Ransomware Claims Surge to Record Levels as VPN Weaknesses Fuel Attacks, 2026 InsurSec Report Shows
What Happened — The 2026 InsurSec Report (At‑Bay) documents a 7 % YoY rise in cyber‑insurance claim frequency and an all‑time high average claim severity of $221 k. Ransomware claims now average $508 k, with 87 % of ransomware incidents traced to compromised remote‑access services, especially VPN appliances (73 % of identified vectors).
Why It Matters for TPRM —
- Remote‑access infrastructure is the single largest attack surface for third‑party vendors.
- Rising claim severity drives insurance premium hikes and tighter underwriting for all supply‑chain contracts.
- Organizations lacking 24/7 MDR or robust EDR are disproportionately hit by fast‑moving ransomware groups such as Akira.
Who Is Affected — Enterprises across all sectors; small‑to‑mid‑size firms (≤ $25 M revenue) see the steepest increase, and vendors providing VPN, remote‑access, and managed security services are high‑risk.
Recommended Actions —
- Audit all third‑party VPN/remote‑access solutions; retire legacy appliances or migrate to cloud‑based zero‑trust access.
- Verify that critical suppliers have continuous MDR coverage or, at minimum, fully‑tuned EDR with automated block capabilities.
- Re‑evaluate cyber‑insurance programs to reflect higher ransomware exposure and negotiate clauses that require documented remote‑access hardening.
Technical Notes — The report links the surge to VPN compromises (often due to unpatched firmware or mis‑configurations) and the Akira ransomware family, which executes within minutes of initial access. No email‑based ransomware claims were recorded, indicating a shift away from phishing toward direct network infiltration. Source: Help Net Security – 2026 InsurSec Report