The Top Cyber Insurance Companies in the USA | 5-Star Cyber – Go Health Pro

Industry expert Michael Lieberman, co-founder and CTO of software firm Kusari, shares his thoughts on what a leading policy looks like in 2025.

“It is something that is future proof at some level, that is evolving with the times as different types of cyberattacks become more sophisticated. What’s also very important is being crystal clear about what is covered and what is not,” he says.

Fellow cyber insider Kelly O’Brien, senior cybersecurity practitioner at Compass IT Compliance, also defines what is market leading.

“It should be broad, adaptive coverage including specific considerations for AI usage both internally and across third-party vendors,” she says. “It also goes beyond basic coverage by including proactive services like threat intelligence, security posture assessments, third-party risk tools, and workforce awareness training.”

Other key differentiators include:

Ransomware has become an even bigger threat for cyber insurers in 2025 as they react to an uptick in attacks. Part of the increase is down to the rise of ransomware-as-a-service (RaaS) and AI-powered variants.

The most common is by a VPN compromise as threat actors scan Secure Sockets Layers (SSL), commonly a web page log-in. From there, they use brute force and try thousands of password combinations a minute until they gain entry.

“Upwards of 40 percent to 50 percent of ransomware attacks right now take place that way and it’s quite a simple technique. You don’t really need a lot of sophistication,” says Jacob Ingerslev, head of cyber and tech underwriting at 5-Star 2025 insurer Tokio Marine HCC – Cyber & Professional Lines Group.

The other way ransomware is used by threat actors is to target a big vendor, knowing they can have a large impact if they can exfiltrate data.

“If the vendor doesn’t pay up, then they can start extorting the individual customers,” adds Ingerslev.

Deloitte’s annual Cyberthreat Trends Report observed a 17 percent increase in ransomware attack claims in 2024, peaking in the fourth quarter with 57 percent more claims compared to the fourth quarter of 2023.

This jump is partly explained by the emergence of new ransomware groups such as:

• ALPHV
  
   

• El Dorado/BlackLock
  
   

• Lynx
  
   

• Fog
  
   

• APT73/BASHE

Some are judged to be nation state-sponsored cyber espionage, while others are financially motivated, which is another area where the best insurers have a role to play.

For example, reports suggest that CDK Global paid a $25-million ransom after a cyberattack in 2024 and edtech provider PowerSchool confirmed it also paid out.

Tokio Marine HCC – Cyber & Professional Lines Group’s data shows a drop in ransomware attacks in 2022, but that has rebounded and then some.

“We saw a big increase year over year in Q1 of 2025. We look at these so-called leak sites, or the ‘wall of shame,’ which is, if you pay the ransom, you don’t end up on the ‘wall of shame.’ If you look at that in Q1 in 2025, there was an 86 percent increase year over year,” Ingerslev says. 

“We can help with the negotiation if a ransom payment must take place. Typically, when all backups have been destroyed, that’s when you start considering [whether] it is better to pay the ransom, versus spending an exorbitant amount of money to rebuild the data from scratch.”

Particular industries that fellow IBA’s 5-Star Cyber winner Arch Insurance has detected activity in are healthcare and manufacturing.

“In healthcare, there’s technology dependency on operations, as well as a lot of sensitive data and information,” says Jamie Schibuk, executive vice president, professional liability and cyber. “We continue to see attacks on the operational technology that manufacturing companies rely upon, which often tends to be more legacy-type technology, which can create issues if those networks are compromised.”

Lieberman sheds light on how some threat actors take advantage of AI hallucinations or how they seed the internet with bad data to convince new AI models to give misleading answers. 

He says, “You could ask ChatGPT something, and it gives you an answer which seems reasonable to say, ‘Install this software’. It turns out that software was written by malicious actors, but you download it thinking, ‘I should get this software tool.’”

However, the main danger from AI is refining and improving existing threats, as insurers are mainly seeing it deployed in social engineering attacks, as the tech enables threat actors to perfect emails. Often, criminals use AI to mimic the tone and style of emails between two parties using a large language model (LLM), which highly increases the chance of their email being taken at face value.

