More than 95 percent of average data breach losses and 90 percent of average first-party cyber losses are adequately covered by insurance, according to a Willis report released June 16, 2026, after reviewing 5,500 claims across 95 countries from January 2013 through January 2026. That is not a small finding in a market often described as murky, adversarial, and allergic to certainty. The more interesting conclusion, however, is not that cyber insurance “works.” It is that the product is beginning to reveal, in cold claims data, which parts of cyber risk are genuinely insurable and which parts remain stubbornly operational.
For Windows shops, managed service providers, healthcare IT teams, manufacturers, and enterprise security groups, the Willis numbers should land as both reassurance and warning. Insurance is paying for a large share of average losses, but the biggest costs are still coming from the oldest failure mode in the digital economy: systems go down, work stops, revenue disappears, and recovery takes longer than anyone promised during tabletop exercises.
Cyber insurance has spent much of its life caught between two caricatures. Buyers suspected it was a policy full of exclusions waiting to be invoked after disaster. Insurers suspected buyers were treating it as a substitute for patching, backups, identity controls, and incident response planning.
The Willis report cuts through some of that mutual suspicion. A dataset of 5,500 claims and roughly $1 billion in insurer payments is not marketing fluff. It is the kind of evidence the cyber insurance market has historically lacked: a claims-backed view of what actually happens after organizations are breached, extorted, knocked offline, sued, or dragged into someone else’s vendor failure.
The headline number matters because it addresses the most basic question buyers ask: will the policy respond when the incident is real? Willis says that, on average, the answer is yes for a large majority of data breach and first-party losses. That is a meaningful counterweight to the doom loop of anecdotal stories about denied claims, disputed wording, and litigation over nation-state exclusions.
But averages are dangerous in cyber. They smooth out the very volatility that makes the risk hard to price. A policy that adequately covers the average data breach may still be badly mismatched to a ransomware event that paralyzes a manufacturer for weeks, a hospital network for days, or a logistics provider during peak season.
Yet ransomware remains the financial monster. Willis pegs the average ransomware event at 25 days and the average loss at $5.3 million, with the largest single loss now exceeding $500 million. That gap between frequency and severity is the heart of the modern cyber risk problem.
A data breach can be expensive, humiliating, and legally messy. A ransomware incident can be existential because it converts security failure into operational paralysis. The difference is not merely forensic; it is economic. A breach asks, “What was taken?” Ransomware asks, “Can the business function tomorrow morning?”
That distinction matters for Windows-heavy environments because ransomware is rarely just a malware story. It is an Active Directory story, a backup story, an endpoint visibility story, a privilege escalation story, and a recovery sequencing story. The insurance claim may be filed under cyber, but the pain is distributed across identity, infrastructure, legal, finance, communications, and customer operations.
But the ransom itself has become a misleading focal point. It is visible, dramatic, and easy to understand, which is why it dominates boardroom conversations and news coverage. The more damaging number may be the 25-day average event duration.
Twenty-five days is an eternity in an organization that depends on ERP, email, identity services, endpoint fleets, clinical systems, payment processing, production scheduling, or customer support queues. It is long enough for manual workarounds to fail, customers to defect, regulators to start asking pointed questions, and executive confidence in the IT function to fray.
That is why the Willis data should push cyber insurance conversations away from “Will ransom be covered?” and toward “What would 25 days of degraded operation cost us?” The second question is harder, but it is the one that tells buyers whether their limits, sublimits, waiting periods, and business interruption assumptions resemble reality.
That split complicates the current obsession with third-party risk. Vendor incidents are rising, and systemic single-vendor failures remain a critical concern. But the most expensive ransomware claims still appear to come from attacks that land directly inside the victim’s own environment.
For IT leaders, this is a useful corrective. Vendor risk management matters, but it cannot become a fashionable distraction from hardening the estate you actually control. Identity hygiene, privileged access management, backup isolation, endpoint detection, segmentation, patch governance, and incident response retainers remain the boring center of the ransomware problem.
