Cyber insurance statistics 2026: The growing need for digital protection

How big is the cyber insurance market?

The cyber insurance market has expanded rapidly over the past decade, driven by rising cybercrime, stricter regulations, and growing dependence on digital systems.

According to market estimates, global cyber insurance premiums grew from just over US$5 billion in 2020 to roughly US$14-15 billion by 2024.² Statista estimates the global cyber insurance market reached about US$14 billion in 2023 and could approach US$30 billion by 2027,³ with business policies driving most of that growth. Research and Markets projects the market will grow from US$20.56 billion in 2025 to US$44.67 billion by 2032.⁴ 

The U.S. dominates this market. American companies adopt cyber insurance earlier, face higher regulatory and litigation risk, and experience higher breach costs on average. As a result, North America represents the largest share of global cyber insurance premiums.⁵

Most demand comes from corporate cyber insurance, which covers breach response, ransomware recovery, business interruption, and liability claims. Personal cyber insurance remains smaller but continues to expand as identity theft cases and consumer fraud rise. Many insurers bundle personal coverage with homeowners or identity protection products rather than selling it as a standalone policy.

Looking ahead to 2026, the direction is clear. Premiums will likely continue to grow, but insurers will expect more substantial proof of controls like multi-factor authentication (MFA), backup testing, and vendor oversight before offering broad coverage.⁶

Cyber insurance claims statistics

Cyber insurance claims reveal where financial damage actually occurs. They highlight which incidents move beyond security events and turn into costly recovery efforts.

Personal 

Personal cyber insurance claims typically stem from identity theft, account takeover, and fraud recovery. These claims often cover identity restoration services, limited reimbursement for stolen funds, and professional support when criminals misuse personal data.

Consumer cybercrime reporting helps explain this demand. In 2024, the FBI’s IC3 logged 859,532 complaints and US$16.6 billion in reported losses, a 33% increase in losses compared with 2023.⁷ These reports include many identity theft cases, phishing scams, and payment fraud incidents.

IC3 data shows losses concentrated in fraud-heavy categories, including investment scams and tech support scams, but also in incidents tied to personal data exposure.⁷ These numbers align closely with widely cited identity theft statistics, which show that data exposure often leads to follow-on fraud months or even years later.

Survey research supports this picture. NordVPN reports that 33% of respondents experienced online scams and 49% of scam victims lost money.⁸ These patterns explain why more consumers look for cyber insurance that helps with recovery, not just prevention.

Business 

Business cyber insurance claims focus on operational disruption and liability. Ransomware, vendor outages, and breach response costs dominate large claims.

Allianz Commercial reports that ransomware accounted for around 60% of the value of large claims (over €1 million) in the first half of 2025.⁶ Resilience reports even stronger concentration: Ransomware made up 76% of incurred losses in the first half of 2025, rising to 91% when vendor-related ransomware losses were included.⁹

Claims also increasingly stem from non-attack events. Allianz reports that outages, contingent business interruption, and privacy litigation represented 28% of the value of large claims in 2024.⁶ For insurers and buyers alike, this shift broadens cyber risk beyond hackers alone.

Main causes of cyber incidents

Cyber incidents usually follow familiar paths. Attackers reuse the same weaknesses because they continue to work at scale.

Data breaches

Data breaches remain a leading cause of financial and personal harm. In 2024, ITRC tracked 3,158 U.S. data compromises.¹⁰ Those breaches exposed enormous volumes of personally identifiable information (PII), increasing the risk of downstream identity theft and fraud.

Supply chain breaches amplify damage. In 2024 alone, supply chain attacks indirectly impacted 657 entities and resulted in 203 million victim notices.¹⁰ Early 2025 data shows the same pattern continuing, with 79 supply chain breaches affecting 690 entities and 78,320,240 individuals in H1 2025.¹¹

When breach notices fail to explain what data was exposed or how attackers got in, victims can’t take targeted action, whether that means monitoring for credit card fraud, freezing credit, or protecting medical identities.

Ransomware attacks

Ransomware continues to drive cyber insurance losses because it shuts down operations fast.

Verizon reports ransomware appeared in 44% of breaches, up from 32% the year before. Verizon also reports the median ransom payment fell to US$115,000.¹² Even when victims refuse to pay, organizations still suffer heavily through downtime, recovery work, and reputational damage.

Smaller organizations face the greatest risk. Verizon reports ransomware appeared in 88% of SMB breaches, compared with 39% for large organizations.¹² Insurers increasingly reflect this gap in pricing and coverage terms.

Fraud

Fraud often causes losses without a technical breach. Criminals rely on social engineering, impersonation, and stolen credentials.

IC3 lists phishing and spoofing among the most common complaint types, with 193,407 phishing/spoofing complaints in 2024.⁷ These attacks include different types of phishing, such as email phishing, smishing (texts), and vishing, where attackers impersonate banks or employers over the phone.

These attacks frequently lead to account takeover, payment diversion, and credit card fraud.

