Fraud and phishing have overtaken ransomware in CEO risk rankings, with 73% reporting exposure to cyber-enabled fraud in 2025 while claims tied to business email compromise continue to rise, according to Munich Re’s Cyber Insurance: Risks and Trends 2026 report.
Business email compromise (BEC), often linked to funds transfer fraud, remains a frequent driver of cyber insurance claims. Attack methods are increasingly tied to social engineering using synthetic identities, deepfakes, and AI-generated content. Industry participants, including insurers such as Coalition and Beazley, have pointed to deepfakes as an emerging factor in social engineering risk, with implications for claims and coverage.
Data from the CrowdStrike Global Threat Report 2026 shows that 82% of detections in 2025 were malware-free, with adversaries relying on valid credentials and trusted access pathways rather than traditional malware. This trend is consistent with the growing role of identity-based intrusion methods.
Ransomware remains one of the main drivers of insured cyber losses. According to Munich Re’s, publicly reported attacks increased by nearly 50% in 2025 and continue into 2026, driven by structured criminal models and re-formed smaller groups following enforcement actions. Financial losses remain largely tied to business interruption.
Threat intelligence indicates changes in execution. CrowdStrike reports that adversaries are using cross-domain techniques spanning cloud environments, identity systems, and unmanaged infrastructure to avoid detection. Attack speed has also increased, with average breakout time falling to 29 minutes in 2025 and the fastest observed case at 27 seconds.
Separate industry data indicates that ransomware attack frequency increased by 45% year over year, while average ransom payments declined by 50%, reflecting changes in payment behavior and resilience measures.
Munich Re identifies ransomware, data breach, BEC, and distributed denial of service (DDoS) among the primary drivers of cyber losses. First-party claims account for 62% of cases, led by business interruption, privacy liability, and incident response.
While attention often centers on large corporations, most cyber incidents and claims affect micro-companies and SMEs. Munich Re data shows a 3:1 ratio of malicious to non-malicious loss events, with non-malicious incidents - often linked to human error or software issues - becoming more relevant over time.
Data breaches continue to develop alongside fraud trends. Attackers are increasingly focused on data exfiltration without encryption, while 64% of C-level respondents report concern about breaches and 25% report prior incidents.
Industry data also points to losses arising from privacy non-compliance and wrongful data collection. Cases linked to pixel tracking and biometric data exposure have resulted in settlements exceeding $100 million, based on reported litigation outcomes.
DDoS activity more than doubled in 2025, with peak attacks reaching 31.4 terabits per second. At the same time, vendor-related incidents and cloud outages are emerging as a source of systemic loss. A November 2025 outage involving a major provider has been estimated to have caused losses between $5 billion and $15 billion, based on industry assessments.
These developments point to concentration risk linked to reliance on a limited number of technology providers. Cyber incidents tied to vendors and supply chains can create systemic impacts across organizations.
Munich Re notes that geopolitical factors continue to influence cyber exposure, with 64% of organizations expecting to be affected by geopolitically motivated cyberattacks, particularly in sectors linked to critical infrastructure.
Despite rising losses, the cyber insurance market remained favorable to buyers through 2025, with premium reductions continuing due to insurer competition. Estimates place the market at $16 billion in 2025, with projections reaching at least $40 billion by 2030.
Early 2026 indicators suggest a slower rate of premium decline, with some insurers seeking flat renewals in higher-risk sectors. Market participants note that loss trends, including ransomware severity and systemic events, alongside reinsurance renewals, will influence whether conditions shift in the near term.
Industry participants also point to the growing importance of data-driven underwriting, portfolio visibility, and risk selection in managing cyber exposure in a competitive environment.