It also suggests that cyber insurance underwriting pressure will continue to fall heavily on internal controls. Insurers may ask more detailed questions about cloud identity, remote access, endpoint coverage, vulnerability management, backup immutability, and logging retention not because they enjoy paperwork, but because the claims data keeps pointing back to the insured’s own systems as the costliest battlefield.
The modern enterprise does not merely buy software. It outsources authentication flows, payment systems, analytics, HR platforms, managed detection, email security, cloud hosting, customer support tooling, file transfer, payroll, and marketing instrumentation. Each of those relationships may reduce internal complexity while increasing dependency on another company’s controls.
This is where cyber insurance becomes both a financial backstop and a diagnostic instrument. If claims increasingly involve third parties, the policy language around dependent business interruption, contingent system failure, vendor-triggered breach response, and aggregation becomes more than legal boilerplate. It becomes the difference between a claim that fits the contract and a loss that falls into a gap.
Systemic risk is the harder problem. A single-vendor event can strike many insureds at once, which makes it dangerous for carriers and confusing for buyers. Cyber insurance can handle individual fires more easily than citywide blackouts, and the market is still working out how to price an economy where one widely used platform can become a common point of failure.
That makes it more dangerous in a different way. Organizations can understand a ransomware gang as an external villain. It is harder to confront the idea that routine marketing tools, tracking scripts, consent flows, and third-party tags may create legal exposure that later turns into cyber claims.
For healthcare, financial services, and other regulated sectors, this is not an academic concern. A tracking pixel on the wrong page can become a disclosure issue, a class-action magnet, or a regulatory headache. The technical footprint may be tiny; the claims footprint may not be.
The lesson for administrators and security teams is that cyber risk has escaped the server room. Privacy engineering, consent management, data minimization, tag governance, and marketing technology reviews now belong in the same conversation as malware defense. That may annoy everyone involved, which is usually a sign that the risk has become real.
This matters because the insurance market often names risks only after the losses become legible. Before ransomware was a dominant category, it was simply malware, extortion, business interruption, or data restoration. AI may follow a similar path, first appearing as a force multiplier inside familiar loss categories before emerging as its own policy battleground.
For defenders, the practical implication is less glamorous than the hype cycle suggests. AI does not eliminate the need for multifactor authentication, tested backups, least privilege, software inventory, logging, or employee verification procedures. If anything, it makes the consequences of weak controls arrive faster.
The coverage question will become more complicated as organizations deploy AI into customer service, software development, document processing, security operations, and decision support. The market will need to distinguish between AI-assisted attacks, AI-caused operational errors, model governance failures, data leakage, intellectual property disputes, and professional liability. That sorting process will be messy because real incidents rarely respect policy categories.
A manufacturer’s risk profile is not a law firm’s risk profile. A hospital’s downtime tolerance is not a SaaS company’s downtime tolerance. A logistics provider’s vendor dependency is not a regional government’s vendor dependency. The term “cyber insurance” hides a large range of coverage designs, exclusions, sublimits, waiting periods, panel requirements, and definitions.
This is where buyers often get the product wrong. They compare premiums and limits, then treat the policy as interchangeable. The Willis data argues for the opposite approach: start with the claims patterns most likely to hurt your sector, then test the policy against those scenarios.
If ransomware downtime is the nightmare, business interruption terms matter more than a glossy incident response promise. If third-party breach exposure is rising, vendor language matters. If pixel-tracking litigation is plausible, privacy coverage deserves scrutiny. If AI is being rolled into production systems, silence in the policy may not be comfort; it may be ambiguity waiting for a dispute.
That dynamic frustrates security professionals, especially when underwriting questions feel simplistic or misaligned with technical reality. Still, the direction of travel is clear. Insurers are using claims data to reward controls that reduce loss and scrutinize gaps that correlate with expensive incidents.
