LONDON, June 16, 2026 (GLOBE NEWSWIRE) -- More than 95% of average data breach losses and 90% of average first-party losses are adequately covered by insurance, according to the latest report by Willis, a WTW business (NASDAQ:WTW). Cyber claims in Focus – Getting value from cyber insurance analyses 5,500 cyber claims occurring from January 2013 to January 2026 across 95 countries, and around US$1 billion in insurer payments.
Data breaches are the most frequently reported cyber insurance loss, with malicious data breaches accounting for the majority of incidents. Ransomware losses register the highest financial severity, predominantly driven by the disrupted productivity and prolonged downtime that follows incidents. Third-party vendors are responsible for an increasing proportion of losses, and systemic risk from single‑vendor incidents impacting multiple organizations remains a critical concern.
Other key findings include:
- The average ransomware event lasts 25 days and the average loss is $5.3 million, with the largest single loss now exceeding $500 million.
- Artificial intelligence isn't yet appearing as a stand-alone driver of cyber insurance claims but is fueling risk volatility by materially amplifying existing threats such as social engineering, deepfake phishing and ransomware attacks.
- Events where attackers target organizations’ systems directly account for 58% of ransomware notifications and 95% of total costs, while vendor-led incidents account for 42% of notifications but only 5% of costs.
- Business interruption losses and ransom payments represent the two largest cost elements for ransomware events. Average ransom demands are now US$3.8 million versus an actual payment of US$1.5 million.
- Third parties are responsible for nearly 50% of data breach losses and 29% of first-party losses.
- Pixel-tracking litigation is the hidden cyber insurance risk, with some cases leading to substantial losses across the wider cyber insurance market.
The report includes industry spotlights on financial institutions, healthcare, transportation and manufacturing.
Peter Foster, chairman, global FINEX cyber and cyber risk solutions at Willis, said: "Cyber insurance cover varies widely, which is why organizations must understand what they have in place and ensure it aligns with their risk exposures. When cover doesn’t reflect reality, organizations risk critical gaps where protection is needed most, while paying for cover that offers little real value. To get the strongest value from cyber insurance, consideration must reflect the claims patterns seen across the market. Our analysis of claims and loss data provides hints to understand how cyber losses occur and what that means, helping organizations to prioritise the most material scenarios and design coverage around these realities.”
The report can be downloaded here.
About WTW
At WTW (NASDAQ: WTW) we provide data-driven, insight-led solutions in the areas of people, risk and capital. Leveraging the global view and local expertise of our colleagues serving 140 countries and markets, we help organizations sharpen their strategy, enhance organizational resilience, motivate their workforce and maximize performance.
Working shoulder to shoulder with our clients, we uncover opportunities for sustainable success—and provide perspective that moves you.
Learn more at wtwco.com.
Media contacts
Jo Barrett
Jo.Barrett@wtwco.com / + 44 7940 703911
Lauren Ryan
Lauren.Ryan@wtwco.com / +1 845 598 4895