64 Cyber Insurance Claims Statistics 2026

The cyber insurance market crossed $15.3 billion in global premiums in 2024. At first glance, it might signal maturity and confidence. But scratching down a little, the market is riddled with falling premiums and surging claims. Organizations are interested in buying more coverage, but can’t collect what they need when they need it most.

And AI — the technology every insurer is scrambling to underwrite is the biggest risk multiplier and the most effective claims-reduction tool available.

That is why in this article, using 64 of the most important cyber insurance claims statistics for 2026, we try to explain how you need to sculpt your security posture, walk your coverage decisions, and smack the vulnerabilities your insurer expects you to manage before they mail you a check.

Top Cyber Insurance Claims Statistics 2026

Before we dive into the deeper analysis, here’s a snapshot of the numbers that define the cyber insurance landscape in 2026:

1. Global cyber insurance premiums reached $15.3 billion in 2024, with projections ranging from $27B to $50B by 2030 (Munich Re; Gallagher Re).
2. US cyber claims surged to nearly 50,000 in 2024; ~40% increase year-over-year (NAIC 2025 Report).
3. BEC and Funds Transfer Fraud account for 58–60% of all claims by volume, while ransomware drives 60% of large claim value (Coalition; Allianz).
4. 86% of businesses refused to pay ransom in 2025, a record high (Coalition 2026 Cyber Claims Report).
5. 27% of data breach claims had exclusions that led to partial or zero payouts (NAIC; Delinea).
6. Organizations with continuous security monitoring file 73% fewer claims than the industry average (Coalition).

Now, let’s make sense of what’s really going on.

Cyber insurance is often pitched as one of the fastest-growing segments in commercial insurance, and $15.3 billion in global premiums certainly support that narrative, with North America still dominating with roughly 69% of global premiums, but Asia-Pacific is emerging as the fastest-growing region with a projected 16.7% compound annual growth rate through 2030 (Mordor Intelligence).

But here’s the twist: most market reports are glossy; the US cyber insurance market actually contracted in 2024. Direct written premiums fell 7.11% to $9.14 billion, down from $9.84 billion in 2023 — the first premium decline in the market’s history (NAIC 2025 Cybersecurity Insurance Report). This wasn’t because organizations stopped buying coverage; the number of active policies remained largely flat at 4.37 million, and rates simply fell.

Why? After years of aggressive premium hikes that peaked in mid-2022, insurers found themselves reveling in exceptional profits. Secondly, the US market’s combined loss ratio fell to just 47% in 2024 (the third consecutive year of profitable results, Fitch Ratings). That profitability seduced new entrants, fragmented the market (the top 10 carriers now hold 51% of the market, down from 69% in 2019), and triggered competitive price wars that pushed rates down 22–27% cumulatively from their 2022 peak.

For security leaders, this creates a buyer’s market. But cheaper premiums don’t mean cheaper risk. It means they’ll be far less forgiving when claims arrive from organizations that haven’t held up their end of the bargain.

Why is there a Sudden Increase in Claims?

While premiums dropped, claims went in the opposite direction. In 2024, US insurers processed ~50,000 cyber claims (roughly 40% increase from the prior year). This spike was partly driven by mass-casualty events, such as the CrowdStrike outage in July 2024, which affected 8.5 million systems and generated an estimated $400 million to $1.5 billion in insured losses. This single event rippled across thousands of policies.

But even without such outliers, the trend holds. If you measure claims frequency as a percentage of active policies rather than raw volume, you get a 7% decrease in frequency in 2024, followed by a 3% uptick in 2025.

The picture now is clearer when you look at severity: the average claim cost in 2025 settled at $116,000 (Coalition 2026 Report), but this masks enormous variance depending on attack type and company size.

Secondly, NetDiligence’s 15th annual Cyber Claims Study exposed a telling split. SMEs (revenue under $2 billion) account for ~98% of all claims by volume but only 49% of total cost. The remaining 2% of claims from large enterprises account for ~51%, or roughly $2.4 billion. The average large-company cyber incident now costs $10.3 million.

Astra Security sees this pattern firsthand; small and mid-sized businesses are getting hit more often, but larger enterprises, with their sprawling attack surfaces and interconnected supply chains, face catastrophically higher costs when they are breached. Both segments need proactive vulnerability management, but for very different reasons; SMEs need it to survive the claim, and enterprises need it to contain the damage.

Our State of Continuous Pentesting Report 2025 states that organizations averaged 5.33 vulnerabilities per minute across real environments and that critical vulnerabilities alone increased 83% year-over-year.

If those numbers sound exaggerated, consider this: 614 organizations that were warned about specific vulnerabilities but failed to remediate and subsequently suffered ransomware attacks, generating $307 million in losses.