The result is a strange but useful feedback loop. Claims reveal which failures cost money. Underwriters convert those failures into questions. Buyers convert the questions into projects. Security teams then get leverage to implement controls that should probably have been funded years earlier.
There is a danger, of course, in treating insurance questionnaires as compliance checklists. A company can answer “yes” to multifactor authentication while leaving legacy protocols, service accounts, unmanaged devices, or poorly protected admin paths exposed. The goal is not to satisfy the form. The goal is to survive the incident the form is imperfectly trying to predict.
Ransomware actors do not need exotic zero-days when they can phish credentials, abuse remote access, escalate privileges, disable defenses, move laterally, and detonate payloads across poorly segmented environments. The technical chain differs from case to case, but the operational result is familiar: users cannot work, admins are rebuilding trust, and executives are asking when the business comes back online.
Cyber insurance will not restore a domain controller. It will not validate backups, rebuild golden images, rotate secrets, or decide which systems come online first. It may pay for incident response, legal counsel, notification, restoration costs, business interruption, and ransom where covered, but the organization still has to execute under pressure.
That is why the Willis report should be read less as a victory lap for insurers than as a map of where Windows-heavy organizations keep absorbing losses. The costliest events are long-running, operationally disruptive, and deeply entangled with identity and infrastructure. That is exactly the terrain sysadmins live on.
Cyber is difficult because it combines criminal behavior, software flaws, human error, legal liability, geopolitical risk, vendor dependency, regulatory pressure, and business continuity into one loss category. Traditional insurance likes boundaries. Cyber keeps dissolving them.
The Willis findings show a market that can absorb a large share of ordinary cyber losses while still worrying about tail events. That is a rational posture. The average loss may be adequately covered; the catastrophic, systemic, multi-victim, multi-jurisdiction event remains the scenario that keeps insurers, reinsurers, brokers, and regulators awake.
Buyers should take the same view. Cyber insurance is neither a scam nor a shield. It is a financial instrument sitting beside controls, contracts, incident response, governance, and continuity planning. Treating it as any one of those things alone is how organizations end up disappointed.
That changes the renewal meeting. The question is not simply whether the premium went up or down. It is whether the purchased coverage matches the organization’s real incident scenarios.
A board that sees cyber insurance as a checkbox will focus on the certificate. A board that understands the Willis data will ask whether limits are sufficient for extended downtime, whether dependent business interruption is meaningful, whether breach response panels are usable, whether privacy litigation is covered, and whether the organization can prove the controls it represented during underwriting.
The best buyers will also treat the policy as a stress test. If a claim depends on timely notification, approved vendors, documented controls, preserved logs, or specific incident response steps, those requirements should be operationalized before the breach. A policy sitting in legal’s folder is not an incident response plan.
For Windows shops, managed service providers, healthcare IT teams, manufacturers, and enterprise security groups, the Willis numbers should land as both reassurance and warning. Insurance is paying for a large share of average losses, but the biggest costs are still coming from the oldest failure mode in the digital economy: systems go down, work stops, revenue disappears, and recovery takes longer than anyone promised during tabletop exercises.
Cyber Insurance Has Finally Escaped the Vaporware Phase
Cyber insurance has spent much of its life caught between two caricatures. Buyers suspected it was a policy full of exclusions waiting to be invoked after disaster. Insurers suspected buyers were treating it as a substitute for patching, backups, identity controls, and incident response planning.The Willis report cuts through some of that mutual suspicion. A dataset of 5,500 claims and roughly $1 billion in insurer payments is not marketing fluff. It is the kind of evidence the cyber insurance market has historically lacked: a claims-backed view of what actually happens after organizations are breached, extorted, knocked offline, sued, or dragged into someone else’s vendor failure.
