{"id":227972,"date":"2026-06-08T11:31:00","date_gmt":"2026-06-08T15:31:00","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/06\/08\/cyber-insurance-policyholders-facing-heavier-scrutiny-in-underwriting-claims\/"},"modified":"2026-06-08T11:40:35","modified_gmt":"2026-06-08T15:40:35","slug":"cyber-insurance-policyholders-facing-heavier-scrutiny-in-underwriting-claims","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/06\/08\/cyber-insurance-policyholders-facing-heavier-scrutiny-in-underwriting-claims\/","title":{"rendered":"Cyber insurance policyholders facing heavier scrutiny in underwriting, claims"},"content":{"rendered":"

Cyber insurance policyholders facing heavier scrutiny in underwriting, claims<\/a><\/p>\n

https:\/\/www.cybersecuritydive.com\/news\/cyber-insurance-policyholders-facing-heavier-scrutiny-underwriting-claims\/822089\/<\/a><\/p>\n

Publish Date: 2026-06-08 11:31:00<\/a><\/p>\n

Source Domain: www.cybersecuritydive.com<\/a><\/p>\n

Author: <\/a><\/p>\n

Using an unordered list, summarize the following article with between 4 and 8 key points. <\/p>\n

Enterprises holding cyber insurance policies are undergoing more scrutiny in their claims as rates decline and insurers scramble to remain profitable.
\nThe stakes are high for both sides. Insurance companies around the globe increasingly fear their business is overly dependent on large U.S. policyholders, which make up nearly two-thirds of their global market share. They worry that one large supply chain event or outage could escalate and ultimately wipe out the cyber insurance industry as a whole.\u00a0<\/p>\n

These market pressures have led to a shift in the cyber insurance business model, where cyber insurers are developing sophisticated risk models to prepare for large-scale attacks that could disrupt a wave of policyholders at the same time.
\nMeanwhile, insurers are also pressuring policyholders to make sure they button up governance and security controls and have mitigations in place for any risk incurred by their third-party technology partners.\u00a0
\n\u201cInsurers today generally have a better understanding of cyber risk quantification and are placing greater emphasis on security controls, technology dependencies and exposure to systemic cyber events,\u201d said Anjali Nagrani, principal cyber cat risk product adviser at CyberCube, a firm specializing in cyber risk modeling. \u201cOrganizations with weak cyber hygiene may face more scrutiny and coverage restrictions, whereas well-prepared companies can access broader coverage and improved terms.\u201d<\/p>\n

\u201cInsurers today generally have a better understanding of cyber risk quantification and are placing greater emphasis on security controls, technology dependencies and exposure to systemic cyber events.\u201d<\/p>\n

Anjali Nagrani
\nPrincipal cyber cat risk product adviser at CyberCube<\/p>\n

Ransomware and other cyber intrusions can add up to millions of dollars in recovery costs or more if the attack forces a company to halt order-taking, manufacturing or shipping.\u00a0
\nA 2025 report co-authored by Marsh McLennan and cybersecurity firm Dragos found that OT cyber incidents could lead to $329 billion in direct financial losses. The report, which was based on a review of 10 years\u2019 worth of insurance claims,\u00a0showed an average annual global risk of $12.7 billion, which includes the impact of business interruption.\u00a0
\nAnd a March report from Aon showed the average cost per global ransomware claim\u00a0nearly doubled, to $713,000, in 2025, up from around $374,000 in 2024.\u00a0\u00a0<\/p>\n

The missing \u201cmiddle\u201d
\nThe majority of the global market for cyber insurance is currently dominated by large corporations that have sophisticated risk management and mature cyber programs.
\nBut there\u2019s \u201ca huge protection gap\u201d in cyber insurance coverage, said Martin Kreuzer, senior risk manager for cyber risks at Munich Re, who added that across all industries, smaller organizations mostly go uninsured.
\nThe data says it all: Coverage among small- to medium-sized businesses is relatively weak, with some estimates showing only about 20% of SMEs are cyber-insured.
\nSmall businesses typically don\u2019t obtain coverage, because they don\u2019t consider themselves a valuable target for cyber threat actors. They also often lack the resources to properly identify their cyber risk. Michelle Faylo, U.S. cyber at technology leader at Lockton, said this is due to a lack of understanding of the financial risks.\u00a0
\n\u201cWhen we look at the volume of buyers that are missing in the middle market and the small business space,\u201d Faylo said, \u201cit\u2019s because they don\u2019t understand it.\u201d<\/p>\n

