Ransomware Losses Average $5.3 Million as Insurance Payouts Reveal Coverage Gaps in APAC

By Staff Correspondent: Cyber insurance has emerged as a critical shield for businesses facing escalating digital threats, with policies covering the vast majority of corporate losses from cyberattacks. According to a comprehensive analysis by Willis, which examined over 5,500 cyber insurance claims across 95 countries from 2013 to early 2026, insurers have paid out roughly $1 billion in claims. These payouts have addressed more than 95% of average data breach losses and around 90% of direct corporate losses, demonstrating that companies with proper coverage are largely successful in securing claim payments even as attacks grow more severe.

However, the report titled “Cyber Claims in Focus – Getting Value from Cyber Insurance” underscores a persistent and concerning disconnect between the demands of cybercriminals and the actual financial protections provided by insurance. This gap is particularly pronounced in ransomware incidents, which have become the most financially damaging form of cyberattack due to extended periods of operational downtime and business disruption.

The data reveals that while the average ransom demand has surged to $3.8 million, the typical actual payment made by victims averages just $1.5 million. When broader impacts such as lost productivity, halted operations, and recovery efforts are factored in, the average total cost of a single ransomware event climbs to $5.3 million. Some disruptions have stretched as long as 25 days, amplifying the economic toll on affected organizations. In the most extreme cases captured in the dataset, individual losses exceeded $500 million, highlighting the potential for catastrophic financial hits even in well-insured scenarios.

A closer examination of attack vectors provides additional nuance. Direct intrusions into a company’s own network infrastructure account for 58% of reported ransomware incidents but drive a staggering 95% of the overall financial costs. In contrast, supply chain compromises involving third-party vendors represent 42% of reports yet contribute only 5% of the total damage. This disparity emphasizes the heightened vulnerability of internal systems and the importance of robust internal cybersecurity defenses alongside vendor risk management.

Beyond ransomware, data breaches remain the most frequent type of claim filed under cyber policies, predominantly stemming from malicious actors. Third-party vendors play a significant role here as well, responsible for nearly half of all data breach losses and 29% of direct corporate losses. When vendor-related failures occur, IT, technology, and telecommunications firms are implicated in about 50% of cases, followed by financial institutions at 17% and administrative service providers at 11%. These patterns illustrate how interconnected digital ecosystems can propagate risk across industries and borders.

The Willis report also draws attention to emerging risks that may not yet dominate headlines but are already generating notable insurance losses. One such area involves data-tracking tools and pixel-tracking litigation, which are triggering widespread claims and exposing previously underappreciated liabilities related to privacy and data handling practices. As regulatory scrutiny around data privacy intensifies globally, these issues could evolve into more substantial exposure areas for insurers and policyholders alike.

Industry risk profiles vary considerably by sector. Healthcare organizations lead in cyber insurance claims notifications, making up 20% of the total, followed by financial institutions at 16% and manufacturing companies at 13%. This distribution reflects the sensitive nature of patient data in healthcare, the high-value targets in finance, and the operational dependencies in manufacturing that make them attractive to attackers.

Conor Keating, Willis’s head of cyber in Asia, highlighted the evolving role of artificial intelligence in the threat landscape. While AI has not yet generated standalone insurance claims, it is already enhancing the sophistication and impact of existing attack methods, such as deepfake phishing campaigns and more targeted ransomware operations. With average attack costs now surpassing $5 million, businesses throughout Asia are paying closer attention to their policy limits, questioning whether current coverage levels would suffice in a worst-case scenario.

Peter Foster, chairman of global FINEX cyber at Willis, echoed these concerns, noting that standard insurance policies can differ significantly in their terms, conditions, and sub-limits. Companies often purchase coverage that fails to fully align with their specific risk profiles and operational vulnerabilities, potentially leaving them exposed to substantial gaps when incidents occur. This mismatch between purchased protection and actual needs underscores the importance of tailored risk assessments and ongoing policy reviews.