The headline number matters because it addresses the most basic question buyers ask: will the policy respond when the incident is real? Willis says that, on average, the answer is yes for a large majority of data breach and first-party losses. That is a meaningful counterweight to the doom loop of anecdotal stories about denied claims, disputed wording, and litigation over nation-state exclusions.
But averages are dangerous in cyber. They smooth out the very volatility that makes the risk hard to price. A policy that adequately covers the average data breach may still be badly mismatched to a ransomware event that paralyzes a manufacturer for weeks, a hospital network for days, or a logistics provider during peak season.
The Breach Is Common, but the Outage Is Catastrophic
The most frequently reported cyber insurance loss remains the data breach, and malicious breaches account for the majority of those incidents. That tracks with what security teams see daily: stolen credentials, exposed databases, phishing-driven account compromise, misconfigured systems, and the long tail of privacy notifications and legal costs.Yet ransomware remains the financial monster. Willis pegs the average ransomware event at 25 days and the average loss at $5.3 million, with the largest single loss now exceeding $500 million. That gap between frequency and severity is the heart of the modern cyber risk problem.
A data breach can be expensive, humiliating, and legally messy. A ransomware incident can be existential because it converts security failure into operational paralysis. The difference is not merely forensic; it is economic. A breach asks, “What was taken?” Ransomware asks, “Can the business function tomorrow morning?”
That distinction matters for Windows-heavy environments because ransomware is rarely just a malware story. It is an Active Directory story, a backup story, an endpoint visibility story, a privilege escalation story, and a recovery sequencing story. The insurance claim may be filed under cyber, but the pain is distributed across identity, infrastructure, legal, finance, communications, and customer operations.
The Ransom Is No Longer the Whole Ransomware Story
Willis reports that business interruption losses and ransom payments are the two largest cost elements in ransomware events. Average ransom demands now stand at $3.8 million, while average actual payments are $1.5 million. That spread suggests negotiation, refusal, partial payment, better backups, law enforcement pressure, or some combination of all four.But the ransom itself has become a misleading focal point. It is visible, dramatic, and easy to understand, which is why it dominates boardroom conversations and news coverage. The more damaging number may be the 25-day average event duration.
Twenty-five days is an eternity in an organization that depends on ERP, email, identity services, endpoint fleets, clinical systems, payment processing, production scheduling, or customer support queues. It is long enough for manual workarounds to fail, customers to defect, regulators to start asking pointed questions, and executive confidence in the IT function to fray.
That is why the Willis data should push cyber insurance conversations away from “Will ransom be covered?” and toward “What would 25 days of degraded operation cost us?” The second question is harder, but it is the one that tells buyers whether their limits, sublimits, waiting periods, and business interruption assumptions resemble reality.
Direct Attacks Still Carry the Real Cost
One of the report’s sharper distinctions is between direct attacks and vendor-led ransomware incidents. According to Willis, events where attackers target an organization’s own systems account for 58 percent of ransomware notifications but 95 percent of total costs. Vendor-led incidents account for 42 percent of notifications but only 5 percent of costs.That split complicates the current obsession with third-party risk. Vendor incidents are rising, and systemic single-vendor failures remain a critical concern. But the most expensive ransomware claims still appear to come from attacks that land directly inside the victim’s own environment.
For IT leaders, this is a useful corrective. Vendor risk management matters, but it cannot become a fashionable distraction from hardening the estate you actually control. Identity hygiene, privileged access management, backup isolation, endpoint detection, segmentation, patch governance, and incident response retainers remain the boring center of the ransomware problem.
It also suggests that cyber insurance underwriting pressure will continue to fall heavily on internal controls. Insurers may ask more detailed questions about cloud identity, remote access, endpoint coverage, vulnerability management, backup immutability, and logging retention not because they enjoy paperwork, but because the claims data keeps pointing back to the insured’s own systems as the costliest battlefield.
