Ransom payments are falling even as AI accelerates cyberattacks and claims activity rises, specialist insurer Cowbell says.

Ransomware made up 19% of Cowbell claims between 2022 and last year. At the same time, average ransom payments fell 44%, reflecting stronger negotiation strategies and more effective claims handling.

Cowbell says cyber now “extends well beyond” ransomware.

“Social engineering, phishing, business email compromise and supply chain vulnerabilities continue to impact organisations of all sizes,” it says in a report. “Meaningful protection of those threats needs to entail intentional resilience that consists of not just a comprehensive cyber insurance policy.

“Threat actors continue to refine these scam tactics using AI, making messages more convincing and harder to detect. Variants of phishing, like smishing (text messages) or vishing (phone calls) expand these risks across channels.”

Data breaches, cybercrime and extortion events account for most claims.

Breaches involving unauthorised access or disclosure of sensitive information remain prevalent and often stem from stolen credentials and system vulnerabilities.

Cybercrime incidents typically involve financial or data theft through tactics such as phishing, business email compromise and funds transfer fraud, exploiting human vulnerabilities.

Human error and manipulations are the most common entry point for threat actors, especially through phishing and spoofing.

Cowbell recommends strong employee awareness, email security and proactive threat detection.

“As of early 2026, business email compromise remains one of the most financially damaging cybercrimes. These attacks exploit human trust through impersonation, AI-generated content, and social engineering to fraudulently obtain funds.

“Tactics are designed to exploit trust and create a sense of urgency to bypass security protocols. Practical defences like multifactor authentication, employee training and rapid response remain some of the most effective ways to reduce exposure.”

Last year, ransomware attacks surged by about 45%, with crime groups Qilin and Akira emerging as dominant threats, targeting manufacturing and SMEs.

Seven cybercrime  groups currently dominate.

“Their methods are often similar, and effective defence measures will protect clients better against all of them.”

Cybersecurity solutions such as micro penetration testing, strong access controls, awareness training for all employees and a robust back-up strategy can be highly effective at minimising the possibility and impacts of a cyber event, Cowbell says.

See the report here.

---

From the latest Insurance News magazine: The industry's tech experts discuss their hopes and fears as the AI revolution gathers pace

---