By Lewis Nibbelin, Research Writer, Triple-I
Despite a 34 percent decline in cyber insurance claim frequency for large U.S. businesses in 2025, average claim severity doubled to more than $4.4 million, according to Chubb’s 2026 Cyber Claims Report. Though AI-driven detection systems helped stabilize claim frequency across several global markets, advanced cyberattacks – alongside liability litigation challenges – ranked among the top cost drivers.
Drawing on historical claims data, the report explained how bad actors have begun leveraging AI for increasingly sophisticated attacks capable of “compromising multiple systems in a matter of minutes,” including large-scale incidents that involve minimal human oversight. Data-breach claims alone exceeded a historic $10.2 million in the U.S., propelled in part by the outsized impact of individual ransomware encounters.
Becoming faster and more difficult to detect, ransomware incidents can propagate across multiple businesses along a supply chain with just one attack, especially as markets become more globally interconnected. One such event in the U.K. led to roughly $568 million in losses for the targeted company but a $1.4 billion loss for the entire supply chain as manufacturing “halted for five weeks across sites in the U.K., Slovakia, Brazil, and China.” Over 5,000 U.K organizations in total were affected, Chubb said.
Consequences of cyber incidents extend beyond these losses, the report noted, as incidents increasingly escalate to legal action, often within days and “irrespective of the size of the entity or any controls perceived to be lacking.” Federal legislation enacted in 1988 to protect physical video privacy has helped lead the trend, as plaintiff attorneys continue to reinterpret the law to apply to modern streaming and social media platforms.
Similar applications of a 1967 statute in California – originally intended to prevent wiretapping – now target businesses that use website technologies such as cookies and tracking pixels, generating thousands of lawsuits in recent years. A bill that would remove these prohibitions for businesses has garnered strong bipartisan support, though faces an uncertain future after stalling in the state legislature last year.
“At a time when affordability is already one of California’s greatest challenges, these lawsuits are quietly making life more expensive for everyone,” wrote Scott Miller, president and CEO of the Fresno Chamber of Commerce, for The Fresno Bee. “[SB 690] would restore balance, reduce abusive litigation, and allow small businesses to focus on serving their customers, not defending against opportunistic lawsuits.”
A “growing body of privacy laws” are further “imposing complex, layered obligations for companies that store and/or transfer personal data,” Chubb reported, highlighting new laws in Indiana and Kentucky aimed at implementing stricter opt-in mechanisms for personal information. Companies may struggle to navigate these emerging regulations as privacy and cyber risks continue to evolve, creating compliance concerns and potentially exacerbating losses and broader supply-chain disruptions when cyberattacks occur.
Investing in threat detection, AI governance, and employee cybersecurity education are among the many ways organizations can boost their cyber resilience. A separate Chubb survey also suggests interest in cyber insurance to mitigate these risks is rising. Leaders across lower, core, and upper middle market segments identified cybersecurity and advancing technology as their chief risk concerns, with 47 percent of respondents indicating they were considering adding or increasing cyber coverage.
Learn More:
Triple-I Legal System Abuse Awareness Campaign Enters California, Illinois
Legal System Abuse, Artificial Intelligence Cloud 2026 Outlook
Amid Data Boom, Actuarial Analysis Belongs in the Forefront
Tech — Especially A.I. — Is Top of Mind for Global Insurance Executives