Many professional firms may be exposed to cyber losses without adequate cover after research from Everywhen found 65% now view cyber-attacks as their biggest risk.
Everywhen said many businesses still do not have insurance cover aligned with their cyber exposure, even as digital threats continue to rise for firms handling sensitive client information.
A spokesperson for Everywhen said: “What this data shows very clearly is that cyber threats represent a fundamental and growing business risk. Professional firms are custodians of highly sensitive client data, and that makes them a prime target.
“From an insurance perspective, cyber incidents rarely sit in isolation. They can lead to business interruption, regulatory investigations, and even professional indemnity claims if clients are affected. That’s why it’s critical for firms to understand how their cover responds and where potential gaps may exist.
“There is still a tendency to view cyber insurance as optional, but the reality is that it is becoming a core component of a firm’s risk management strategy.”
Security.org said the global cyber insurance market reached about $15 billion in 2024 and is projected to rise to $29 billion by 2027. The report also said ransomware was involved in 44% of all breaches in 2024, pointing to continued claims pressure for insurers and policyholders.
According to Gallagher’s 2026 cyber market outlook, global cyber insurance premiums were projected to reach $16.9 billion in 2025 and $19.6 billion in 2026, with Europe accounting for $3.9 billion, or 26%, of the market. Gallagher said pricing largely stabilised through 2025, although insurers remained focused on systemic risks tied to cloud outages and supply chain attacks.
WTW said buyers continued to see premium reductions and broader coverage options through 2025 despite rising cyber losses. The broker said ransomware frequency increased 45% year over year in 2025, citing it as one of the factors contributing to loss volatility alongside privacy-related claims and technology outages.
The WTW report said losses in 2025 were not limited to ransomware incidents. It also pointed to privacy non-compliance claims and outages involving major technology providers, which created wider disruption for businesses reliant on third-party platforms.
In Everywhen’s survey, 65% of respondents identified cyber-attacks as the biggest risk facing professional firms in 2026. That was more than three times higher than the next closest concern.
Economic pressures ranked second at 18%, followed by professional negligence claims at 9% and regulatory changes at 8%.
The findings indicate cyber threats are moving ahead of traditional concerns for firms in legal, financial and consultancy sectors that manage significant volumes of client data.
The World Economic Forum’s Global Cybersecurity Outlook 2026 found cyber-enabled fraud and phishing had become the top concern for chief executives. It also found 87% of respondents identified AI-related vulnerabilities as the fastest-growing cyber risk during 2025, while 64% said their organisations were factoring geopolitically motivated cyber-attacks into risk planning.
Cyber risks are also moving higher on insurers’ own agendas. EY’s latest global insurance risk survey found 80% of insurance chief risk officers ranked cyber among their top five risks, citing digital threats, third-party exposure and AI-related risks.
Everywhen said professional firms are also dealing with economic uncertainty, rising operating costs and changing client expectations, adding pressure to businesses already managing operational and digital risks.
The insurer’s findings suggest that while demand for cyber cover continues to rise and market capacity grows, some professional firms may still need to reassess whether their insurance arrangements match their exposure.
