio, a unit of the advertising department of Risk & Insurance, in collaboration with Philadelphia Insurance Companies. The editorial staff of Risk & Insurance had no role in its preparation.

Philadelphia Insurance Companies (PHLY) offers product-specific resources, alliances, and service capabilities to achieve a multi-faceted approach to risk management, including safety program development, site audits, and training (including interactive web-based training). We offer a wide range of products and value-added services at financial terms to be agreed upon to help you achieve your risk management goals.