AI is now powering automated social engineering, exploit generation, and lateral movement. Meanwhile, most orgs are still running outdated risk models and scanning schedules.

If your insurance model isn’t factoring in real-world exposure and evolving attacker tactics, it’s already outdated.

Why is there a Sudden Increase in Claims?

While premiums dropped, claims went in the opposite direction. In 2024, US insurers processed ~50,000 cyber claims (roughly 40% increase from the prior year). This spike was partly driven by mass-casualty events, such as the CrowdStrike outage in July 2024, which affected 8.5 million systems and generated an estimated $400 million to $1.5 billion in insured losses. This single event rippled across thousands of policies.

But even without such outliers, the trend holds. If you measure claims frequency as a percentage of active policies rather than raw volume, you get a 7% decrease in frequency in 2024, followed by a 3% uptick in 2025.

The picture now is clearer when you look at severity: the average claim cost in 2025 settled at $116,000 (Coalition 2026 Report), but this masks enormous variance depending on attack type and company size.

Secondly, NetDiligence’s 15th annual Cyber Claims Study exposed a telling split. SMEs (revenue under $2 billion) account for ~98% of all claims by volume but only 49% of total cost. The remaining 2% of claims from large enterprises account for ~51%, or roughly $2.4 billion. The average large-company cyber incident now costs $10.3 million.

Astra Security sees this pattern firsthand; small and mid-sized businesses are getting hit more often, but larger enterprises, with their sprawling attack surfaces and interconnected supply chains, face catastrophically higher costs when they are breached. Both segments need proactive vulnerability management, but for very different reasons; SMEs need it to survive the claim, and enterprises need it to contain the damage.

Our State of Continuous Pentesting Report 2025 states that organizations averaged 5.33 vulnerabilities per minute across real environments and that critical vulnerabilities alone increased 83% year-over-year.

If those numbers sound exaggerated, consider this: 614 organizations that were warned about specific vulnerabilities but failed to remediate and subsequently suffered ransomware attacks, generating $307 million in losses.

What’s Actually Driving Cyber Insurance Claims?

According to most people, cyber insurance claims are driven by ransomware, and they’re right, but partially. Data reveals an uncomfortable inversion between volume and value that most articles miss.

Business Email Compromise (BEC) and Fund Transfer Fraud (FTF) account for 58–60% of all cyber insurance claims by volume (Coalition 2025; Allianz 2025). Moreover, BEC severity increased 23% in 2024 alone, with compromised emails accounting for 52% of FTF claims (Coalition 2026). These numbers are bolstered by the FBI’s IC3 2024 Annual Report, which pegged BEC losses at $2.77 billion from 21,442 complaints, making it the single most costly cybercrime category for which federal authorities were notified.

Ransomware, on the other hand, accounted for only about 20% of claims by count. But it packs a big weight with Allianz reporting that ransomware accounted for 60% of the value of large claims exceeding €1 million. Also, ransomware consumed 72% of all cyber claim dollars in 2023–2024, up from 63% in the 2020–2022 period (Chubb via Insurance Information Institute).

This inversion matters for your security strategy. Optimizing security strategy solely for ransomware or BEC leaves you vulnerable to other types of cyberattacks.

To create a strong cybersecurity strategy, you need a cybersecurity vendor with the people and tools to address both these divergent vectors.

Ransomware is evolving

Despite the frequency inversion, ransomware still remains the single most destructive cyber risk from an insurance perspective. In 2024, 44% of all confirmed data breaches involved ransomware, a 37% increase year-over-year (Verizon 2025 DBIR), and among SMBs, the figure is even higher: 88% of breaches involved ransomware.

Focusing on the economics, even though initial ransom demands surged 47% (Coalition 2026),  86% of businesses refused to pay. Chainalysis data supports this trend: total blockchain-tracked ransomware payments fell 35% from $1.25 billion in 2023 to $813.55 million in 2025.

But why are companies paying less often? Three reasons.

• First, strong backup strategies, although Sophos found that only 54% of victims used backups to restore data in 2025, the lowest rate in six years.
• Second, law enforcement pressure and regulatory guidance have made paying ransoms legally risky.
• Third, and this is the insurance angle,  many policies now apply sub-limits specifically to ransom payments, making coverage for the payment itself less useful.

But the bigger cost story lies in recovery.

Sophos reports that average ransomware recovery costs (excluding the ransom) dropped from $2.73 million in 2024 to $1.53 million in 2025. This decline is attributed to faster detection and improved incident response capabilities. Another data shows 53% of affected firms fully recovered within one week in 2025, up from 35% the year prior.

This is mainly due to the proactive security investment. Investments in continuous pentesting and vulnerability remediation enable faster recovery and stronger incident response capabilities.

