What Brokers Need to Know About Cyber Underwriting in 2025

Cyber insurance is no longer a niche product. It’s a boardroom priority. But for brokers, the market in 2025 is a very different landscape than it was just a few years ago.

Underwriters have become more selective. Premiums have stabilised — but only for those with demonstrable cyber maturity. And clients are asking tougher questions about what they’re actually covered for.

The message is clear: if you’re broking cyber, you need to understand how risk is being assessed — and what it takes to close a policy that actually protects your client.

What’s Changed in Cyber Underwriting?

🔍 More data, less guesswork – Underwriters now expect visibility on vulnerabilities, controls, and supplier risks — not just self-assessment forms.
📄 Policy exclusions are tightening – Especially around ransomware, nation-state attacks, and systemic supply chain breaches.
📉 Claims history matters more than ever – A previous breach, poor response, or late notification can affect not just premiums — but eligibility.
🧾 Expectations of brokers are rising – Clients want guidance on how to improve insurability, not just fill in forms.

What Underwriters Are Now Looking For

Regular vulnerability scans – Not just annual pen tests, but ongoing visibility into exposure
Third-party risk management – How are suppliers monitored, and are they part of the insured’s cyber framework?
Data hygiene – What data is collected, where it’s stored, and how it’s protected
Incident response readiness – Documented plans, tested processes, and clearly assigned roles
Sector-specific controls – Tailored to the risk environment of the business (e.g. finance vs education vs retail)

If your client can’t provide these, underwriters may walk — or quote conservatively.

What Brokers Can Do Differently in 2025

💡 Add value beyond broking – Help clients benchmark their posture and prioritise improvements
📊 Use data to defend premiums – Show where a client’s risk has improved year on year
🧭 Help navigate exclusions – Especially around ransomware, cloud dependency, and human error
🔍 Push for clarity in language – Avoid vague terms around “acts of war” or “internal failure”
📣 Manage expectations early – Clients with weak cyber maturity may need months to become insurable

How Cyber Tzar Supports Brokers and Their Clients

At Cyber Tzar, we make it easier for brokers to guide clients toward stronger cyber positions — and better policies.

✅ Run real-time vulnerability scans across infrastructure
✅ Provide sector benchmarking and insurer-facing risk summaries
✅ Help clients understand what underwriters care about most
✅ Support renewals with tracked improvements and reduced exposure

We bridge the gap between technical security and insurability — giving brokers the clarity to advise confidently and close deals with less friction.

📄 Want to see how your clients stack up from an underwriter’s perspective?
Get started at cybertzar.com

View more resources

Blogs & News

Cyber Insurance in 2025: How Risk Ratings Are Changing Underwriting
Cyber insurance used to be based on sector, turnover, and a brief questionnaire. In 2025, that’s changed. With the rise [...]

Continue reading
Blogs & News

How AI & Automation Are Transforming Enterprise Supply Chain Risk Management
Managing cyber risk across an enterprise supply chain used to be a manual grind — spreadsheets, questionnaires, audits, and long [...]

Continue reading
Blogs & News

Preparing for Cyber Litigation: Risk Frameworks & Legal Readiness
Cybersecurity is no longer just an IT or compliance issue — it’s now a serious legal exposure. In 2025, companies [...]

Continue reading

View all resources