Cyber claims surge

Cyber insurance claims kept rising in 2025, with At-Bay reporting a 7% year-over-year increase across more than 100,000 policy years. (at-bay.com) At-Bay said its 2026 InsurSec Report drew on more than 6,500 claims and found average claim severity reached a record $221,000. The company published the report on April 22, 2026. (at-bay.com; helpnetsecurity.com) Ransomware remained the costliest category. At-Bay said average ransomware severity rose 16% to $508,000, and companies with less than $25 million in revenue saw ransomware frequency jump 21% and severity climb 40% to $422,000. (at-bay.com) The mechanics were increasingly concentrated in remote-access software. At-Bay said 73% of ransomware attacks with an identified entry point started with a virtual private network, up from 38% two years earlier, and 87% of ransomware claims involved virtual private networks or Remote Desktop Protocol. (at-bay.com) One strain and one device family stood out in the data. At-Bay said Akira accounted for more than 40% of ransomware claims, SonicWall was the most targeted virtual private network for the first time at 27% of ransomware claims, and SonicWall appliances appeared in 86% of Akira attacks. (at-bay.com) The report said the losses did not stop with ransom demands or stolen funds. It highlighted business interruption, clawback shortfalls after fraud, and class-action litigation after breaches as major drivers of final claim costs. (at-bay.com) Financial fraud was another pressure point. At-Bay said businesses that notified it within three days recovered at least some funds 70% of the time, but recovery odds dropped significantly after that window. (at-bay.com) The broader insurance market has not fully hardened yet. Willis Towers Watson said in February 2026 that buyer-friendly conditions largely persisted through 2025, even as cyber losses grew more frequent and severe, though early 2026 pointed to slower premium declines. (wtwco.com) Coalition, another cyber insurer, reported in March 2026 that initial ransom demands in full-year 2025 surged 47% year over year. That lines up with At-Bay’s picture of a market facing more expensive incidents even when companies avoid paying full demands. (coalitioninc.com; at-bay.com) For claims teams, underwriting units and special investigations staff, the shift is less about a single spike than a thicker stream of harder files. At-Bay’s data points to more incidents, more follow-on costs and more pressure to verify what happened before the bill is fully known. (at-bay.com; helpnetsecurity.com)