Small and mid-sized businesses are facing sharply higher cyber insurance premiums as ransomware attacks continue to plague the commercial sector. The average cost of a cyber liability policy for businesses with under 500 employees has risen 18% in the past year, with some industries including healthcare and financial services seeing increases of 25% or more.
Underwriters are tightening their requirements before issuing coverage, now demanding that applicants demonstrate multi-factor authentication, endpoint detection and response tools, and regular employee security training. Businesses that cannot meet these baseline standards are finding it increasingly difficult to obtain coverage at any price, creating a dangerous gap in protection for the most vulnerable organizations.
The Cybersecurity and Infrastructure Security Agency reports that ransomware incidents targeting small businesses rose 34% in 2025, with the average ransom payment exceeding $180,000. Industry leaders are calling for a public-private partnership to create a cyber insurance pool that could help stabilize the market and ensure broad access to coverage for American businesses of all sizes.
