Cyber insurance now covers more than 95% of data breach losses

Cyber insurance now covers more than 95% of data breach losses

Cyber insurance now covers more than 95% of data breach losses

https://www.escudodigital.com/en/cybersecurity/cyber-insurance-now-covers-more-than-95-of-data-breach-losses.html

Publish Date: 2026-07-15 01:10:00

Source Domain: www.escudodigital.com

Author:

Using an unordered list, summarize the following article with between 4 and 8 key points.

According to the Cyber Claims in Focus 2026 report, prepared by the multinational insurance brokerage Willis, cybersecurity insurance already covers more than 95% of the average losses resulting from data breaches and around 90% of the organizations’ own losses.

The analysis quantifies the economic impact of digital incidents and identifies ransomware as the main focus of severity: each attack causes, on average, 25 days of inactivity and losses of 4.5 million euros in global companies.

Data breaches account for a large part of the claims

Data breaches are the most frequent type of incident within cyber insurance. Malicious attacks represent the majority of cases, although the economic damage can vary considerably depending on the affected organization and the scope of the intrusion.

Ransomware continues to stand out for the severity of its financial consequences. It is not just about recovering encrypted files. A company may remain unable to use essential systems for several weeks, halt production processes, or lose the capacity to serve customers.

The largest individual loss analyzed exceeds 430 million euros. A figure that reflects how far an incident can escalate when it affects a large organization and causes a prolonged interruption of activity.

Ransomware paralyzes systems for an average of 25 days

A ransomware attack has an average duration of 25 days. During this period, the loss of productivity becomes one of the main elements of the final bill.

Business activity interruption and payments made to cybercriminals are the two major economic components of these incidents. Currently, the average ransom demand reaches 3.2 million euros, although the actual payment is 1.3 million euros.

The difference shows that the amounts initially demanded by attackers are not always fully paid. However, even when the ransom is lower, the paralysis of systems can generate much greater losses.

“Ransomware increasingly poses a threat to global organizations, having an impact on the profit account that can be very high,” warns Carolina Daantje, Cybersecurity Director at WTW.

95% of costs come from direct attacks

Incidents in which cybercriminals directly attack an organization’s systems represent 58% of ransomware notifications. However, they account for 95% of the total costs.

Attacks related to suppliers account for 42% of notifications but generate only 5% of the costs associated with ransomware analyzed in the report.

The situation changes when data breaches are studied. External providers are already responsible for almost 50% of the losses related to these breaches and 29% of the organizations’ own losses.

This phenomenon is particularly concerning due to the so-called systemic risk. A single incident suffered by a technology provider can simultaneously affect dozens or hundreds of organizations that depend on its services.

Artificial intelligence amplifies already known threats

For now, artificial intelligence does not appear as an independent factor that directly drives cyber insurance claims. Its impact is seen in the ability to enhance techniques already used by attackers.

Social engineering, phishing through deepfakes, and ransomware can gain sophistication thanks to these tools. The possibility of creating increasingly convincing fake videos or audios makes it difficult to identify certain frauds.

Therefore, AI introduces greater volatility in cyber risk. Attack methods evolve rapidly and require reviewing both security measures and the contracted insurance protection.

Having cyber insurance does not mean being correctly protected

The high average coverage of losses does not eliminate the risk of gaps in certain policies. The needs of an industry with operational systems are different from those of a company whose main exposure lies in a customer database.

“Organizations must understand what coverage they have contracted and ensure it aligns with their risk exposure,” says Daantje.

The Cybersecurity Director at WTW warns that when the policy does not reflect the reality of the company, “critical gaps can appear precisely where protection is most needed,” while maintaining coverage over risks that offer little real value to the company.

Insurance must adapt to new attack patterns

The report also points out less visible threats, such as litigation related to tracking pixels. Certain cases could cause million-euro losses and generate effects on the entire insurance market.

The evolution of attacks requires periodically reviewing limits, exclusions, and business interruption scenarios. “To get the most out of cyber insurance, coverage must reflect the loss patterns observed in the market,” concludes Daantje.

