Arctic Wolf: Policy scoping identified as main cause of cyber insurance claim rejections

By Mia MacGregor

Aug 13 - (The Insurer) - A significant portion of cyber insurance claims are rejected due to incidents falling outside policy terms, potentially eroding confidence in coverage among IT and security leaders, according to Arctic Wolf's 2025 Cyber Insurance Outlook report.

The cybersecurity company's report, which included research from over 400 professionals from cyber insurance broker and carrier companies across the U.S., Canada, the UK, Ireland, Austria, Germany, Switzerland, Australia and New Zealand, identified policy scoping as the leading cause for claim rejections, accounting for 25% of denials in the past year.

This is followed by insufficient coverage amounts (19%) and incidents deemed gross negligence by customers.

“This all points to a strong suggestion for policy holders to be sure to read and review their coverage and limitations and ask questions of their provider as needed to avoid finding themselves on the receiving end of a claim denial,” the report stated.

Despite increasing cyber threats, only 12% of clients made claims in the past year, indicating potential hesitancy in claiming, according to Arctic Wolf.

Ransomware attacks made up 18% of insured claims over the past year, alongside data breaches, theft of funds and phishing incidents.

Arctic Wolf noted that the expectation of rising new claims against insurance policies is likely to drive premium increases, as cyber threats grow in frequency and severity.

The report found that 70% of respondents (77% brokers; 63% carriers) are expecting the number of new claims against cyber insurance policies to increase, primarily due to the steady increase in threat activity.

Despite increased investment in cybersecurity technology and governance, 53% of insurers (brokers 57%; carriers 50%) have seen an overall increase in cyber insurance rates over the last year.

Additionally, 72% of respondents said that they expect to see an increase in their company’s insurance premium rates in the year ahead, with 9% anticipating increases of more than 25%, driven by increased cyber risk, higher claim volumes and inflation.

Arctic Wolf explained that cyberattacks continue to increase alongside the cyber insurance market and subsequent filed claims, leading to a rise in both rates and premiums as well as enhanced scrutiny toward claims and renewals.

“Despite these fluctuations, coverage levels are unlikely to increase in the next year. IT leaders, then, must work with their insurance providers to determine (and balance) which security tools, solutions, and controls will have the largest impact on strengthening their environment while increasing their long-term insurability,” the report stated.

Arctic Wolf identified inadequate security controls (26%), financial instability (21%) and "lack of required information" (21%) as common reasons for coverage rejection.

Ransom demands averaged $600,004 in 2024, with over 50 ransomware groups identified. Some 78% of brokers and carriers reported victims paying ransom demands in “some” to “all” of the ransom cases they observed, while only 17% stated that none of their clients chose to pay. Additionally, the report noted that 90% of policies include some form of ransom payment coverage, although 52% offer partial coverage due to sublimits.

"The U.S. and Canada topped the list for paying all ransom demands (29%), highlighting the opportunity for partnerships with professional IR negotiators to improve ransom-related outcomes," the report noted.

Insurance brokers in North America are most likely to offer both cyber risk control tools or services (73% versus a global average of 68%) and have a designated cyber practice (49% versus 43%), which Arctic Wolf said is indicative of the relative maturity of the cyber insurance market in this region.

Arctic Wolf highlighted growth potential in the cyber insurance market, brokers currently estimate that less than half (47%) of existing, eligible clients have a cyber insurance policy.

"The expected number of claims is increasing, and the market is attempting to counter this by expanding the number of carriers and increasing the amount of capital in the market," the report stated.

“Insureds are showing a lack of confidence in both meeting criteria for claims acceptance as well as selecting the policy that is right for their business and security needs. There is now a larger opportunity, and need, for insurers to partner with cybersecurity professionals to enhance their offerings and help organizations boost their cyber resilience.”