Cyber

2026 EMEA Cyber Claims Report: Cyber risk, trends and resources

The 2026 Chubb Cyber Claims Report paints a nuanced picture of the evolving threat landscape across Europe and the UK. The report shows that, while claims severity is on the rise, claims frequency reached a five-year low among mid-size and large businesses. At the same time, small-to-medium enterprises (SMEs) experienced a sharp increase in both the frequency and severity of claims. 

The growing complexity of exposures and the rapid advancement of artificial intelligence (AI) are shifting the dynamics of cyber risk. While AI adoption has helped businesses better detect vulnerabilities prior to an attack, it has also enabled more sophisticated adversarial use of technology to accelerate the speed and scope of risk exposure. This reinforces the need for businesses to strengthen their cyber resilience.

Severity and frequency trends in Europe and the UK

Tracking both the severity and frequency* of cyber claims provides insight into the shifting risk landscape for SMEs, middle market and large companies.

* Severity is defined as the average cost per claim. Frequency is defined as the average number of cyber claims per 100 policies.

SMEs ($0M–$10M revenue)

The severity of cyber claims for SMEs reached a five-year high of $82,621 on average per claim, while claims frequency increased by 86% between 2024 and 2025.

This sharp rise, in both claim frequency and severity suggests increased targeting of SMEs by cyber criminals.

Middle Market Businesses ($100M–$999M revenue)

Although incidents in middle market businesses became less frequent, the financial impact of cyber claims grew substantially.

Claims severity in the middle market rose by 210% over a five-year period to an average claim cost of $318,820 in 2025, while the frequency of middle market claims reached a five-year low to 1.51 claims per 100 policies.

Large Companies ($500M+ revenue )

The severity of cyber claims saw costs increase by around 100% between 2024 and 2025.  Similar to the middle market frequency trends, claims frequency among large companies reached its lowest point in 2025 after several years of steady decline, dropping approximately 68% from 2020 to 2025.

While claims frequency decreased over the five-year period, incidents affecting large organisations often involve broader, more complex breaches and higher regulatory costs, resulting in far greater financial losses. 

Evolving threats

Even companies with robust cybersecurity measures can face serious disruption and threats when sensitive information is exfiltrated and exposed, leading to a range of regulatory, operational and financial challenges and reputational harm.

Ransomware attacks continue to pose significant threats, often resulting in severe and costly incidents - particularly for SMEs and mid-sized companies. The severity of these attacks is mainly driven by business interruption losses.

And while the adoption of AI has contributed to a decline in claims frequency by enhancing detection capabilities, AI has also increased the speed and scope of risk exposure, enabling more sophisticated attacks to compromise companies of all sizes. 

Litigation trends and regulatory environments

In addition to cyber threats, legal and regulatory factors play a significant role in shaping cyber claim frequency and severity across regions.

According to the Cyber Claims Report, in the US, a ‘litigation-first’ approach and a complex patchwork of state-level privacy laws drive higher claim frequency and severity. This creates challenges for businesses operating across multiple states, as well as for European companies trading with or in the US, as they must comply with complex cross-border regulations.

International privacy laws and their associated obligations continued to evolve rapidly throughout 2025. The EU’s General Data Protection Regulation (GDPR) establishes region-wide standards for the lawful collection, processing, retention and deletion of personally identifiable information. In the UK, the Data (Use and Access) Act 2025 (DUAA), builds on the Data Protection Act (2018), modernising the existing framework while retaining core GDPR principles.

Evolving privacy regulations governing the collection, use and transfer of personal data presents significant challenges for companies operating globally, with non-compliance risks greater than ever. 

Chubb Resources

By better understanding the shifting cyber risk landscape, companies can be more confident in identifying and responding to threats. 

Chubb offers its policyholders access to wide range of tools and solutions designed with this in mind. This includes support across areas such as cyber protection for small businesses, incident response, vulnerability management, security, managed detection and response, privacy risk management, and user security and awareness.

More broadly, Chubb publishes insights and intelligence to help businesses understand the evolving threat landscape. This includes the Chubb Cyber Index, which gives real time access to claims data, current threat trends, incident activity and costs and Chubb Threat Intelligence Reports, which offer quarterly guidance on emerging cyber threats. 

2026 Cyber Claims Report

Preparing for the whatever next

Cyber risks continue to evolve rapidly, with recent years marked by shifting trends in both claims severity and frequency across all business sizes, as well as the growing impact of ransomware, emerging AI-driven threats and regulatory obstacles. 

With Chubb’s global expertise, comprehensive claims data and advanced risk mitigation tools, companies can anticipate, withstand and recover from even the most complex cyber incidents.

Download the full cyber report for insights and strategies needed to strengthen cyber resilience and prepare for the whatever next.

Insights and expertise

We keep you informed — and your business protected — with these helpful articles.
Managing the velocity of risk: Artificial intelligence, Litigation and Resilience
This edition of the Chubb Cyber Claims report explores Chubb’s historical claims data through December 2025 to reveal insights on claim frequency and severity trends – and factors fuelling these trends – to help businesses navigate a complex cyber risk environment and build financial and operational resilience.
water damage
What businesses should know about water damage
Whether it’s from a leaky boiler or a flood, your office is more likely to have water damage than damage from a fire.
flood protection
How inflation is impacting claims costs: the current outlook
The leisure travel industry is slowly returning to something near pre-pandemic levels of activity. Business travel is still not back to pre-pandemic levels, but we are seeing an increase in overall claims volumes.
dominoes
Don’t play cyber risk "dominos" with your business
Cybersecurity risks are critically challenging for businesses, with the potential to cause severe business disruption and financial impact.
data management
Making data management a business priority
As more and more companies turn to big data and the cloud, business data management is going to become a key pillar of success.
cyber
A better way to define and insure systemic cyber events
Michael Kessler, Vice President, Chubb Group and Division President, Global Cyber Risk, discusses the evolving insurance market for widespread cyber risks, including common misperceptions and solutions.
risk management
Why you need a risk management programme and how to get started
Here are some areas where your business may be vulnerable to risks, and recommendations for steps you can take minimise them.
truck
Safe working load?
Robert Tailby, Principal Casualty Risk Engineer, in partnership with AIRMC, discusses the importance of risk assessments being a meaningful exercise in reasoned decision making and proper integration of control measures.

Have a question?

Talk to one of our experts