Chubb reported on May 4 that while the frequency of cyber insurance claims for large U.S. businesses dropped by 34 percent in 2025, the average severity of these claims more than doubled to over $4.4 million. The report highlighted that artificial intelligence-driven detection systems have helped stabilize claim frequency in several global markets, but advanced cyberattacks and increased liability litigation remain significant cost drivers.
The findings matter because they show how evolving technology and legal actions are raising risks and costs for companies facing cyber threats. Chubb’s analysis found that attackers are now using artificial intelligence to launch sophisticated attacks capable of compromising multiple systems quickly, sometimes with little human involvement. Data-breach claims in the United States alone reached a record $10.2 million, driven partly by severe ransomware incidents.
Ransomware events are becoming faster and harder to detect, often spreading across entire supply chains with a single attack as business operations become more globally connected. One incident in the United Kingdom resulted in about $568 million in losses for one company but caused total losses of $1.4 billion throughout its supply chain when manufacturing was halted at sites worldwide for five weeks. More than 5,000 organizations were affected by this event, according to Chubb.
The report also pointed out that many cyber incidents now lead to lawsuits within days regardless of company size or security measures taken. For example, laws originally designed decades ago—such as a video privacy law from 1988—are being applied to streaming and social media platforms today by plaintiff attorneys seeking damages through new interpretations of old statutes. Similarly, California’s wiretapping statute from 1967 is being used against businesses using website cookies or tracking pixels; thousands of lawsuits have resulted recently under this law.
Scott Miller, president and CEO of the Fresno Chamber of Commerce said for The Fresno Bee: “At a time when affordability is already one of California’s greatest challenges, these lawsuits are quietly making life more expensive for everyone… [SB 690] would restore balance, reduce abusive litigation, and allow small businesses to focus on serving their customers, not defending against opportunistic lawsuits.”
Chubb further noted that emerging privacy laws—including new rules passed in Indiana and Kentucky—are adding complex requirements around personal data storage and transfer that could make compliance difficult while increasing exposure during future attacks or disruptions.
Organizations can improve their resilience by investing in threat detection technologies such as AI governance tools or employee cybersecurity training programs. Interest in purchasing or expanding cyber insurance coverage is also rising; nearly half (47 percent) of surveyed leaders across various market segments indicated they were considering adding or increasing such coverage.
The Insurance Information Institute supports stakeholders including consumers, media and policymakers by providing resources in English and Spanish according to the official website. It established ties with The Institutes in November 2020 according to the official website. The organization represents more than 50 insurance company members including regional, national and global carriers according to the official website. Its mission includes providing data-driven insights on risk management topics according to the official website, ranking as a leading online source through its web platforms according to the official website, while hosting events aimed at advancing understanding within insurance fields according to the official website.
