From Data Breaches to Ransomware: How Cyber Insurance is Evolving to Meet Modern Threats

The cyber insurance market has undergone a dramatic transformation over the past two decades. What began as coverage primarily focused on data breach notifications has evolved into comprehensive protection against sophisticated ransomware attacks and operational disruptions that can cripple businesses for weeks.

“After 2003, when California passed the first breach notice law at the state level in the US, every other state had similar laws in place by 2018,” said Evan Fenaroli, Vice President of Management and Professional Liability at Philadelphia Insurance Companies (PHLY). “A lot of early buyers of cyber coverage were primarily concerned with the data privacy aspect of it.”

This early focus on data privacy made sense when the primary concern was protecting customer information and managing notification requirements. Organizations needed coverage for notifying affected individuals, contacting state attorneys general and other regulators, providing credit monitoring services, and handling any resulting legal liability. But the threat landscape was about to change dramatically.

The Ransomware Surge Changed Everything

Evan Fenaroli, Vice President of Management and Professional Liability, Philadelphia Insurance Companies

The period from 2019 to 2020 marked a turning point in cyber risk. While ransomware had existed for years, threat actors discovered they could dramatically increase their profits by demanding cryptocurrency payments and targeting larger organizations with higher ransom demands.

“Fast forward to 2019 into 2020, we started seeing a major uptick in ransomware incidents,” Fenaroli said. “What was unique here is that we started seeing the extortion demands increase drastically. They were no longer demanding US dollars. Now they were usually demanding Bitcoin or some other cryptocurrency.”

This shift fundamentally changed how organizations viewed cyber risk. No longer was it simply about protecting customer data — companies suddenly faced the prospect of complete operational shutdowns. The financial impact expanded beyond notification costs to include business interruption, data restoration, and significant recovery expenses.

“It led to a huge increase in payouts. It hardened the market. It made carriers cut back in capacity,” Fenaroli explained. The insurance industry responded by tightening underwriting standards and requiring more robust security measures from policyholders.

However, this market hardening had an unexpected benefit. The increased scrutiny forced organizations to improve their cybersecurity posture. “Everybody realized that it was a problem. Cyber risk became a top-line agenda item at the C-suite and the board levels. Today, there’s a lot more focus on it – and that’s a good thing for all stakeholders,” Fenaroli said.

Organizations began to understand that cyber incidents posed not just privacy risks but operational risks that could prevent them from functioning entirely. This realization has driven widespread adoption of better security practices, from implementing multifactor authentication to developing comprehensive backup strategies.

Building Resilience Through Risk Management Services

Recognizing that small and medium-sized enterprises often lack the resources for comprehensive cybersecurity programs, PHLY provides policyholders with access to two key risk management platforms that offer practical tools and expert guidance.

The first resource, PHLYGateway, connects policyholders with a team of legal professionals who provide guidance on cyber risks and other management liability issues. “They can schedule calls with these attorneys to discuss any management and professional liability-related risk, including cyber risk, and receive general advice and guidance,” Fenaroli explained. The platform also hosts regular webinars covering topics from employment practices to ransomware attacks and financial fraud schemes.

Social engineering and financial fraud also represent a growing concern for organizations. Fenaroli noted that these scams, which attempt to trick employees into redirecting funds to criminals, have become increasingly sophisticated. “PHLYGateway provides extensive content around building strong accounting systems and implementing controls to verify the validity of payment requests—similar to phishing simulations but more targeted toward cyber financial fraud,” he said.

The second resource, the eRisk Hub, serves as a comprehensive aggregator of cybersecurity tools and information. ” ‘Hub’ is an appropriate description because it aggregates numerous resources from several different vendors, including legal expertise and incident response planning tools,” Fenaroli said. The platform includes breach response calculators, ransomware cost calculators, and updates on laws and regulations worldwide.

For organizations developing their cybersecurity programs, these resources prove particularly valuable. “It serves as an excellent springboard and starting point when clients are trying to generate or draft policies and procedures like incident response and business continuity plans,” Fenaroli explained. The platform also helps organizations determine appropriate insurance limits and evaluate potential security vendors.

When discussing effective security measures, Fenaroli emphasized the importance of fundamentals. “Multifactor authentication is a very low-hanging fruit. It’s usually something that’s easy to implement,” he said. Beyond that, having a robust backup strategy can make the difference between a minor incident and a catastrophic loss.

“Having access to backups that are readily available that you know you’ve tested the ability to recover from can make a huge difference in both avoiding extortion payments to threat actors and getting business back up and running as quickly as possible,” Fenaroli advised.

Tailored Coverage for Small and Medium Enterprises

Philadelphia Insurance Companies has positioned itself to serve organizations with revenues up to $250 million, focusing particularly on nonprofits, professional services firms, retail businesses, and healthcare organizations. This focus on small and medium enterprises (SMEs) reflects an understanding that these organizations often need more guidance in navigating cyber insurance.

“We have a dedicated team of underwriters focused on SME business. We pride ourselves on being flexible in our approach,” Fenaroli said. “We want to make sure that we’re tailoring the contract to the policyholder’s needs.”

Unlike some carriers that have moved toward automated underwriting for efficiency, PHLY maintains a personalized approach. While the company uses external tools to validate application information, human underwriters make the final decisions.

This hands-on approach extends to education and consultation. Many small organizations don’t fully understand their cyber risks or the coverage they need. A common scenario involves social service agencies facing cyber insurance requirements for state contracts but misunderstanding what coverage they actually need.

“They often believe they only need third-party liability coverage if they’re sued for negligence in preventing a cyber attack or data breach. But that presents an opportunity,” Fenaroli said. He emphasized the importance of comprehensive coverage that includes immediate access to experienced breach response teams, data forensics firms, and negotiation expertise for dealing with threat actors.

The company’s greatest success has come from cross-selling to existing policyholders who already have commercial package or management liability coverage with PHLY. “That’s frankly where we have the most success: cross-selling our existing policyholders, mainly on the package side, and specifically nonprofit human and social service accounts,” Fenaroli noted.

Looking at the current market conditions, Fenaroli believes this is an opportune time for organizations to secure cyber coverage. “We’re in a soft market now, and there’s probably never been a better time for buyers to consider cyber insurance,” he said. The market has also matured, with greater standardization making the buying process more straightforward.

“After the hard market in 2020 through 2022, we, along with a lot of other carriers, did cut back on our capacity, but we are in the market to stay,” Fenaroli emphasized. As cyber threats continue to evolve, having a knowledgeable insurance partner who understands both the risks and the unique needs of small and medium enterprises becomes increasingly valuable.

For organizations ready to strengthen their cyber defenses and secure appropriate insurance coverage, the combination of improved market conditions and comprehensive support services creates an ideal environment to take action. “There’s significant expertise built into our relationships that clients can immediately access,” Fenaroli said.

To learn more, visit www.phly.com.

This article was produced by the R&I Brand Studio, a unit of the advertising department of Risk & Insurance, in collaboration with Philadelphia Insurance Companies. The editorial staff of Risk & Insurance had no role in its preparation.