Cyber claims are no longer defined by ransomware alone. AI-enabled phishing campaigns and digital asset losses are making claims more complex and harder to interpret at scale.
“I think the frequency certainly has increased and the complexity and there's increasing risk, systemic risk, potential issues around aggregation,” said William Gow (pictured), chair of CILA’s Cyber and Technology Special Interest Group and head of cyber & technology risks - UK at Crawford & Company.
While ransomware remains a dominant loss driver, the nature of attacks has diversified significantly.
“It’s not just pure ransomware attacks anymore,” Gow said.
Post-COVID, ransomware incidents were the primary concern. Now, claims are increasingly linked to data breaches, technology service outages and operational technology failures, often involving legacy systems and supply chain disruption, while artificial intelligence is accelerating the scale and effectiveness of attacks.
“It’s been a lot easier for those that can mimic local dialects, cultures, they can send grammatically correct and accurate phishing and email scams from anywhere in the world,” he said.
This has driven a rise in business email compromise, particularly among SMEs, with attackers able to target multiple organisations simultaneously across jurisdictions.
Even within ransomware, tactics are shifting.
“Originally they were using mechanisms of encryption. Now actually they’re going straight in and just appropriating and exfiltrating data from source, so they’re running theft only extortion models,” Gow said.
This transition from encryption to data theft is increasing the complexity of claims, particularly around privacy exposure and regulatory implications, and introduces new challenges around payments and jurisdictional rules.
“That complicates payments, because depending on what jurisdiction is, different rules are in place around paying threat actors if you're negotiating,” he said.
Alongside these trends, the rise of digital assets is introducing fundamentally different types of claims, shifting the focus from systems and business interruption to assets with intrinsic value that must be traced, analysed and, where possible, recovered within blockchain environments.
“When you're dealing with digital asset loss, you're dealing with an actual asset that has value in itself,” Gow said. “You have to do things like on-chain forensics. Almost like that’s your crime scene.”
That shift also introduces significant valuation challenges, with digital asset prices fluctuating rapidly and creating uncertainty over how claims should be assessed.
“Those prices fluctuate rapidly. So that changes the value of the claim,” Gow said.
Determining whether valuation is based on the time of loss, discovery or settlement can materially affect outcomes.
Despite growing exposure, the insurance market remains underdeveloped in this area, and only a small proportion of digital assets are currently insured.
“There’s definitely that gap in knowledge, awareness and experience,” Gow said. “It’s still only around 11% of crypto holders are insured. Given you’ve got an asset class worth trillions, it’s quite a scary picture.”
The combination of limited data, technical complexity and cautious underwriting has constrained capacity, leaving significant exposure across the market.
Cyber insurance policies are improving, but not fast enough to keep pace with evolving risks and technology.
“They’re improving, but they’re not keeping pace with the risk, the evolution of those risks, the type of technology,” Gow said.
While insurers have tightened wording around established issues such as supply chain disruption and vendor outages, emerging risks, particularly those linked to AI, remain less clearly addressed.
“You’ve got this uneven adaptation across the market,” he said.
As claims become more technical, the need for specialist expertise and coordinated response is increasing, placing loss adjusters at the centre of increasingly complex claims environments.
“Cyber claims are expanding into much more technical and complex areas. The industry requires more shared expertise and best practice,” Gow said. “[Loss adjusters] sit outside of the indemnity spend, so they’re naturally conflict free. They can be objective in the approach,” he said.
With trillions in digital assets and limited insurance coverage, the question is no longer whether cyber risk is evolving, but whether the market is equipped to handle what comes next.