Why 74% of Cyber Insurance Claims Close Without Payment

Perhaps the most jarring number in the entire dataset is: 74% of US cyber insurance claims (28,555 out of 38,496 (NAIC 2025)) in 2024 closed without any payment. But don’t be disheartened, you need context.

“Closed without payment” doesn’t exclusively mean “denied.” It includes claims that fell below the deductible, were withdrawn by the policyholder, or were resolved through non-monetary assistance, e.g., incident response coordination. So it’s both a good and bad stat depending on the causal analysis of the non-payments.

Nonetheless, the denial problem is still real. A study found that 27% of data breach claims and 24% of first-party claims had exclusions that resulted in partial or no payouts.

The most common reason is failure to maintain attested security controls, particularly MFA and endpoint protection. Stats also support this, 82% of denied claims involved organizations that lacked MFA.

And then there are the structural exclusions that no amount of good hygiene can overcome. Lloyd’s of London mandated in March 2023 that all standalone cyber policies must exclude state-supported cyberattack liability, i.e., “war exclusion.” Munich Re has stated publicly that catastrophic systemic cyber events “far exceed the industry’s capacity” and will require government backstop mechanisms similar to terrorism insurance pools.

Non-attack incidents are creating a new coverage gray area too. Privacy-related class action claims, cases where no hacking occurred but data was mishandled, tripled in value over two years and now account for 18% of large claims by value (Allianz 2025).

Approximately 1,500 data privacy actions were filed in US courts in 2024. And 42% of policies now explicitly exclude AI misuse or liability (Delinea 2025), even though 13% of organizations have already experienced an AI-related security incident (IBM Cost of a Data Breach 2025).

The takeaway?

Your cyber insurance policy is a financial backstop for risks you’ve actively managed. If you’re treating it as a substitute for security investment, you’ll end up discovering the gaps at the worst possible time.

What Cyber Insurance Actually Requires?

The days of buying cyber insurance with a questionnaire and a handshake are over. 99.5% of organizations now say insurers are inquiring about security controls for coverage (Delinea 2025), and 97% say those controls directly influence their premiums.

The controls that move the needle most, according to insurer underwriting data and claims outcomes, include:

• MFA (45% of new claims in Q1 2025 came from VPN setups without MFA, Coalition)
• Endpoint Detection and Response (EDR reduces breach likelihood by 10% for every 25% increase in deployment, Marsh McLennan)
• Privileged access management (cited as the top premium differentiator by 41% of respondents,  Delinea)
• Incident response planning (reduces breach likelihood by 13%, Marsh McLennan).

But here’s what most organizations miss: insurers don’t just ask whether you have these controls. They now ask whether you test them and how well they are functioning. That’s where penetration testing plays a vital role in a claims-reduction strategy.

Coalition’s data shows organizations with continuous security monitoring experience 73% fewer claims than the industry average.

Allianz found that in over 80% of large claims, the insured organization’s detection and response decisions directly influenced the magnitude of the loss. Detection and response maturity can reduce claim costs by a factor of 1,000× (Allianz).

Astra’s State of Continuous Pentesting Report 2025 revealed $2.88 billion in potential losses that organizations avoided by discovering and remediating vulnerabilities proactively; these are losses that never became insurance claims.

When you compare that to the $4.8 billion in claims costs reported by NetDiligence over five years, the ROI of continuous testing against insurance exposure becomes hard to ignore.

The AI Factor in Cyber Insurance

No analysis of the 2026 insurance landscape would be complete without addressing AI. The Allianz Risk Barometer 2026 saw AI risk jump from #10 to #2 among global business risks (largest single-year rise in the survey’s 14-year history). Cyber incidents, meanwhile, held steady at #1 for the fifth consecutive year.

AI-enhanced phishing attacks increased 202% in the second half of 2024 (Munich Re), and 82.6% of phishing emails now incorporate some form of AI (RPS National Cyber Practice).

Secondly, Deepfake fraud attempts spiked 3,000% since 2023, with synthetic voice fraud attacks against insurers up by 475% in 2024 (Regula; Pindrop). IBM’s 2025 Cost of a Data Breach report found that shadow AI, unauthorized AI tools deployed without security oversight,  added $670,000 to average breach costs.

To this, Insurers are responding in two ways.

• On the defensive side, if you have AI-powered security tools, 86% of organizations reported that insurers offered premium reductions, particularly for AI-driven threat detection (63%) and behavioral analytics (59%) (Delinea 2025).
• On the coverage side, the market is cautiously introducing AI-specific products with Coalition launching explicit deepfake coverage in December 2025 and Chaucer Group introducing the industry’s first standalone AI liability policy.