The Supply Chain Is Becoming Cyber’s Shared Blast Radius
The Willis report does not let vendors off the hook. Third parties are responsible for nearly 50 percent of data breach losses and 29 percent of first-party losses, according to the findings. That is a striking number for any organization whose vendor inventory is more aspirational spreadsheet than living risk model.The modern enterprise does not merely buy software. It outsources authentication flows, payment systems, analytics, HR platforms, managed detection, email security, cloud hosting, customer support tooling, file transfer, payroll, and marketing instrumentation. Each of those relationships may reduce internal complexity while increasing dependency on another company’s controls.
This is where cyber insurance becomes both a financial backstop and a diagnostic instrument. If claims increasingly involve third parties, the policy language around dependent business interruption, contingent system failure, vendor-triggered breach response, and aggregation becomes more than legal boilerplate. It becomes the difference between a claim that fits the contract and a loss that falls into a gap.
Systemic risk is the harder problem. A single-vendor event can strike many insureds at once, which makes it dangerous for carriers and confusing for buyers. Cyber insurance can handle individual fires more easily than citywide blackouts, and the market is still working out how to price an economy where one widely used platform can become a common point of failure.
Pixel-Tracking Litigation Shows Cyber Risk Has a Long Tail
Willis flags pixel-tracking litigation as a hidden cyber insurance risk, and that detail deserves more attention than it will probably receive. Pixel tracking is not ransomware. It does not crash servers, encrypt files, or splash skull-and-crossbones notes across desktops. It is a privacy and data-handling problem embedded in the ordinary machinery of web analytics and advertising.That makes it more dangerous in a different way. Organizations can understand a ransomware gang as an external villain. It is harder to confront the idea that routine marketing tools, tracking scripts, consent flows, and third-party tags may create legal exposure that later turns into cyber claims.
For healthcare, financial services, and other regulated sectors, this is not an academic concern. A tracking pixel on the wrong page can become a disclosure issue, a class-action magnet, or a regulatory headache. The technical footprint may be tiny; the claims footprint may not be.
The lesson for administrators and security teams is that cyber risk has escaped the server room. Privacy engineering, consent management, data minimization, tag governance, and marketing technology reviews now belong in the same conversation as malware defense. That may annoy everyone involved, which is usually a sign that the risk has become real.
AI Is Not Yet the Claim, but It Is Becoming the Accelerant
Willis says artificial intelligence is not yet appearing as a stand-alone driver of cyber insurance claims, but it is fueling risk volatility by amplifying existing threats. That is the most sober way to describe AI’s current role in cyber risk. The claim may not say “AI incident,” but the phishing email may be better, the social engineering may be faster, and the reconnaissance may be cheaper.This matters because the insurance market often names risks only after the losses become legible. Before ransomware was a dominant category, it was simply malware, extortion, business interruption, or data restoration. AI may follow a similar path, first appearing as a force multiplier inside familiar loss categories before emerging as its own policy battleground.
For defenders, the practical implication is less glamorous than the hype cycle suggests. AI does not eliminate the need for multifactor authentication, tested backups, least privilege, software inventory, logging, or employee verification procedures. If anything, it makes the consequences of weak controls arrive faster.
The coverage question will become more complicated as organizations deploy AI into customer service, software development, document processing, security operations, and decision support. The market will need to distinguish between AI-assisted attacks, AI-caused operational errors, model governance failures, data leakage, intellectual property disputes, and professional liability. That sorting process will be messy because real incidents rarely respect policy categories.
The Policy Has to Match the Business, Not the Brochure
Peter Foster, chairman of global FINEX cyber and cyber risk solutions at Willis, framed the issue plainly: cyber insurance cover varies widely, and organizations need to understand whether what they bought aligns with their actual exposures. That sounds like standard insurance-market caution, but in cyber it is unusually important.A manufacturer’s risk profile is not a law firm’s risk profile. A hospital’s downtime tolerance is not a SaaS company’s downtime tolerance. A logistics provider’s vendor dependency is not a regional government’s vendor dependency. The term “cyber insurance” hides a large range of coverage designs, exclusions, sublimits, waiting periods, panel requirements, and definitions.