Fraud tactics continue to evolve. Sumsub reports a 180% increase in sophisticated fraud,¹³ showing attackers now focus on fewer but more advanced schemes. In business environments, Resilience reports phishing accounted for 49% of incurred losses in H1 2025.⁹

Average cost of cyber incidents

Cyber incidents cost individuals and businesses in different ways.

IBM estimates the global average cost of a data breach at US$4.44 million in 2025.¹ Industry benchmarks show wide variation. Statista reports healthcare breaches averaged US$7.42 million, while financial services averaged US$5.56 million in the measured period.¹⁴

For individuals, IC3 reported US$16.6 billion in total cybercrime losses in 2024, with an average loss of US$19,372.⁷ Many of these losses stem from fraud rather than technical hacking, reinforcing the connection between data exposure and identity misuse.

Mitigation of financial losses caused by cyber incidents

Cyber insurance reduces financial shock, but prevention still matters. Combining coverage with strong habits and controls lowers both losses and recovery time.

For individuals 

Practical steps can dramatically reduce risk. These are proven tips on how to protect your personal information:

• Secure your primary email account with a strong password and MFA.
• Avoid password reuse by using a password manager.
• Enable transaction alerts on bank and credit card accounts.
• Watch out for different types of phishing.
• Act quickly on breach notifications to limit identity misuse.

These steps won’t stop every attack, but they significantly reduce exposure to identity theft and financial fraud.

For businesses

Organizations can reduce losses by focusing on common failure points:

• Patch exposed systems quickly.
• Enforce MFA across remote access and privileged accounts.
• Test backups regularly to reduce ransomware downtime.
• Treat vendors as part of your risk surface.
• Practice incident response to minimize breach costs.

Insurers increasingly reward these controls with better terms and pricing.

The future of cyber insurance

Cyber insurance will keep growing through 2026, but it won’t get easier to buy.

Ransomware, fraud, and supply chain incidents continue to scale. Breaches expose massive volumes of PII, fueling long-term identity theft statistics that concern both consumers and regulators. The ITRC also reports that about 70% of cyberattack-related breach notices in 2024 lacked attack details,¹⁰ which makes it harder for the market to learn from incidents and harder for people to protect themselves.

Insurers will likely respond by tightening underwriting, expanding exclusions, and focusing on resilience. Coverage will increasingly favor organizations that can prove strong controls rather than those that rely on insurance alone.

In short, cyber insurance will remain essential, but only for those willing to meet higher security expectations.

¹ IBM. Cost of a Data Breach Report 2025. Available at: https://www.ibm.com/reports/data-breach 

² Statista. Global cyber insurance premiums 2020–2024. Available at: https://www.statista.com/topics/2445/cyber-insurance/ 

³ Statista. Cyber insurance market size and forecast. Available at: https://www.statista.com/statistics/1190800/forecast-cyber-insurance-market-size/ 

⁴ Research and Markets. Cyber Insurance Market – Global Forecast 2025–2032. Available at: https://www.researchandmarkets.com/report/cyberinsurance 

⁵ American Academy of Actuaries. An Overview of the Global Cyber (Re)Insurance Market. Available at: https://actuary.org/wp-content/uploads/2025/08/Toolkit-GlobalCyber-8-25.pdf 

⁶ Allianz Commercial. Cyber Security Resilience 2025: Claims and Risk Management Trends.

Available at: https://commercial.allianz.com/content/dam/onemarketing/commercial/commercial/reports/cyber-security-trends-2025.pdf 

⁷ Federal Bureau of Investigation – Internet Crime Complaint Center (IC3). 2024 IC3 Annual Report. Available at: https://www.ic3.gov/AnnualReport/Reports/2024_IC3Report.pdf 

⁸ NordVPN. NordVPN research reveals: One in three people fall victim to online scams. Available at: https://nordvpn.com/blog/scam-experience-research/ 

⁹ Resilience. Midyear Cyber Risk Report 2025. Available at: https://unlock.cyberresilience.com/hubfs/2025%20Cyber%20Risk%20Report.pdf 

¹⁰ Identity Theft Resource Center (ITRC). 2024 Annual Data Breach Report. Available at: https://www.idtheftcenter.org/post/2024-annual-data-breach-report-near-record-compromises/ 

¹¹ Identity Theft Resource Center (ITRC). H1 2025 Data Breach Analysis. Available at: https://www.idtheftcenter.org/wp-content/uploads/2025/07/ITRC-H1-2025-Data-Breach-Analysis.pdf 

¹² Verizon. 2025 Data Breach Investigations Report (DBIR). Available at: https://www.verizon.com/business/resources/reports/dbir/ 

¹³ Sumsub. Identity Fraud Report 2025. Available at: https://sumsub.com/fraud-report-2025/ 

¹⁴ Statista. Average cost of a data breach by industry. Available at: https://www.statista.com/statistics/387861/cost-data-breach-by-industry/