As part of our expanded coverage of our 2026 Cyber Power Broker® winners and finalists, Risk & Insurance® recently spoke with Erin Halchak, Chief Underwriting Officer, U.S. Cyber for Liberty Mutual Insurance. Liberty Mutual is a sponsor of this year’s class of cyber Power Broker winners. What follows is a transcript of that discussion, edited for length and clarity.

Risk & Insurance: Nice to speak with you again Erin. What types of cyberattacks are currently producing the most significant losses?

Erin Halchak: Ransomware continues to produce the largest losses, which is probably no surprise. Over the past few years, we’ve seen ransomware attacks continuing to evolve and become more sophisticated. These are no longer just individual bad actors; they’re professional operations targeting high-value victims, moving quickly once they gain access.

The compounding effects of these losses have also increased. It’s not just data loss anymore — there’s data exfiltration, extortion threats, regulatory fines, notification costs, reputational damage, and business interruption, all as part of one loss.

We’re seeing this become much more common now. Instead of just one insuring agreement being triggered, we’re seeing all insuring agreements being triggered, which has increased loss volumes.

Phishing remains the number one way that attackers gain access. They capitalize on human error, and that continues to be the top entry point into systems.

As ransomware continues to evolve, we now see ransomware as a service. This makes it much easier for even non-technical individuals to perform large-scale ransomware attacks.

R&I: How much has the volume and intensity of these attacks increased compared to recent years?

EH: The cost of a claim — even just the cost of notifying for a record — has increased 20% over the past five years, depending on the type of record. Healthcare records are typically more expensive.

That represents a substantial jump over a five-year period. I would say this serves as a good baseline indicator of the overall increase.

R&I: In this challenging environment, which economic sectors are being targeted most frequently?

EH: Health care is the number one sector because of the critical services and information involved. We’ve also seen a notable uptick in manufacturing and critical infrastructure.

This increase is tied to geopolitical factors and the vulnerabilities that exist within these systems. Threat actors are very smart — they know where the vulnerabilities are, which systems need to be patched, and they capitalize on that knowledge to target these insureds.

Manufacturing and critical infrastructure are particularly attractive to attackers because they have large business interruption potential losses.

R&I: What should an insured know to ensure a productive and satisfying claims handling experience?

EH: The first step is to really understand your policy. You need to know what your policy triggers are and also what is excluded. But, more importantly, you need to be prepared pre-incident so you know how to answer the right questions when an incident happens: How do I escalate? Who do I need to contact? Who are my key contacts?

Be prepared in advance by documenting your security controls and having an offline resource that lists your breach vendors. Pick your breach vendors before you have a breach. When this terrible day comes, you’re not scrambling to think, “Which vendor do I pick?” You should already know exactly who you need to call.

At Liberty Mutual, we have onboarding calls with our insureds and our claims team. We want our insureds to know who their claims representatives are. We want them to know how our claims process works so we can talk them through that and coach them in selecting their vendors so they can really be prepared.

During the incident, it’s all about communication. Notify your insurance carrier immediately, contact your vendors immediately, and leverage all the breach resources that your carrier provides. It’s important to have a partnership mindset, and not just with your carrier.

R&I: What traits are most important for brokers to demonstrate?

EH: One of the key factors we like to see from brokers is providing education — specifically, translating policy wording into practical business terms for their insureds. The broker should be able to walk through scenarios, such as “If this were to happen to my operation …” and explain how the policy language applies to the client’s actual business.

At Liberty Mutual, we focus on educating our insureds and our brokers. When brokers truly understand what our policy will respond to, they can effectively communicate that information to their insureds.

R&I: How frequently do insureds experience a cyber event only to discover they didn’t have a complete understanding of their policy coverage?

EH: That’s less common today than it was even just 18 months ago. I think that’s part of the evolution of cyber and cyber products.

As cyber has matured, brokers have developed a much deeper understanding of it. Where brokers may have just had their specialty lines before, now they have specific cyber groups that specialize in cyber.

This has really helped insureds and brokers navigate the claims process and work through the challenges and lessons learned.

We’re true risk partners to our brokers and insureds — not just a policy provider. Our ongoing collaboration makes sure everyone understands the coverage and how to use it effectively. After a claim, we do a postmortem to really understand how we can make this smoother – not just for that insured, but for all of our insureds.

The market has really streamlined this over the past two years. Education and training are extremely important.

R&I: Where can brokers add the most value when working with insureds?

EH: Brokers can bring significant value by truly understanding what the insured’s operations are. There are very complex organizations out there that may not fully understand what their cyber exposure is. This requires a discovery process where brokers really dig into their client’s business and uncover what those coverage needs are for that specific insured.

This approach has really grown in the industry over the past year or so. As a carrier, we appreciate it when we receive a submission where the broker knows the insured inside and out.

That’s one of the reasons why we also focus on insuring enterprise organizations. If we write several lines of coverage, we gain much more information about the insured. We can then better understand what their exposures are and ensure we fit that policy to their specific exposures. &