This is where buyers often get the product wrong. They compare premiums and limits, then treat the policy as interchangeable. The Willis data argues for the opposite approach: start with the claims patterns most likely to hurt your sector, then test the policy against those scenarios.
If ransomware downtime is the nightmare, business interruption terms matter more than a glossy incident response promise. If third-party breach exposure is rising, vendor language matters. If pixel-tracking litigation is plausible, privacy coverage deserves scrutiny. If AI is being rolled into production systems, silence in the policy may not be comfort; it may be ambiguity waiting for a dispute.
The Underwriting Form Is Becoming a Security Roadmap
Cyber insurance has quietly become one of the few market mechanisms that can force security conversations into the executive suite. A CISO can warn about backup resilience for years and be ignored. An insurer can ask the same question during renewal and suddenly trigger budget meetings.That dynamic frustrates security professionals, especially when underwriting questions feel simplistic or misaligned with technical reality. Still, the direction of travel is clear. Insurers are using claims data to reward controls that reduce loss and scrutinize gaps that correlate with expensive incidents.
The result is a strange but useful feedback loop. Claims reveal which failures cost money. Underwriters convert those failures into questions. Buyers convert the questions into projects. Security teams then get leverage to implement controls that should probably have been funded years earlier.
There is a danger, of course, in treating insurance questionnaires as compliance checklists. A company can answer “yes” to multifactor authentication while leaving legacy protocols, service accounts, unmanaged devices, or poorly protected admin paths exposed. The goal is not to satisfy the form. The goal is to survive the incident the form is imperfectly trying to predict.
Windows Environments Sit at the Center of the Claims Reality
WindowsForum readers do not need to be told that the enterprise still runs on Windows, Active Directory, Microsoft 365, Exchange remnants, Entra ID, remote management tools, endpoint agents, file shares, and a sprawling inheritance of business applications. That reality makes the Willis findings especially relevant to this community.Ransomware actors do not need exotic zero-days when they can phish credentials, abuse remote access, escalate privileges, disable defenses, move laterally, and detonate payloads across poorly segmented environments. The technical chain differs from case to case, but the operational result is familiar: users cannot work, admins are rebuilding trust, and executives are asking when the business comes back online.
Cyber insurance will not restore a domain controller. It will not validate backups, rebuild golden images, rotate secrets, or decide which systems come online first. It may pay for incident response, legal counsel, notification, restoration costs, business interruption, and ransom where covered, but the organization still has to execute under pressure.
That is why the Willis report should be read less as a victory lap for insurers than as a map of where Windows-heavy organizations keep absorbing losses. The costliest events are long-running, operationally disruptive, and deeply entangled with identity and infrastructure. That is exactly the terrain sysadmins live on.
The Market Is Maturing, but It Is Not Becoming Simple
The cyber insurance market is in a more mature place than it was during the early ransomware surge. Buyers are smarter, carriers have more claims data, underwriting is more disciplined, and coverage disputes have forced more precise wording. That does not mean the product is simple.Cyber is difficult because it combines criminal behavior, software flaws, human error, legal liability, geopolitical risk, vendor dependency, regulatory pressure, and business continuity into one loss category. Traditional insurance likes boundaries. Cyber keeps dissolving them.
The Willis findings show a market that can absorb a large share of ordinary cyber losses while still worrying about tail events. That is a rational posture. The average loss may be adequately covered; the catastrophic, systemic, multi-victim, multi-jurisdiction event remains the scenario that keeps insurers, reinsurers, brokers, and regulators awake.
Buyers should take the same view. Cyber insurance is neither a scam nor a shield. It is a financial instrument sitting beside controls, contracts, incident response, governance, and continuity planning. Treating it as any one of those things alone is how organizations end up disappointed.
