This article was created in partnership with Cowbell.
As cyber threats grow in frequency and complexity, businesses are facing mounting pressure to ramp up their defenses. According to Cowbell’s Cyber Roundup: Claims Report 2025, organizations are seeing a continued global rise in cyberattacks, both in volume and sophistication, largely driven by AI-enhanced campaigns.
What’s more, industry-wide data from the 2024 NAIC Cyber Insurance Report revealed there’s been a record 33,561 reported cyber insurance claims of late, indicating a steady increase in claims frequency. Despite this, Cowbell’s internal claims data paints a nuanced picture: while general incident frequency has risen, ransomware claims have remained stable, consistently comprising 17–19% of all Cowbell claims between 2022 and 2024.
Speaking to Insurance Business, Trent Cooksley, co-founder and chief operating officer of Cowbell, revealed that in the face of this growing concern acting preventatively rather than curatively is crucial.
“Frequency is increasing across the board,” Cooksley agreed. “[As such], employers should be thinking about the downtime that they could experience if they experience an attack. Longer events, meaning you have business interruption, are some of the bigger things that we’re seeing come into the market, as well as lawsuits and class actions – specifically in the US.
“Every organization, regardless of size, can adopt low or even no-budget protections that can dramatically reduce risk. Multi-Factor Authentication (MFA) – we talk about that all the time and it’s amazing how people still don’t leverage it or even worse, using it but not configuring correctly. [It’s all about] employee training – because, again, phishing is getting more complex to interpret.”
Cyber insurance as a tool of resilience
And the data’s there to back Cooksley up. Cowbell’s report found that that phishing remains the most common method of attack initiation, often serving as the entry point for more severe incidents such as business email compromise (BEC), funds transfer fraud, and ransomware. What’s more, the FBI reported 193,000 complaints related to phishing and spoofing in 2024, making these tactics the most reported cybercrimes in the US.
As Cooksley told IB, preparation is essential here. The real measure of success for organizations is having a plan in place before an incident occurs – so you’re not just “shooting in the air” and acting reactively.
“Have a response plan. People should know how they’re going to address those things,” Cooksley stressed. “Our team at Cowbell can help policyholders with all of this.”
And there’s no shortage of organized cybercrime groups out there looking to pry open your data. As per Cowbell’s report, there’s five ransomware groups behind nearly 48% of incidents with known threat actors:
- Akira (17.4%): Known for double extortion, targeting mid-sized businesses.
- Play (9.2%): Utilizes stealthy attacks with delayed execution, making detection harder.
- LockBit (7.7%): Operates as a ransomware-as-a-service (RaaS) platform with global reach.
- Fog (7.2%): Exploits unpatched VPNs and email systems, indicating opportunistic and technical sophistication.
- RansomHub (6.2%): Focuses on data exfiltration and public leak threats.
With that in mind Cooksley, and his team at Cowbell, believes cyber insurance shouldn’t be viewed merely as a post-incident safety net; it’s also a real-time tool for risk management.
“A lot of small to medium-sized companies still don’t purchase it,” he told IB. “[But] it’s a critical financial and operational safety net when an incident does occur. For us, however, the best carriers aren’t just responding to breaches and paying them – we want to proactively help policyholders build their resilience.
“At Cowbell, we do that through complimentary or discounted services such as [cybersecurity awareness] training, dark web monitoring, phishing simulations, pen testing, and having incident response hotlines. That’s the investment in cyber insurance – just as much as making a payment when something occurs.”
Defenses against supercharged cyber risk
While foundational defenses are critical, Cooksley revealed that more sophisticated protections become essential as companies grow or face elevated risk.
“The next step after that is more advanced cybersecurity measures,” he said. “So if you’re an organization of size, this is when you really need to start thinking about how you’re growing or facing heightened risk and expanding beyond the basics. That includes managed detection and response, endpoint protection, penetration testing so you know where your weak points are. Third-party assessments, vendor and supply chain risk evaluations – are you exposed to specific vendors where, if they have something, how is that going to impact your business?”
Cowbell’s report certainly agrees, with their researchers highlighting that this fight against cybercrime requires a whole organizational shift. Here, the report points to a four step approach;
- Strengthening incident response capabilities through skilled negotiation and rapid action.
- Prioritizing cyber hygiene and patch management to defend against increasingly targeted attacks.
- Enhancing partnerships between businesses and cyber insurers, ensuring support through both prevention and recovery phases.
- Investing in proactive tools and risk monitoring, such as Cowbell Factors, to reduce exposure and improve claims outcomes.
SMEs: The overlooked target
All too often, when it comes to organizations investing in cyber insurance, smaller companies tend to have a misplaced sense of security. Because the media tends to only print headlines around global cyberattacks, ransomware heists that cost corporations millions, SMEs think ‘it will never happen to them’ – but how wrong they are.
“They probably have more gaps than they’re aware of,” added Cooksley. “And a lot of threat actors, while they would rather go after large fish, aren’t always specifically targeting that. They’re taking a shotgun approach – think of it as walking down the street and burgling whoever’s door is unlocked.”
It’s this false sense of confidence that’s leaving SMEs ripe for the picking. Data collated by Astra found that small businesses account for 43% of cyberattacks every year, costing SMEs an average of $25,000 each. What’s more, just 14% of SMEs impacted were actually prepared to face such an attack – and money is just part of the loss.
“If you’re small, you may not have the resiliency to continue moving on,” added Cooksley. “Can you continue operating if you’re hit with ransomware? I would argue that there’s many who cannot. A lost client for a small business is much more impactful than lost clients in really large organizations – they can withstand that a little bit more. There’s also an additional expense to actually get to the recovery because you don’t have the capabilities in-house to do it. [Here], insurance can help bridge the gap providing protection as well as providing the critical resources to recover quickly after an attack.”
‘Cops and robbers’
As these attack become more advanced so too must the defenses – cyber insurance must evolve in lockstep. And Cooksley affirmed that it is.
“This is the age-old cops and robbers,” he told IB. “If the bad guys are going to develop more sophistication, the good guys are going to continue to fight back or even be ahead in a lot of cases. [Here], more organizations are leveraging AI to streamline processes, improve speed and accuracy and offer proactive tools to monitor those threats.”
And for Cooksley, he was quick to emphasize the value of cyber insurers’ ecosystem-wide view.
“We’re seeing the developments of the threat actors in real time,” he said. “I know about particular things that are happening in the ecosystem that we haven’t had to deal with ourselves yet -but I see that because our partners have. What Cowbell was premised on was continuous monitoring. You have to continually be up to date on the new exposures that are occurring and the new threats that are happening.
“Our platform was built to take in real-time information and not have it be on your standard insurance cycle that is typically always looking into the past. At Cowbell, we’re trying to look into the future.”
