Willis has published a report showing that cyber insurance covers more than 95% of average data breach losses and 90% of average first-party losses. The study examined 5,500 cyber claims across 95 countries.
The report tracks claims recorded between 2013 and 2026 and covers about USD $1 billion in insurer payments. It found that data breaches remain the most frequently reported type of cyber insurance loss, with malicious breaches accounting for most incidents.
Ransomware caused the highest financial losses in the data set, driven mainly by disrupted productivity and extended downtime after an incident.
The average ransomware event lasted 25 days and generated an average loss of USD $5.3 million. The largest single ransomware loss in the study exceeded USD $500 million.
The claims data showed a sharp difference between attacks aimed directly at an organisation and those linked to suppliers. Direct attacks accounted for 58% of ransomware notifications and 95% of total ransomware costs, while vendor-led incidents made up 42% of notifications but only 5% of costs.
Business interruption and ransom payments were the two largest cost components in ransomware claims. Average ransom demands stood at USD $3.8 million, compared with an average payment of USD $1.5 million.
Third-party exposure
The findings also point to the growing role of third parties in cyber losses. Third parties were responsible for nearly 50% of data breach losses and 29% of first-party losses.
Among third parties linked to breach events, half were in IT, technology or telecoms. Financial institutions accounted for 17%, while administrative services represented 11%.
The report highlighted the risk of systemic incidents, in which a single supplier affects multiple organisations at once. It also identified pixel-tracking litigation as a less visible source of loss that has already produced substantial costs across the cyber insurance market.
Sector patterns were also evident in the claims Willis reviewed. Healthcare businesses accounted for 20% of all cyber policy notifications, followed by financial institutions at 16% and manufacturing at 13%.
Asia focus
The report also examined conditions in Asia as companies expand their use of digital systems and interconnected suppliers. It found rising scrutiny of policy limits as ransomware losses increase.
Insured companies are also seeking more support from brokers to integrate cyber cover into incident response planning. Regular testing and pre-agreed vendor arrangements can help companies respond more quickly and reduce losses when an event occurs.
Conor Keating, Head of Cyber in Asia at Willis, said the regional risk landscape is becoming more complex as businesses digitise, automate and rely more heavily on interconnected technology ecosystems.
He said AI has not yet emerged as a stand-alone driver of cyber insurance claims, but is already amplifying existing threats, including social engineering, deepfake phishing and ransomware.
With the average ransomware event now costing businesses more than USD $5 million, insurance limit adequacy is coming under closer scrutiny across Asia, he said. Clients are increasingly seeking detailed cyber risk quantification analysis to guide insurance buying and strengthen confidence in their risk transfer strategy.
Keating added that insureds are also turning to cyber brokers for help embedding cyber policies into existing incident response plans. Regular testing and pre-agreed vendor engagement allow insureds to act quickly during an event, saving time and often reducing losses.
For companies in Asia, cyber insurance should not be viewed as a static policy purchase, he said. Instead, it should form part of a broader resilience strategy that helps quantify exposures, test response plans and align coverage with the real-world claims scenarios most likely to affect the business.
Coverage gaps
The broader conclusion from the claims analysis is that average cover levels appear to meet a large share of breach and first-party losses, but the picture varies by incident type and policy design. Differences in wording and scope can leave companies exposed if the insurance they buy does not match their actual risk profile.
That issue is becoming more important as cyber incidents increasingly involve third-party providers, operational disruption and legal claims that may not fit older assumptions about cyber loss. The findings suggest companies are paying closer attention to where claims arise and which parts of a loss are most expensive.
Peter Foster said cyber insurance cover varies widely, making it essential for organisations to understand what they have in place and whether it aligns with their risk exposures.
When cover does not reflect reality, organisations risk critical gaps where protection is needed most while paying for cover that offers little real value, he said. To get the strongest value from cyber insurance, cover should reflect the claims patterns seen across the market. Foster added that the claims and loss analysis helps organisations understand how cyber losses occur, prioritise the most material scenarios and design coverage around those realities.
Click Here For The Original Source.
