Cyber threats are no longer confined to data loss. From supply chain attacks to physical disruption and emotional harm, the modern risk landscape is demanding a wider, more adaptive response – one that goes beyond traditional protections. Chris McMurray, Managing Director, Cyber at Travelers Europe, said the industry must keep pace.
Cyber threats are no longer confined to data loss. From supply chain attacks to physical disruption and emotional harm, the modern risk landscape is demanding a wider, more adaptive response – one that goes beyond traditional protections. Chris McMurray, Managing Director, Cyber at Travelers Europe, said the industry must keep pace.
Download Travelers’ free cyber cover toolkit here.
“Ransomware still dominates,” McMurray said, “and it’s not just the big names being targeted that make the press.” While the Travelers Q2 2025 Cyber Threat Report showed a slight drop in incidents from Q1, that followed the busiest quarter on record in the last four years. “It’s still significantly up year-on-year,” he said.
Much of the brief decline is due to law enforcement actions and infighting among ransomware groups. “But as we’ve seen before, any pause tends to be short-lived. The void quickly gets filled.”
McMurray also highlights the growing toll of business email compromise (BEC) and social engineering fraud. “Those two alone represent nearly half of all our cyber claims over the last five years,” he said. This trend helped drive Travelers’ recent revamp of its CyberRisk product for SMEs and mid-market clients, including a move to “any one claim” cover for cyber crime to tackle repeat losses from events like social engineering fraud.
Equally pressing are indirect threats. “It’s no longer just ‘Will my system get hacked?’” he said. “It’s ‘Will a supplier or cloud provider I rely on be breached – and how will that affect me?’” Increasingly, systemic cyber events are rooted in third-party disruption.
AI, too, is shifting the threat landscape. “Attackers are using it to automate their efforts,” McMurray said. “And on top of that, geopolitical volatility adds a layer of risk that’s not just financial - it’s espionage, sabotage, disruption.”
The businesses that bounce back fastest after a breach, McMurray said, are those that treat cyber resilience as a cultural and operational priority, not just a technical one.
“It’s about having a plan for when that breach occurs and having tested that breach response plan,” he said. “Too often, cyber risk is seen as an IT issue or something insurance will handle. But neither works in isolation.”
Travelers’ own policies aim to embed readiness into coverage. “Our cyber insurance isn’t just a payout when something goes wrong,” McMurray said. “We provide a suite of pre-loss services all designed to help prevent breaches. Then when they do suffer a breach, we have our comprehensive breach response offering designed to respond effectively at that time of crisis.”
In the event of a breach, Travelers offers 24/7/365 access to vendors in IT forensics, legal, PR, and more. “That’s in my mind the most critical part of any cyber insurance offering” McMurray said. “Otherwise, companies are left scrambling when they should be focused on staying operational, especially when time is of the essence.”
A major update to Travelers’ CyberRisk policy now includes sub-limits for bodily injury and property damage - a sign of how cyber-attacks are increasingly causing physical consequences.
“In sectors like manufacturing, energy, or healthcare, cyber can mean more than just data loss,” McMurray said. “You might see spoilage from disabled temperature controls, or delayed patient care due to compromised hospital systems.”
The updated policy also includes a cyber well-being service. “We recognise the emotional toll,” he said. “We now offer confidential counselling for staff directly impacted. It's not just about protecting the business, but the people within it and recognising that human element.”
Despite rising awareness, many businesses still see cyber insurance as a fallback. McMurray sees that as a missed opportunity.
“Large breaches in the news sometimes spark a lightbulb moment,” he said. “But smaller businesses still tend to think, ‘That wouldn’t happen to me.’ Ironically, they’re often more vulnerable, with less IT resource and security investment.”
The solution? More relatable education. “If I show a small manufacturer data from similar firms that have been breached, they get it. That helps brokers explain the real risk and how coverage fits into a broader strategy.”
Cyber insurance today, he argues, is both broader and more affordable than many assume. “It shouldn’t be security or insurance. It has to be both.”
Interestingly, McMurray also supports learning directly from ethical hackers. “We’ve had former hackers lead sessions for brokers and clients,” he said. “They walk through how they gain access, how they interact with victims, even how they ‘support’ them through paying a ransom. It’s disturbingly professional.”
Those insights help inform stronger defences. “Knowing what tripped them up when they were on the other side is incredibly valuable,” McMurray said. “That knowledge makes their life harder – and potentially your systems safer.”
As the threat landscape continues to evolve, one constant remains: the businesses best prepared for a cyber breach are those that treat insurance not as a last resort, but as an integrated part of their operational resilience. For brokers, the role is increasingly about enabling that shift, translating threat intelligence into practical protection and ensuring clients are ready for whatever comes next.
For brokers looking for practical tools to support client conversations, Insurance Business UK has published a white paper outlining a complete cyber cover toolkit.
