The ongoing race between IT security on the one hand and attackers seeking to exploit fresh vulnerabilities on the other will continue in 2025. Ransomware attacks will continue to be one of the most impactful cyber attack types for companies and their cyber insurers. We predict that cyber insurers will increasingly turn their attention to the investigation and pursuit of subrogated recovery actions. Recourse will not be against ransomware groups, but rather the policyholder's outsourced service providers in failing to ensure the security of the policyholder. These recoveries can, however, be technically and legally challenging , as the responsibility and contractual limitations of service providers vary on a case by case basis.