The Willis Numbers Change the Renewal Conversation
The practical value of the report is that it gives IT and risk teams a better way to talk about cyber insurance internally. Instead of arguing in abstractions, they can anchor the conversation in observed claims patterns: data breaches happen most often, ransomware hurts most severely, direct attacks drive most ransomware cost, third parties are increasingly implicated, and AI is amplifying rather than replacing existing threats.That changes the renewal meeting. The question is not simply whether the premium went up or down. It is whether the purchased coverage matches the organization’s real incident scenarios.
A board that sees cyber insurance as a checkbox will focus on the certificate. A board that understands the Willis data will ask whether limits are sufficient for extended downtime, whether dependent business interruption is meaningful, whether breach response panels are usable, whether privacy litigation is covered, and whether the organization can prove the controls it represented during underwriting.
The best buyers will also treat the policy as a stress test. If a claim depends on timely notification, approved vendors, documented controls, preserved logs, or specific incident response steps, those requirements should be operationalized before the breach. A policy sitting in legal’s folder is not an incident response plan.
The Numbers Windows Shops Should Bring to the Next Risk Meeting
The useful lesson from Willis is not that cyber insurance solves cyber risk. It is that the claims market is now mature enough to show where insurance performs well, where losses concentrate, and where organizations keep underestimating operational exposure.- More than 95 percent of average data breach losses and 90 percent of average first-party cyber losses were adequately covered in the Willis claims analysis.
- Ransomware remains the highest-severity cyber loss category, with an average event duration of 25 days and an average loss of $5.3 million.
- Business interruption and ransom payments are the two largest ransomware cost elements, which makes downtime modeling more important than ransom speculation.
- Direct attacks on an organization’s own systems account for most ransomware costs, even though vendor-led incidents make up a large share of notifications.
- Third parties now account for nearly half of data breach losses, making vendor dependency a coverage and resilience problem rather than just a procurement issue.
- AI is not yet a stand-alone claims driver in the data, but it is increasing volatility by making existing attack patterns faster, cheaper, and more convincing.
References
- Primary source: Insurance Journal
Published: 2026-06-17T16:30:53.274196
Doing its Job: Large Majority of Cyber Losses Covered by Insurance, Says Willis
More than 95% of average data breach losses and 90% of average first-party losses are adequately covered by insurance, according to a recent report bywww.insurancejournal.com - Related coverage: asatunews.co.id
Cyber Insurance Covers Vast Majority of Data Breach and First-Party Losses
A global Willis report reveals cyber insurance covers over 90% of losses despite rising ransomware severity and increased third-party vendor risks.www.asatunews.co.id - Related coverage: streetinsider.com
Cyber insurance is delivering meaningful financial protection, with a majority of data breach and first-party losses covered according to Willis’ latest report
LONDON, June 16, 2026 (GLOBE NEWSWIRE) -- More than 95% of average data breach losses and 90% of average first-party losses are adequately covered by insurance, according to the latest report by Willis, a WTW business (NASDAQ:...www.streetinsider.com - Related coverage: insurancebusinessmag.com
Cyber insurance buyers are getting smarter – but the risks are evolving faster | Insurance Business
Demand is rising, threats are shifting, and insurers are scrambling to keep up
www.insurancebusinessmag.com
- Related coverage: reinsurancene.ws
Aon reports soft cyber and tech E&O insurance market amid growing risk challenges - Reinsurance News
Aon, the global professional services firm specialising in risk, insurance, reinsurance, human capital and consulting services, has said that conditionswww.reinsurancene.ws - Related coverage: ciodive.com
Cyber insurance policyholders facing heavier scrutiny in underwriting, claims | CIO Dive
A multiyear lull in insurance rates and insurers’ over-dependence on large U.S. policyholders have led to more restrictions and exclusions in coverage.www.ciodive.com
- Related coverage: spglobal.com
- Related coverage: wtwco.com
- Related coverage: dataprotectionreport.com
