In Partnership with
Ransomware payout ban: will it kill coverage demand?
‘Not all cybersecurity providers are equal’
Sam Cheshire
Gallagher
Industry experts
Gülsah Dagdelen
Tokio Marine HCC
Vanessa Leemans
AXA XL
Sam Cheshire is head of cyber for Gallagher in the UK & Ireland, responsible for supporting Gallagher’s regional office network and clients with specialist technical cyber knowledge. Chesire joined Gallagher in 2023 after spending over six years at Clear Insurance Management where he also specialised in cyber insurance. He works closely with commercial business clients to help identify their unique cyber risks and works with the wider teams to source the most appropriate insurance to meet their needs.
Gallagher
Sam Cheshire
Gülsah Dagdelen is in charge of Tokio Marine HCC’s international cyber book for EMEA and Latin America, and currently runs a team of 11 underwriters focused on different regional markets. With an extensive underwriting background in financial lines and renowned for her technical expertise in cyber, Dagdelen is actively involved in shaping the firm’s risk-assessment strategy and client relations for the cyber segment. Dagdelen is an FCII-qualified underwriter, holds a master’s degree in law and is passionate about this line of business, sharing insights in insurance publications and industry events.
Tokio Marine HCC
Gülsah Dagdelen
Vanessa Leemans is a senior cyber insurance leader with 23 years’ experience, including 19 in the London market and 13 in cyber. She joined AXA XL in November 2022 as head of cyber, UK & Lloyd’s, overseeing the UK cyber business and strategic growth. Her career began 23 years ago at Aon in Belgium in financial lines, and she held cyber leadership roles at Aon Cyber Solutions. Leemans achieved master’s degrees in law and business economics.
AXA XL
Vanessa Leemans
“Not all cybersecurity providers are equal. It’s important to really rely on expertise, and that’s where AXA XL can help prepare and protect clients against that cyber risk”
Vanessa Leemans,
AXA XL
From ransomware payout bans to evolving regulations to shifting capacity and emerging threats, the cyber insurance market is facing a series of challenges. For insurers, it’s a case of keeping their eyes firmly on the changing needs of their clients.
�In a recent roundtable, Insurance Business brought together Gülsah Dagdelen, cyber manager for EMEA and Latin America at Tokio Marine HCC; Vanessa Leemans, head of cyber, UK and Lloyd’s at AXA XL; and Sam Cheshire, head of cyber, UK and Ireland at Gallagher, to debate and discuss the ongoing evolution of the market – to look at trends that have shaped the past 12 months and what we can expect to see in 2026 and beyond.
�One of the main areas of focus for professionals in the months to come hinges on a potential ban on ransomware payments – something that could impact both the demand for cyber insurance and the types of coverages organisations are looking for. �
“We have, at Tokio Marine HCC, always focused on the technical assessment of each risk and how companies can become more resilient and limit their exposure. That goes hand in hand with the risk assessment”
Gülsah Dagdelen, Tokio Marine HCC
“Insurers have a much better understanding of what a good cyber risk looks like. They’re asking the right questions, which then means that our clients are investing into the correct lines of security”
Sam Cheshire,
Gallagher
Prepare, prevent and recover�“This debate has been going on for many years since cyber arrived in continental Europe,” prefaced Dagdelen. “We still see a huge amount of cyber claims arising from ransomware, [but], to be honest, we were never overly concerned about the ransom payment itself. We have, at Tokio Marine HCC, always focused on the technical assessment of each risk and how companies can become more resilient and limit their exposure. That goes hand in hand with the risk assessment, focusing on the resilience of the company, on redundancies and on recovery of systems. Our experience is that the ransom itself is not the biggest concern for companies – the main problem is the link between the amount of ransom demand and how resilient the companies are.”
�Essentially, if an organisation has the correct backups in place, and is therefore able to recover their systems quickly, the ransom demand is usually not as high. As such, at Tokio Marine HCC, they’re reframing the �
Read on
AXA XL, the property & casualty and specialty risk division of AXA, provides insurance and risk management products and services for mid-sized companies through to large multinationals, and reinsurance solutions to insurance companies globally. We partner with those who move the world forward. To learn more, visit www.axaxl.com.
Find out more
Tokio Marine HCC is a leading specialty insurance group conducting business in approximately 180 countries and underwriting more than 100 classes of specialty insurance. Headquartered in Houston, Texas, the company comprises highly entrepreneurial teams equipped to underwrite special situations, companies and individuals, acting independently to deliver effective solutions. Our products and capabilities set the standard for the industry, as many of our employees are industry-leading experts.
�Tokio Marine HCC’s major international insurance companies have financial strength ratings of “A+ (Strong)” from S&P Global.�
Find out more
M&A
Insights 2021
Insurance Business America uncovers the answers to brokers’ biggest questions about mergers and
acquisitions, with expert insight from MarshBerry, Baldwin Risk Partners and Relation Insurance
Read on
Phil Trem
MarshBerry
Timothy J. Hall
Relation Insurance
Gerard Vecchio
MarshBerry
Industry experts
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Tellus in penatibus condimentum malesuada ante vulputate nisi, arcu leo. Amet urna sapien purus vestibulum fermentum a. Cursus metus massa donec sed varius. