Featured Stories

Behind the Surge: What Cyber Claims Say About the Future of Risk

By Trent Cooksley | July 21, 2025
In the foreground, financial data charts appear with a hacker behind a laptop, highlighting cybercrime in the financial sector
Email This

The U.S. cyber insurance market witnessed a surge in reported claims, reaching a record 33,561 incidents, according to the 2024 NAIC Cyber Insurance Report.

This escalation underscores the growing complexity and frequency of cyber threats for businesses across all sectors. However, a deeper analysis reveals nuanced trends that offer both challenges and opportunities for insurers, brokers, and policyholders.

While ransomware continues to be a significant concern, its dynamics are shifting. Cowbell’s data indicates that ransomware-related incidents remained steady, accounting for 17% to 19% of total claims between 2022 and 2024. Notably, average ransom payments declined by approximately 20.5% during the same period. This reduction suggests improved incident response strategies and more effective negotiation tactics are mitigating the financial impact of such attacks.

Another revelation from the report is that nearly half (48%) of severe ransomware incidents with identified threat actors were linked to just five groups: Akira, Play, LockBit, Fog, and RansomHub. These groups predominantly exploit common vulnerabilities, such as unpatched systems and misconfigured email setups, emphasizing the critical need for basic cybersecurity hygiene.

Industries At-Risk

Industry-specific vulnerabilities in certain sectors are disproportionately affected by cyber incidents due to their dependence on sensitive data and operational continuity:

  • Professional Services: Handling sensitive client data, including personally identifiable information (PII), makes them prime targets for data extortion.
  • Educational Services: Frequent targets due to sensitive student data and the potential to disrupt online learning platforms.
  • Healthcare: Reliance on critical patient care systems increases urgency during incidents, often leading to higher ransom demands.
  • Construction: Complex supply chains and mobile workforces widen potential attack vectors.
  • Manufacturing: Cyberattacks can halt production, causing significant operational and financial losses.

Trends

Phishing remains the most common method for initiating cyberattacks. In 2024, the FBI received over 193,000 phishing complaints, highlighting the prevalence of social engineering tactics. These attacks often serve as gateways to more severe incidents like business email compromise (BEC) and ransomware.

Cowbell’s claims data categorizes the majority of reported incidents into three primary types:

  • Cybercrime (30%): Involving financial or data theft through tactics like phishing, BEC, and funds transfer fraud.
  • Data Breach (34%): Unauthorized access or disclosure of sensitive information, underscoring the need for robust data security measures.
  • Extortion Events (19%): Ransomware and other extortion-based attacks threatening operational stability.

An emerging trend is the strategic timing of attacks, including the “cyber Friday” phenomenon. Data indicates that Fridays before long weekends are increasingly targeted, as attackers exploit periods when organizations may have reduced IT staffing, leading to delayed detection and response.

Implications for Insurance

The evolving cyber threat landscape necessitates re-evaluation of traditional insurance models. The concentration of attacks among a few threat actors and the rise of systemic vulnerabilities challenge conventional risk assessment and underwriting practices.

Insurers must adapt by:

  • Enhancing underwriting processes: Incorporating real-time data and threat intelligence to assess risk more accurately.
  • Developing dynamic coverage models: Offering policies that can adjust to the rapidly changing cyber environment.
  • Investing in incident response capabilities: Provide policyholders access to expert resources to manage and mitigate incidents effectively.

To address the growing cyber risk, insurers and brokers can focus on proactive measures: emphasizing cyber hygiene, offering tailored risk assessments, facilitating access to vetted advisors and services and cybersecurity resources like managed detection and response (MDR) and penetration testing, as well as providing incident response templates.

Finally, promoting rapid incident and response is critical, and you need to highlight the importance of quick action during incidents. This means initial acknowledgment within one hour of claim submission and first contact from the claims team within 24 hours, with urgent issues addressed within one hour. It’s worth noting the average ransom reduction is 66% when leveraging expert services.

By integrating these strategies, insurers and brokers can not only mitigate risks but also build stronger relationships with clients, positioning themselves as trusted partners in cybersecurity resilience.

Topics Trends Cyber Claims

Was this article valuable?

Here are more articles you may enjoy.

PE Firm Warburg Pincus Acquires Majority Stake in Keystone Agency Partners
Florida Meteorologist Predicts Where the Next Hurricane Will Hit, For a Price
Travelers Q2 Net Income Soars on Less Losses, Favorable Reserves
AIG-logoFormer Lloyd’s CEO Neal to Lead General Insurance as President at AIG
Trent Cooksley

Written By Trent Cooksley

Cooksley is the co-founder and chief operating officer at Cowbell.

From This Issue

Insurance Journal Magazine July 21, 2025
July 21, 2025
Insurance Journal Magazine

Specialty Markets Directory, Summer Edition

Email This