Underwriters and brokers in the property and casualty market face a structural shift in cyber risk exposure.
The New Economics of Cyber Claims
According to the Resilience 2025 Cyber Risk Report, cybercriminals have systematically pivoted away from traditional ransomware encryption toward data exfiltration. In the second half of 2025, data theft-only attacks accelerated, accounting for 65% of extortion claims.
For the modern enterprise, the primary risk is no longer limited to the operational disruption of going offline. Instead, the “multi-year legal, regulatory, and reputational ‘tail’ that follows a data exposure event” now defines the financial severity of cyber incidents.
The Litigation Surge: Class Actions and Regulatory Exposure
A surge in litigious activity is directly driving claim severity across portfolios. The plaintiffs’ bar is capitalizing on data exposure, leading to a twofold increase in wrongful data collection claim notices in 2025.
Key litigation drivers mentioned in the report include:
- Alleged violations of state privacy laws, including the California Information Privacy Act (CIPA), regarding the use of tracking pixels and third-party data sharing on corporate websites.
- Immediate regulatory notification obligations triggered by the exposure of sensitive customer data and Electronic Health Records.
- Legal arguments by plaintiffs’ attorneys asserting that corporate defendants opted to pay criminals rather than compensate the actual victims of the breach.
The payment of ransoms to suppress stolen data has proven largely ineffective at preventing legal exposure. Maria Long, Resilience Chief Underwriting Officer, noted that “even when the insured pays the threat actor to suppress stolen data… based on notification laws, the victims are nonetheless notified of the theft, and there is often a resulting class action lawsuit from consumers whose information has been exposed.”
Underwriting Complications: Policy Reconnaissance and AI
Extortion operations are becoming increasingly sophisticated, complicating historical underwriting models. Threat actors deliberately research targets to maximize payouts rather than rely on high-frequency, low-severity attacks.
Specific tactical advancements severely impacting claim severity include:
- Policy Reconnaissance: The ransomware group Interlock actively locates and reads “client cyber insurance policies to inform ransom demands, calibrating asks to maximize payment likelihood while staying below coverage limits”.
- AI-Amplified Phishing: Phishing became the primary point of failure, accounting for 50% of incurred losses in 2025. AI-generated phishing campaigns have achieved a 54% success rate, representing a 4.5x effectiveness multiplier over traditional phishing methods.
Conclusion: Shifting the Defense Strategy
The transition from operational disruption to reputational leverage renders traditional backup and recovery defenses insufficient against modern extortion attempts. Coverage creep is intensifying as litigation timelines stretch to 3 years, with lawsuits often filed within days of an incident.
For the insurance industry, the data indicates that operational impact losses, coupled with multi-year regulatory proceedings and litigation, will increasingly rival or exceed direct incident response costs. Underwriters must now ensure that insureds are shifting from recovery-based strategies to prevention-focused security architectures, particularly data loss prevention and identity containment, to mitigate the severe tail risk of data exfiltration.
A free copy of the Resilience 2025 Cyber Risk Report is available at the company’s website by clicking HERE.