By the numbers<\/p>\n

\u00a0
\n38%
\nIncrease in reported U.S. cyber and tech E&O incidents in 2025 compared to 2024<\/p>\n

\u00a0
\n$713,000
\nAverage cost per global ransomware claim<\/p>\n

Tighter underwriting, higher scrutiny
\nGiven the financial squeeze on cyber insurers over the past year, they have been more closely scrutinizing claims and pressuring customers\u2019 security teams to prove they are properly maintaining their security controls.
\nThe result: Policyholders are recovering a smaller percentage of the total cost of a breach, according to Gavin Mead, cyber, data and tech risk partner at PwC. Disputes between the insurance provider and policyholder often center around whether security practices \u2014 particularly multifactor authentication \u2014 were actually enforced during the breach.\u00a0
\nA significant amount of data breach costs are incurred by the victim organization\u2019s response to a cyberattack, including forensic investigation, breach notification, credit-monitoring services and breach counsel. However, the larger exposure to a company is often the legal fallout, including class action data-breach suits from customers.\u00a0
\n\u201cThat tail can rival the incident itself in financial terms,\u201d Mead told Cybersecurity Dive. In some cases, companies work to make sure they identify every last customer that is exposed to a breach, thus extending the time and expense required to complete the incident response process, he noted.
\nPart of the frustration for buyers is a disconnect in how they are rewarded for strong security controls, according to Adam Abresch, executive vice president, cyber solutions at Acrisure.\u00a0
\nInsurance buyers can get coverage if they have managed detection and response or endpoint detection and response, but they don\u2019t always benefit in terms of pricing, deductibles or breadth of coverage.<\/p>\n

\u201cThere is still a disconnect between security posture and underwriting recognition, which remains a point of frustration for buyers.\u201d<\/p>\n

Adam Abresch
\nExecutive vice president, cyber solutions at Acrisure<\/p>\n

\u201cThere is still a disconnect between security posture and underwriting recognition, which remains a point of frustration for buyers,\u201d Abresch told Cybersecurity Dive.\u00a0
\nBusiness resilience in focus
\nThe cyber insurance recovery process in several recent cyberattacks \u2014 such as that of toymaker Hasbro \u2014 will be a bellwether for what insured organizations can expect from their providers in this compressed and mature cyber insurance environment, experts said.
\nHasbro, one of the largest toy and entertainment companies in the U.S., experienced temporary delays in ordering and shipping\u00a0in the wake of a cyberattack in late March. During an earnings call last month, the company said it would incur $20 million in operating expenses related to remediation from the attack.<\/p>\n

