KnowBe4: Cyber Insurance Claims Hit Record Levels

The cyber insurance market is undergoing rapid transformation as insurers face mounting losses from digital attacks. As cyber criminals continue to exploit remote work practices and cloud adoption, providers are withdrawing coverage, raising premiums and demanding evidence of security controls before issuing policies to organisations.
As a result, today’s security insurers are requiring stricter controls and raising premiums as cyber attack costs reach record levels, according to research from KnowBe4, a security awareness training and simulated phishing platform provider serving more than 70,000 organisations worldwide.
The company’s latest report, titled ‘Cyber Insurance and Security: Meeting the Rising Threat’, highlights how organisations are strengthening defences through a combination of insurance coverage and security measures. Its findings reveal growing pressure on businesses to protect digital infrastructure as attackers target employees through social engineering techniques, including phishing emails and impersonation attacks.
KnowBe4’s research shows growing cost burden for SMEs
The average cost of a data breach reached US$4.88 million in 2024, with significant regional variations, according to IBM’s annual Cost of a Data Breach report. Small and medium-sized enterprises face lower average costs but experience more severe financial impacts from cyber incidents due to limited resources and recovery capabilities.
Insurance providers are implementing stricter requirements for cyber coverage, requiring organisations to demonstrate security controls before issuing policies. These controls include security awareness training programmes, which aim to reduce the likelihood of successful attacks through regular employee education and testing.
- Average data breach cost reaches US$4.88 million in 2024
- Human factors contribute to 75% of data breaches
- KnowBe4 platform serves more than 70,000 organisations worldwide
The research indicates that human factors contribute to 75% of data breaches. Social engineering and phishing attacks, where attackers manipulate employees into revealing sensitive information or credentials, remain primary attack vectors that organisations must defend against.
KnowBe4 platform develops AI-driven security response
The company has developed an AI-driven platform called HRM+ that creates adaptable defence mechanisms against emerging cyber threats. The system includes awareness and compliance training modules, cloud email security, real-time coaching, and crowdsourced anti-phishing tools.
The platform aims to transform employees from potential security vulnerabilities into active defenders of organisational assets through personalised cybersecurity training and protection tools.
Legal requirements drive US$4.88m average breach costs
The expansion of data privacy legislation has led to an increase in class action lawsuits, particularly in the United States. This trend is expected to spread to Europe as regulatory frameworks mature and citizens become more aware of their data privacy rights.
The costs of cyber attacks extend beyond immediate system disruptions to include legal fees, regulatory fines and reputational damage. The research indicates that cyber threats rank as the primary global business concern for organisations across all sectors.
“In today’s interconnected world, the complexity and frequency of cyber threats are intensifying at an unprecedented rate,” says Stu Sjouwerman, CEO of KnowBe4. “This latest research clearly indicates that organisations, regardless of size, must adopt a proactive and comprehensive approach to cybersecurity.”
Industry partnerships shape future of cyber defence
The report emphasises the relationship between security practices and insurance coverage. Insurers examine an organisation's security posture, including employee training programmes and incident response capabilities, when determining premiums and coverage limits.
The research advocates for strategic partnerships between businesses, insurers and cybersecurity experts to address emerging threats. This collaborative approach aims to combine technological defences with comprehensive insurance coverage and employee education.
In today's interconnected world, the complexity and frequency of cyber threats are intensifying at an unprecedented rate
The findings suggest that prevention and security culture development require equal attention alongside technical controls. Organisations must implement regular training programmes while maintaining comprehensive insurance coverage against potential breaches.
“Cybersecurity cannot remain an isolated IT function," Stu adds. “Instead, it must be embraced as a core component of organisational strategy, ensuring that technological risk management is backed by informed human defences and comprehensive risk management practices, including cyber insurance.”
Explore the latest edition of Cyber Magazine and be part of the conversation at our global conference series, Tech & AI LIVE and Cyber LIVE.
Discover all our upcoming events and secure your tickets today.
Cyber Magazine is a BizClik brand