“It’s very easy to spin up a natural-sounding email, particularly if they have already breached the customer’s inbox,” says Michael Drummond, chief underwriting officer cyber/tech at At-Bay. “Each new LLM model that comes out, you see an uptick in financial fraud because it’s making it easier to pull those things off, as it’s a lot harder to differentiate between what’s a legitimate email and a fraudulent one.”

At-Bay, another of IBA’s 5-Star insurers of 2025, combats this by combing through all the claims that have resulted from these types of emails and using their system to pinpoint indicators that suggest fraudulent activity.

“We know that 80 percent of our financial fraud claims arise from email attacks, so earlier this year, we launched a new email security solution that’s available to every insured in our portfolio,” says Drummond.

 

Due to At-Bay’s scale of having 40,000 business clients, from startups to those with $5 billion in revenue, the tool is powered by real-life claims data that mirrors the threats companies are facing. The firm believes so deeply in its solution that it’s willing to double or even quadruple the typical amount of coverage if clients adopt it.

“We have access to information that traditional security providers and companies don’t, as we can actually see what really drives these types of claims and what causes them,” adds Drummond. “We have designed our security solution specifically to identify those characteristics.”

Arch Insurance is even detecting the use of deepfakes to facilitate bank transfers.

“The technology is advanced enough to fool people into thinking that they’re talking to the CFO of their company, when they’re really not,” says Schibuk.

His other concern with AI is that threat actors can leverage it to increase the scale of their attacks. Remaining vigilant across this landscape is a daily concern for Arch. The firm has a 30-person underwriting team, but in addition also has a team of four cybersecurity risk engineers.

“They all have a background working within security operation centers of companies, so they’re approaching it more from the client side. That’s really helpful in both the risk evaluation as well as helping us to vet a lot of third-party tools and risk management services, because they have actual implementation experience in using a lot of those tools,” says Schibuk.

And he adds that high-quality professionals are still the difference makers.

“There’s a lot of technology and process that we can leverage and implement, but at the end of the day, so much of it comes down to our approach to the business and the people that work on it every day.”

Tokio Marine HCC – Cyber & Professional Lines Group’s threat awareness and remaining in step with all the latest developments relies on its Cyber Threat Intelligence team, which has the tools to monitor clients’ networks on an ongoing basis. 

The team has delivered for clients who have fallen victim to wire fraud transfer, as over the last year, it has recovered over $30 million by working with law enforcement and acting fast. It is also plugged into forums where tool kits are for sale that grant access to systems.

This learning mindset is a competitive advantage to the firm, as it continually explores and discovers what threat actors are planning and then informs their insureds. One such way is via honeypots – fake machines on the internet that look like an actual company with an actual server but are just there to pick up activity and learn what threat actors are doing.

Ingerslev says, “That’s one way to learn, and the other way is to collaborate with people who operate in the dark web forums. One company we work with intercepts attacks by purchasing access to customers from threat actors.”

There is also great benefit from Tokio Marine HCC – Cyber & Professional Lines Group’s in-house Incident Response Management team that gathers forensic reports from all the claims. 

“We can determine what are the most common causes of loss, and what are the most common ways threat actors get into a network, and also address these. That feedback loop is so important,” says Ingerslev.

Highlighting just how powerful this is, Tokio Marine HCC – Cyber & Professional Lines Group often discovers software vulnerabilities before even the vendors of the technology do.

Ingerslev adds, “In some cases, we’re faster and it’s because we have the claims. That’s why we see it quickly and we have a very strong incentive to help the clients, because it helps us, too.”

Arch prioritizes awareness and ensures it puts brokers in the best possible positions with its clients.

Schibuk appreciates that brokers’ role has become harder in cyber due to the risk factors and advancing technology.

“With all the value-added services, they’re helping to facilitate that conversation, so they’re a really key part of the process and enable us to roll out a lot of the risk management services.”