But the gap between AI adoption speed and AI security maturity is still gigantic. Only 66% of companies integrating generative AI into their products are actively security-testing those implementations, according to Cobalt’s State of Pentesting Report 2025, and this number gets 

way worse for developing nations such as India and other Southeast Asian countries, that is, if they are even deploying Gen AI.

Also, 32% of LLM pentest findings were rated as serious (2.5× the overall rate across all pentest types).

And thus, as the insurance industry tries to figure out how to price this risk yet, if you’re deploying AI without properly testing it, you’re flying without a safety net, compadre.

​The SMB Exposure Problem

One of the most underreported trends in cyber insurance is the massive protection gap facing small and mid-sized businesses. Swiss Re estimates that only 10–20% of SMEs carry cyber insurance, compared to 80% of large corporations.

Over 70% of businesses in France, Germany, Italy, and Spain remain entirely uninsured (Howden 2025).

Howden’s research calculates that European businesses lost €307 billion in direct cybercrime costs over five years, €204 billion of which could have been mitigated with better cybersecurity and insurance coverage.

This gap exists for predictable reasons: 40% of uninsured organizations say they need to do more research before buying, and 34% cite the expense (security.org).

But the gap is closing from both directions. Insurers are developing simpler, more affordable products aimed at SMEs (standalone policies now capture 65% of US premium volume but only 

41.6% of policy count — NAIC) as SMEs that do purchase coverage file claims at accelerating rates: businesses under $25 million in revenue filed 64% of all claims in 2024, with an average severity of $79,000 (Coalition).

For SMEs, the math increasingly favors insurance coverage but not at the cost of security controls that prevent the most common claims.

Cyber Insurance Pricing: Where Rates Are Headed

If you’re looking to buy cyber insurance as of today, you’re currently in the prime-spring pricing environment in quite a few years.

Marsh McLennan’s Global Insurance Market Index shows cyber rates declined 6–7% per quarter throughout 2025, and cyber reinsurance rates plunged 32% at January 2026 renewals.  Gallagher Re described this as “historic softening.”

But this window of opportunity won’t last forever.

Several factors can reverse the trend: a major systemic cyber event (Munich Re estimates such events would exceed the industry’s capacity), a sustained increase in ransomware severity (initial demands surged 47% in 2025), or a wave of AI-related claims that current actuarial models haven’t priced in.

Three macro trends are worth watching as you plan your 2026–2027 cybersecurity and insurance strategy.

First, the insurance protection gap is slowly becoming a first-order business risk. Cyber insurance still accounts for <1% of global P&C premiums, and, according to the World Economic Forum, 35% of small organizations believe their cyber resilience is inadequate. This shows that the gap between risk exposure and insurance coverage is widening, not narrowing.

Second, supply chain and third-party risk is the fastest-growing claims category. Third-party involvement has doubled from 15% to 30% in 2024 (Verizon DBIR) and supply chain breaches now cost ~$4.91 million— taking approx. 267 days to resolve (IBM). This renders your insurer to pay close attention to the security of your vendors and not just your own environment.

Third, proactive security posture is enroute to becoming the single most important variable in both claims outcomes and premium pricing. Coalition’s 73% claims reduction for organizations that did proactive monitoring, Marsh McLennan’s quantification of the impact EDR and MFA have, and Allianz’s finding that detection decisions influence losses all validate the fact that organizations that invest in continuous testing, rapid remediation, and evolved incident response don’t just file fewer claims — they pay less for insurance and recover faster when incidents occur.

The practical implication for CTOs and CISOs is straightforward: lock in favorable rates now, but invest in the security controls that will keep those rates low when the market inevitably hardens again.

Forward projections vary wildly. Munich Re estimates the global market will reach $29 billion by 2027 and $32.4 billion by 2030. Gallagher Re is more bullish at $30–50 billion. Swiss Re, the most conservative voice, projects just 5% annual growth, explicitly warning that “ambitious exponential growth forecasts are unlikely to materialise.”

Final Thoughts

The statistics in this article tell a consistent story. The cyber insurance market is maturing, claims are evolving, and the gap between organizations that treat security as a checkbox and those that treat it as a continuous discipline is widening — in their claim outcomes, their premiums, and their recovery timelines.

Cyber insurance is an essential component of enterprise risk management. But it’s a safety net, not a strategy. The organizations that fare best — in claims outcomes, premium negotiations, and actual resilience — are those that pair their coverage with proactive, continuous security testing.

That’s the approach Astra was built for. Whether it’s continuous pentesting that uncovers the vulnerabilities your insurer will scrutinize, compliance-ready reports that streamline your underwriting process, or ongoing vulnerability management that keeps your attack surface insurance-grade, Astra’s platform is designed to turn your security posture into a measurable competitive advantage — one that shows up in lower premiums, faster claims resolution, and fewer incidents in the first place.

FAQs