The US$50 billion claim keeping insurers awake

There have certainly been some big headlines in the world of cyber insurance recently. Jaguar Landrover had an insurance proposal from Lockton waiting to be signed. The Co-op chose improved hardware over insurance. Salesforce has been reported as having one billion records compromised. The list goes on and on as household names have suffered at the hands of cyber criminals – and the cyber insurance market has entered a new phase of unease. Industry leaders are warning that a single, large-scale cyberattack could soon test the resilience of global reinsurance in the same way that hurricanes and earthquakes have done in the past.

At the ILS Bermuda Convergence 2025 conference in Hamilton, Ian Newman (pictured), global head of cyber at Gallagher Re, said that cyber becoming a “peak peril” was “only a matter of when, not if.” A peak peril, he explained, would be an event capable of generating losses of between 30 and 50 billion US dollars for reinsurers from a single incident.

Read more: JLR hack raises prospect of COVID-style bailout

Other reinsurers echoed that sentiment. Chubb has warned that a cyber catastrophe would resemble a pandemic or natural disaster, with one exploit capable of rippling simultaneously across multiple countries and industries.

Get the latest reinsurance news direct to your inbox twice a week. Sign up here

Historical benchmarks – the losses so far

Although cyber insurance has not yet suffered such a cataclysmic event, several major incidents have provided a glimpse of its destructive potential.

^{Note: Insured and industry loss figures are approximate and may change as claims develop.}

Why the market still believes the big one has not yet arrived

Despite the visibility of these losses, Newman noted that the industry has yet to face a truly systemic cyber event. “It’s funny when I speak to people sure it’s happened already,” he told delegates. “No, [I tell them] it’s not actually happened.”

The discrepancy between large economic losses and smaller insured payouts stems from several factors. Many companies maintain low cyber limits or self-insured retentions; some claims are excluded by wording; and much of the exposure remains within traditional property or liability policies rather than affirmative cyber.

The larger concern for reinsurers is accumulation. A single software update, cloud outage or shared vendor failure could simultaneously hit hundreds of insureds. Chubb has observed that the insurance industry still lacks a universally accepted definition of what constitutes “systemic” cyber risk, complicating underwriting and capital planning.

Read more: Beer cyberattack leaves shelves empty

Analysts have warned that current catastrophe models remain inadequate for mapping these dependencies, while the growing use of cloud services, AI systems, and global supply chains increases the likelihood of correlated losses.

Implications for insurers and reinsurers

For the insurance industry, the move from frequent, moderate cyber losses to the potential for one colossal event carries significant implications:

• Capital modeling and accumulation management – A cyber event in the 30–50 billion US dollar range would force reinsurers to reassess catastrophe loadings and retrocession structures.
• Policy wording and trigger clarity – The distinction between “attack” and “system failure” remains critical. Ambiguity could create widespread coverage disputes after an event.
• Vendor and supply-chain risk – The CrowdStrike and NotPetya incidents demonstrated that losses can stem from upstream technology providers rather than direct breaches.
• Public-private backstops – Several policy specialists have called for a government-supported reinsurance mechanism, similar to terrorism or pandemic pools, to stabilise the market in the event of a cyber catastrophe.
• Alternative capital and ILS expansion – The recent growth in cyber catastrophe bonds shows promise, but capital markets remain too small to absorb the full systemic risk.
• Underwriting discipline – Insurers must monitor accumulation across clients and sectors, maintaining conservative limits and robust modeling to avoid concentration exposure.

Top three systemic cyber risks keeping reinsurers awake

1. Cloud concentration failures
   The dominance of a handful of global cloud service providers has created a single-point-of-failure risk unprecedented in insurance history. A widespread outage or compromise could trigger hundreds of thousands of claims simultaneously, spanning property, liability and cyber covers.
2. Supply-chain software contagion
   Events like NotPetya and SolarWinds have shown how malicious code inserted into widely used software can cascade through corporate networks worldwide. With software updates increasingly automated, even a brief delay in detection could amplify losses to catastrophic scale.
3. Data-integrity and ai manipulation attacks
   As insurers and corporations embed artificial intelligence in underwriting, trading and logistics, the risk of manipulated data or model corruption is rising sharply. Deepfake-based fraud and synthetic identity scams are now surfacing in claims files - early signals of a more sophisticated threat to come.

The road ahead

The industry is running out of time to prepare. While previous events have provided useful lessons, they pale in comparison to what experts believe is possible.

For now, cyber remains an emerging peril; yet as coverage expands and more organizations rely on shared digital infrastructure, its potential to become a genuine catastrophe risk grows stronger each year. The real test for insurers will not be how they price the next ransomware claim - but how they absorb the first true cyber-catastrophe when it arrives.

Get the latest reinsurance news direct to your inbox twice a week. Sign up here