SPRINGFIELD, Mo. (KY3) – A recent report questions companies’ insurance policies for cybersecurity, raising concerns about how often they actually pay out.
According to the National Association of Insurance Commissioners, nearly three times as many claims were closed without payment (28,555) as those paid (9,941) in 2024.
“Business owners are used to going to their insurance agent and saying, ‘I am concerned about this risk,’ they may pull a policy off the shelf, and you think you’re good, and then you are covered for whatever might come,” said Dustin Carlson, president of SRA 831(b).
The gap is most severe in excess cyber policies, where unpaid claims outnumber paid ones by more than 20 to 1.
Carlson said common exclusions in cyber policies include employee mistakes, failure to follow proper procedures, and lack of a formalized employee training program.
“Big issue with cyber claims is there is not a lot of data; that entire environment is constantly changing,” Carlson said. “In just the last couple of years with AI, and all the new risks that have been introduced into cyberspace.”
The data shows cloud-based attacks surged 136% in the first half of 2025. Ransomware incidents increased by 126% in the first quarter of 2025. Supply-chain breaches now account for nearly 30% of all incidents.
The Better Business Bureau reports that small businesses are often targeted more by cybercriminals.
“Scammers do tend to target smaller to medium-sized businesses because they are counting on not having an IT department, they are counting on not having that expertise,” said Pamela Hernandez with the Better Business Bureau.
Hernandez recommends doing research before hiring any insurance service.
“You are going to need to understand the details and understand the reputation of the company you are working with,” she said.
The Cybersecurity and Infrastructure Security Agency recommends using strong, unique passwords with a manager, enabling multi-factor authentication, and regularly updating software to patch vulnerabilities.
“You can have the best third-party IT company setting up firewalls. You can have the best data backup, all these other protections, but it really comes down to a human doing the right thing, the right choice, when they are faced with a potential scam,” Carlson said.
To read the report for yourself, you can find it by clicking here.
To report a correction or typo, please email digitalnews@ky3.com. Please include the article info in the subject line of the email.
Copyright 2026 KY3. All rights reserved.
