This article was created in partnership with Cowbell.
As we head into 2026, one thing is for sure – cybercrime isn’t going anywhere. Research collated by VikingCloud found that cybercrime is expected to cost the global economy $14 trillion by 2028, with ransomware alone costing victims an average of $1.85 million per incident.
And while the severity of these attacks and the tactics used by criminals continue to increase, shockingly 43% of companies still don’t have cyber insurance. Kirsten Maley, director, claims UK at Cowbell, believes that over the past 12 months we’ve seen the case for having cyber insurance being proved again and again – urging employers to act preventatively rather than curatively here.
“The incidents making headlines this year have really highlighted how essential cyber insurance is, not just for large organisations but also for micro businesses and SMEs. Many of the major incidents have involved multimillion-pound companies that have the resources, expertise, and IT support to withstand such disruptions, including a temporary halt in business operations. Smaller businesses, however, often lack that financial cushion or access to the same level of support, which makes the impact far more severe.”
As Maley told IB, cyber remains unique in that we must maintain a proactive approach with our brokers and policyholders. Staying ahead of trends, educating both groups, and ensuring regular conversations around risk prevention and claims mitigation are crucial.
“More than ever, we’re seeing increased requests from brokers and policyholders to engage in deeper discussions about risk management. Employee error continues to be one of the leading causes of cyber incidents. Ongoing staff training is vital, and brokers and insureds alike should reach out to their cyber insurance partners to explore whether training can be included as a value-added benefit within their policy.”
And the data’s there to chime with Maley’s assertions – employees really are either a business’s best defense or their biggest weakness. Research from Dayforce’s 16th Annual Pulse of Talent report found that while 63% of employees said developing AI skills is important, 71% said they haven’t received any AI training in the past year – training that could prove useful considering the whole new arsenal of cyberthreats coming down the line in 2026.
“Ransomware groups are becoming increasingly sophisticated, while employee error continues to be a major factor,” added Maley. “The rapid advancement of AI introduces new risks, and many businesses still underestimate the importance of both cyber risk management and cyber insurance. For example, one way to infiltrate systems is through phishing attacks. Before AI, it was fairly easy to spot phishing emails; poor grammar and spelling, and incomprehensible language were dead giveaways. Now, international ransomware groups can easily create professional and authentic-sounding emails and send them out en masse, drastically increasing their chance of employees mistaking them for real messages.”
With an eye firmly set on 2026’s horizon, Maley went on to tell IB that her team is already seeing businesses seek higher limits of coverage, as well as new buyers entering the cyber insurance market in response to recent high-profile incidents.
“These developments are driving more meaningful discussions around why cyber insurance matters and what true resilience looks like for businesses,” she added. “We’re also awaiting the UK government’s decision regarding a potential ransom ban and mandatory reporting requirements. [Because], if implemented, these measures will significantly reshape how both insurers and businesses operate.”
The UK’s possible ban on ransomware payments is expected to have a ripple effect across Europe and the world – potentially changing the scope of both demand and coverage in cyber insurance. And while nothing’s for certain as of yet – one thing remains the same; cyber insurance is no longer a ‘nice to have’ benefit, it’s an absolute strategic necessity.
As Maley told IB, Employers should make sure that they are protected with a standalone cyber insurance policy, as well as:
Ensure they have an incident response plan
Invest in staff training, particularly around phishing
Reach out to brokers or insurers to understand the benefits that come with their cyber policy (some insurers offer phishing training, micro-pen testing, dedicated calls with in-house cybersecurity advisors and claims team, and more)
Stay apprised of any trends
“Ultimately, cyber resilience comes down to preparation,” she added. “The more proactive employers are today, the better positioned they’ll be to navigate whatever challenges tomorrow brings.”