The industry has become more technical over the past five years and Arch’s Integrated Risk engineering team has become more sophisticated around the questions it asks and the tools it utilizes to evaluate.

“We’re definitely a very entrepreneurial type of company. We take pride in being creative on how we approach risk,” says Schibuk. “We have a more flexible approach than a lot of others in the marketplace, along with the ability to customize coverage for individual insureds.”

 

This mentality extends to At-Bay, where the team is focused on enabling brokers to understand the security posture of clients. The team ensures that brokers understand its products and what puts companies at risk from cyber threats.

The At-Bay team views itself as a resource for brokers to lean on.

“We’re happy to engage at whatever level they want, from very deep technical conversations to just making sure who are the right people to call or hand the customer off to if they’re not as comfortable, getting into the weeds on some of the cybersecurity stuff,” says Drummond.

Giving brokers license to customize products is another service that At-Bay brings to the table. Its software engineers and developers built the company’s entire underwriting platform, claims system, and security platform. This affords them the ability to have a tight feedback loop across all business operations. 

Its InsurSec solution, At-Bay Stance, is a unified security platform that helps insureds proactively identify and mitigate cyber risks associated with 86 percent of customer claims. Access is included with every Cyber and Tech E&O policy and offers an estimated value of up to $72,000 per year in security solutions.

Earlier this year, At-Bay also launched two new InsurSec solutions designed to combat the most common type of cyber claim: financial fraud. These tools help prevent fraud before it happens and can unlock enhanced coverage terms for eligible insureds, including financial fraud sublimits of up to $1 million.

At the core is the firm’s ethos of responsiveness and critical thinking.

Drummond says, “Whether that’s a more complex or less complex account, our folks are there to have those conversations and they aren’t afraid to think outside of the box and tailor something.”

Flexibility, responding quickly and running educational webinars are ways Tokio Marine HCC – Cyber & Professional Lines Group supports its brokers. The firm is also content to be transparent about what it does and what it can offer.

“Even if a competitor knows our techniques and approach to client monitoring, alerting and the incident response, it would still take them a long time to build something similar. So, we’re comfortable,” says Ingerslev.

Tokio Marine HCC – Cyber & Professional Lines Group’s primary target market is the small to mid-sized segments that can use the insurer’s preventative services, compared to a Fortune 1000 company that is likely to have in-house cyber teams.

This year’s recognition is the fifth successive annual cyber award for Tokio Marine HCC – Cyber & Professional Lines Group, which supports its view that its infrastructure and systems in place are formidable.

“It’s a stamp of quality and also a sign of consistency,” adds Ingerslev. “We are a big global insurer with very solid financial stability behind us, and that allows us to continue to stay relevant and have a reasonable market share, but also not fall into some traps in parts of the market cycle.”

Both industry experts – Lieberman and O’Brien – who spoke to IBA for this report agree that cyber insurance has not yet reached the maturity where it exists alongside more established areas such as flood or fire.

O’Brien says, “They are backed by decades of actuarial data, but cyber insurance is still evolving due to the rapid pace of technological change and the volatility of cyber threats. Many incidents go unreported, and the risk landscape continues to shift, making it harder to standardize and stabilize the market to the same degree.”

Lieberman also points to the rapidly evolving nature of the market, which makes it difficult to define coverage and leads to confusion.

“If a new type of attack is discovered, is that covered automatically? The challenge for a lot of insurance companies is that the state of things is changing so fast,” he says.

And he also cites that the cuts to government agencies focused on compliance and regulations in the cyber security space is leading to concerns. For example, National Institute of Standards and Technologies (NIST) lost hundreds of cybersecurity staff due to downsizing. Part of its role is to run the National Vulnerability Database, which some fear may disappear in the future.

Liberman adds, “If it does go away, what is going to be there is unclear. That’s a huge problem for insurance companies, because they’re viewing this as if you have vulnerabilities that exist in the database, and you need to fix them. But if that goes away, what are they going to use as a gauge to say you have this vulnerability?”

• AIG
• AXA XL
• Beazley
• CFC
• Chubb
• Cowbell