Agency Checklists

Massachusetts Insurance News & Job Opportunities

You are here: Home / Latest News / 2026 InsurSec Report: Average Ransoware Loss Now $441,000

2026 InsurSec Report: Average Ransoware Loss Now $441,000

by

Cyber insurance claims trends showing ransomware and fraud losses in 2025

2025 Claims Data Report Points to Structural Shift in Cyber Losses

Cyber losses continued to escalate in 2025, with both claim frequency and severity reaching new highs, according to the 2026 InsurSec Report from At-Bay, based on more than 100,000 policy years of cyber insurance claims data.

For insurance professionals, the report reflects not simply a rise in cyber incidents, but a shift in how losses develop—driven by repeatable attack methods, higher downstream costs, and expanding third-party liability exposure.

Claim frequency increased 7% year-over-year, while average severity climbed to a record $221,000.

  • Ransomware severity rose 16% to $508,000
  • Financial fraud accounted for 30% of all claims
  • Third-party liability claims increased 70% year-over-year
  • Email remained the initial entry vector in 52% of incidents

Ransomware: Remote Access Exposure Driving Loss Severity

Ransomware remained the most costly category, with average losses more than double the portfolio average.

The report attributes much of the 2025 activity to the rise of the Akira ransomware group, which accounted for more than 40% of ransomware claims and drove a surge in the second half of the year.

Unlike earlier ransomware campaigns, Akira’s model relied on large-scale exploitation of remote access infrastructure, particularly SonicWall VPN devices. Overall, 87% of ransomware claims originated from remote access vectors.

These incidents also carried the highest severity, averaging $433,000—more than double the overall claims average—reflecting the impact of lateral movement, system-wide encryption, and prolonged operational disruption.

Business Interruption Emerges as Primary Loss Multiplier

While ransom demands remain the most visible component of a cyber event, the report identifies business interruption as the primary driver of severity.

One in three ransomware incidents triggered business interruption losses. When operations were disrupted, average claim severity reached $510,000—three times higher than in incidents without downtime.

The findings indicate that loss outcomes are increasingly determined by containment and recovery timelines rather than the initial intrusion alone.

Financial Fraud: Frequency Leader With Escalating Losses

Financial fraud remained the most common incident type, accounting for approximately 30% of all claims.

Email continued to serve as the primary entry point, accounting for 82% of fraud-related incidents.

Loss severity also increased. The average amount stolen rose 16% to $285,000, with the largest single loss reaching $9.7 million.

The report highlights timing as a key determinant of recovery. Businesses that reported fraud within three days recovered at least some funds 70% of the time. Beyond that window, recovery rates declined significantly.

Attack methods are also evolving, with threat actors increasingly routing malicious activity through legitimate platforms to evade detection and exploit user trust.

Third-Party Liability: A Growing Second Layer of Loss

Third-party liability claims saw the largest increase of any category, rising 70% year-over-year.

These claims, often tied to class-action litigation and statutory privacy violations, can arise months after an incident is resolved, adding defense costs and settlement exposure beyond the immediate loss event.

The report characterizes this as a distinct and growing component of cyber risk—separate from the insured’s own system failure.

Industry and Size Trends: Exposure Broadens

The data shows consistent exposure patterns across industries:

  • Manufacturing: highest claim frequency
  • Technology: highest severity at $271,000
  • Healthcare: elevated severity driven by operational and data sensitivity

Smaller organizations are also experiencing increasing loss severity. Companies with less than $25 million in revenue saw a 26% increase in average claim severity, reflecting shared infrastructure risks with larger organizations but fewer security resources.

Implications for Agents and Brokers

The report indicates a shift in how cyber losses must be evaluated and managed:

  • Remote access controls are now central to underwriting and loss prevention
  • Speed of response materially affects financial outcomes, particularly in fraud events
  • Total loss extends beyond the initial incident, with business interruption and litigation driving severity
  • Exposure is no longer limited by company size, as attackers target infrastructure rather than specific organizations

Report Availability

The full 46-page 2026 InsurSec Report is available for free from At-Bay: https://www.at-bay.com/2026-insursec-report/.