A new analysis of thousands of cyber insurance claims shows ransomware attacks now cost businesses an average of $5.3 million per incident — but insurance payouts aren’t closing that gap. While policies have largely covered direct corporate losses, the rising severity of attacks is testing whether coverage limits still hold up.
Ransom Demands Outpace What Insurance Actually Pays
Willis reviewed 5,500 claims across 95 countries spanning 2013 to early 2026. Its report, Cyber Claims in Focus – Getting Value from Cyber Insurance, found that while insurers are paying out, the distance between what attackers demand and what companies actually receive is widening. The average ransom demand has climbed to $3.8 million while actual payments land at $1.5 million. Factor in lost productivity and business suspension, and the worst cases drag on for 25 days.
The single largest loss in the dataset exceeded $500 million.
Policies have broadly done their job covering direct damages. Total payouts reached roughly $1 billion, covering nearly all average data breach losses and 90% of direct corporate damages. Companies that purchase coverage are, on the whole, getting their claims paid.
Related: Singapore construction firms cut tech tools to boost productivity
Downtime costs and indirect losses, however, often fall outside what a typical policy reimburses — and those expenses can dwarf the ransom itself.
How Hackers Get In Matters More Than You’d Think
One of the clearest findings is the outsized financial damage from direct network intrusions. Such attacks account for 58% of ransomware reports but 95% of all financial costs.
Supply-chain breaches tell a different story.
Those incidents make up 42% of reports but just 5% of total damage — they’re typically caught faster or cause less disruption.
Outside of such attacks, data breaches remain the most frequent insurance claim. Third-party vendors are responsible for nearly half of all data breach losses and 29% of direct corporate losses. When those partners fail, IT, tech, and telecom providers bear the heaviest blame at 50% of incidents. Financial institutions account for 17% and administrative services for 11%.
Related: Maximizing networking efficiency with linkedin invitation automation
Pixel-tracking litigation has also emerged as an underestimated risk. These data-tracking tools have triggered widespread losses that few saw coming.
Healthcare Leads Claims, AI Amplifies Threats
Healthcare led all sectors with 20% of claim notifications.
Financial institutions followed at 16%, and manufacturing companies made up 13%.
Conor Keating, Willis’s head of cyber in Asia, noted that artificial intelligence hasn’t yet triggered standalone claims. But it’s already making existing attack methods more dangerous. Deepfake phishing and ransomware operations are becoming harder to detect and more effective at extracting payments, partly because of AI tools now available to criminal groups.
With per-incident costs that steep, Keating said businesses across Asia are reexamining whether their policy limits are sufficient for a worst-case scenario.
Related: Creating Competitive Advantage Through Strategic Branding in Singapore
Coverage Gaps Remain a Persistent Problem
Peter Support, chairman of global FINEX cyber at Willis, warned that many companies pay for coverage that doesn’t match their actual risk profile. Standard policies vary widely, and organizations sometimes discover critical gaps only after an attack hits.
The mismatch isn’t always obvious.
A policy might cover ransom payments but exclude the weeks of lost revenue that follow. It could protect against direct breaches but not incidents originating through a vendor’s compromised systems.
As cyberattacks grow more frequent and more expensive, having insurance isn’t the same as having enough. Whether coverage keeps pace with evolving threats remains an open question.
Leave a Reply