The company also expects between $40 million and $60 million in consumer product revenue to be delayed from the second quarter through the second half of the year. \u201cWe\u2019re going to see, given the cyber event, a little bit of lumpiness in cash as we move through the year,\u201d Gina Goetter, the CFO and COO as Hasbro, said during the earnings call.\u00a0
\nIt remains unclear what costs Hasbro will recover via its cyber insurance policy. The company plans to seek reimbursement for \u201ccertain costs, expenses and losses\u201d related to the incident from its cyber insurance providers, according to a filing with the Securities and Exchange Commission. However, the company said it\u2019s still documenting claims and has no immediate details of the claims or the \u201creceipt, timing or amount\u201d of any reimbursement.\u00a0
\nGeopolitical instability
\nCyber insurance companies have been closely monitoring geopolitical tensions across the globe as well. The ongoing war between Russia and Ukraine and the U.S. war with Iran have become major flashpoints in the insurance sector. Threat activity linked to Iran-nexus actors has increased in recent months, including malicious attacks against key critical infrastructure providers in the U.S. What is not immediately clear is just how these attacks will be treated in the cyber insurance claims process.\u00a0
\nThe geopolitical cyber pressures will lead to more reimbursement claims by large companies to cyber insurers. War exclusion language traditionally has placed major limits on cyberattack insurance coverage, particularly when state-linked threat actors are involved. But a shift began in a 2023 New Jersey appellate court ruling that upheld insurance claims by pharmaceutical giant Merck, which sought $1.4 billion in claims related to the 2017 NotPetya nation-state sponsored cyberattack.\u00a0
\nThe Merck case was closely watched in part due to malicious cyberattacks related to the ongoing war in Ukraine. Then Lloyd\u2019s issued guidance in 2024, noted\u00a0Sridhar Manyem, senior director, industry research and analytics at AM Best, that said if insurer policies cover state-backed cyber incidents, the coverage must be granted in a \u201ccontrolled and measurable way.\u201d
\nThat could have wide-ranging coverage implications for a wide range of industries, including energy companies, water utilities and other sectors that have been targeted by Iran-linked cyberattacks in recent months. Legal experts say victim organizations\u2019 security teams will need to closely review the specific language in their respective cyber insurance policies to determine what is specifically coveredd and they also must ensure they had the proper controls in place at the time of their attacks.
\n\u201cThe proliferation of global conflicts and the comparatively relative ease with which \u2018war\u2019 can now be conducted, including by unmanned drones, cyberattacks or otherwise, may cause a continued rise in efforts by insurers to exclude such losses,\u201d Jason Rosenthal, an attorney at Much Law, told Cybersecurity Dive. This will lead to \u201ca rise in premiums for insureds who try to purchase specific insurance for such events,\u201d he added.
\nCyber incident response
\nInsurance providers have increasingly become more proactive in prescribing how insured companies must manage the incident response process.\u00a0
\n\u201cInsurers are increasingly positioning themselves as active risk partners rather than just financial backstops that truly do want to provide a great claims experience and support the customer through what everyone agrees is a complex and stressful experience,\u201d said Kevin Kiser, senior director of insurance alliances and solutions at cybersecurity firm Arctic Wolf.
\nMost insurance carriers route their policyholders through a \u201cdefined incident response ecosystem,\u201d according to Kiser. The process may include a set of preapproved advisers, including a breach coach, who usually functions as legal counsel to the victim organization. Cyber insurers also often require preapproved security vendors to work with victims in the response phase, Kiser said.
\nAI growth without cyber guardrails
\nThe explosion of AI adoption and weaponization also has raised alarm bells across the insurance sector. Threat actors are using AI to develop zero-day exploits, for example, as cited in a May report from Google Threat Intelligence Group.\u00a0
\nBusinesses, meanwhile, are rolling out agentic AI and other programs that incorporate AI into their systems in the hopes that the technology will boost productivity and efficiency. But many AI implementations lack proper governance and security guardrails.\u00a0
\n\u201cReal-world cases show AI improving phishing, fraud and large-scale exploitation while compressing attack timelines so that recovery capability, not detection, becomes the main driver of loss-severity,\u201d said William Altman, director of cyber threat intelligence services at CyberCube.\u00a0
\nRachel Turk, chief of market performance at Lloyds, echoed the AI concerns of cyber insurers during the company\u2019s second quarter market presentation last month. She warned that AI would raise the specter of unmanaged risk to Lloyds\u2019 clients and that no baseline scenarios currently exist to properly assess that risk.\u00a0
\n\u201cThe risk vectors for cyber continue to evolve, and AI adds another dimension and future uncertainty,\u201d Turk said, \u201cboth by being used by threat actors and raising the question of potential coverage.\u201d
\nBracing for cyber insurance impact
\nThe bottom line concern for CISOs and other leaders in this new cyber insurance risk climate is to factor in the ability to withstand a cyberattack, protect the integrity of your systems and minimize downtime.
\nErrol Weiss, chief security officer at the Health Information Sharing and Analysis Center, said, \u201cOrganizations are really looking at what do we need to do to make sure that we can keep our major systems running if major IT systems start going down for whatever reason \u2014whether it\u2019s a bad guy or a bad update.\u201d<\/p>\n

<\/p>\n","protected":false},"excerpt":{"rendered":"

Cyber insurance policyholders facing heavier scrutiny in underwriting, claims https:\/\/www.cybersecuritydive.com\/news\/cyber-insurance-policyholders-facing-heavier-scrutiny-underwriting-claims\/822089\/ Publish Date: 2026-06-08 11:31:00 Source…<\/p>\n","protected":false},"author":1,"featured_media":227973,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/imgproxy.divecdn.com\/4lkjSN-64gc6f6Sz7qot-V8ZBZL7TKxPkorzwLX5kDE\/g:ce\/rs:fit:770:435\/Z3M6Ly9kaXZlc2l0ZS1zdG9yYWdlL2RpdmVpbWFnZS9tdW5pY2hyZW1haW4uanBn.webp","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[26,30,24,25],"class_list":["post-227972","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-ai","tag-breach","tag-cybersecurity","tag-phishing"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/227972"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=227972"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/227972\/revisions"}],"predecessor-version":[{"id":227974,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/227972\/revisions\/227974"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/227973"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=227972"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=227972"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=227972"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}