New research released by Willis, the insurance brokerage, risk advisory and risk management business of WTW, shows that cyber insurance continues to provide significant financial protection against cyber incidents.
In its latest report, Cyber ​​claims take center stage – getting value from cyber insurance, Willis found that insurance covers more than 95% of average data breach losses and 90% of average first-party losses. The study analyzed 5,500 cyber claims from 95 countries between January 2013 and January 2026, covering approximately $1 billion in insurance payouts.
Willis said data breaches remain the most commonly reported cyber insurance claim, with malicious breaches accounting for the majority. The company’s findings reveal that ransomware attacks continue to cause the greatest financial losses, primarily due to the operational disruption and lengthy recovery period that typically follow an attack.
Willis also noted that third-party vendors account for an increasing proportion of cyber losses, while incidents involving a single vendor impacting multiple organizations continue to pose significant systemic risks.
The report found that ransomware incidents lasted an average of 25 days and caused $5.3 million in losses. Willis also reported that the largest individual losses related to ransomware now exceed $500 million.
While AI has yet to become a distinct category for cyber insurance claims, Willis said the technology is raising the level of risk by augmenting existing threats such as social engineering, deepfake phishing campaigns and ransomware attacks.
Willis’ analysis shows that attacks directly targeting organizations account for 58% of ransomware notifications but account for 95% of the associated costs. In comparison, incidents related to third-party vendors accounted for 42% of notifications but only 5% of total losses.
The company considers business disruption and ransom payments to be the two most significant cost drivers in ransomware incidents. The average ransom demand has risen to $3.8 million, while the average amount ultimately paid is $1.5 million.
The report also highlights the growing role of third parties in cyber losses, with external organizations responsible for nearly 50% of data breach losses and 29% of first-party losses.
Willis further noted that pixel tracking litigation is an often overlooked cyber insurance risk, noting that some claims have caused considerable damage in the broader cyber insurance market.
In addition to claims analysis, the report includes insights for industries such as financial services, healthcare, transportation and manufacturing.
Peter Foster, Chairman of Global FINEX Cyber ​​and Cyber ​​Risk Solutions at Willis, added: “Cyber ​​insurance coverage varies widely, which is why it is important for organizations to understand the coverage they have and ensure it is consistent with their risk exposures. When coverage does not reflect reality, organizations risk significant gaps where protection is most needed, while paying for coverage that has little real value.
“To get the most value from cyber insurance, considerations must reflect claims patterns across the market. Our analysis of claims and loss data provides clues into how cyber losses occur and what they mean, helping organizations prioritize the most important scenarios and design coverage around these realities.”