With average losses of 4.5 million euros due to ransomware and shutdowns of almost a month, taking out a policy is no longer the only debate. The real challenge for companies is to verify whether their insurance responds precisely to the incidents that can cause them the greatest financial damage.

According to the Cyber Claims in Focus 2026 report, prepared by the multinational insurance brokerage Willis, cybersecurity insurance already covers more than 95% of the average losses resulting from data breaches and around 90% of the organizations’ own losses.

The analysis quantifies the economic impact of digital incidents and identifies ransomware as the main focus of severity: each attack causes, on average, 25 days of inactivity and losses of 4.5 million euros in global companies.

Data breaches account for a large part of the claims

Data breaches are the most frequent type of incident within cyber insurance. Malicious attacks represent the majority of cases, although the economic damage can vary considerably depending on the affected organization and the scope of the intrusion.

Ransomware continues to stand out for the severity of its financial consequences. It is not just about recovering encrypted files. A company may remain unable to use essential systems for several weeks, halt production processes, or lose the capacity to serve customers.

The largest individual loss analyzed exceeds 430 million euros. A figure that reflects how far an incident can escalate when it affects a large organization and causes a prolonged interruption of activity.

Ransomware paralyzes systems for an average of 25 days

A ransomware attack has an average duration of 25 days. During this period, the loss of productivity becomes one of the main elements of the final bill.

Business activity interruption and payments made to cybercriminals are the two major economic components of these incidents. Currently, the average ransom demand reaches 3.2 million euros, although the actual payment is 1.3 million euros.

The difference shows that the amounts initially demanded by attackers are not always fully paid. However, even when the ransom is lower, the paralysis of systems can generate much greater losses.

“Ransomware increasingly poses a threat to global organizations, having an impact on the profit account that can be very high,” warns Carolina Daantje, Cybersecurity Director at WTW.

95% of costs come from direct attacks

Incidents in which cybercriminals directly attack an organization’s systems represent 58% of ransomware notifications. However, they account for 95% of the total costs.

Attacks related to suppliers account for 42% of notifications but generate only 5% of the costs associated with ransomware analyzed in the report.

The situation changes when data breaches are studied. External providers are already responsible for almost 50% of the losses related to these breaches and 29% of the organizations’ own losses.

This phenomenon is particularly concerning due to the so-called systemic risk. A single incident suffered by a technology provider can simultaneously affect dozens or hundreds of organizations that depend on its services.

Artificial intelligence amplifies already known threats

For now, artificial intelligence does not appear as an independent factor that directly drives cyber insurance claims. Its impact is seen in the ability to enhance techniques already used by attackers.

Social engineering, phishing through deepfakes, and ransomware can gain sophistication thanks to these tools. The possibility of creating increasingly convincing fake videos or audios makes it difficult to identify certain frauds.

Therefore, AI introduces greater volatility in cyber risk. Attack methods evolve rapidly and require reviewing both security measures and the contracted insurance protection.

Having cyber insurance does not mean being correctly protected

The high average coverage of losses does not eliminate the risk of gaps in certain policies. The needs of an industry with operational systems are different from those of a company whose main exposure lies in a customer database.

“Organizations must understand what coverage they have contracted and ensure it aligns with their risk exposure,” says Daantje.

The Cybersecurity Director at WTW warns that when the policy does not reflect the reality of the company, “critical gaps can appear precisely where protection is most needed,” while maintaining coverage over risks that offer little real value to the company.

Insurance must adapt to new attack patterns

The report also points out less visible threats, such as litigation related to tracking pixels. Certain cases could cause million-euro losses and generate effects on the entire insurance market.

The evolution of attacks requires periodically reviewing limits, exclusions, and business interruption scenarios. “To get the most out of cyber insurance, coverage must reflect the loss patterns observed in the market,” concludes Daantje.

With average losses of 4.5 million euros due to ransomware and shutdowns of almost a month, taking out a policy is no longer the only debate. The real challenge for companies is to verify whether their insurance responds precisely to the incidents that can cause them the greatest financial damage.

Become a premium member for free!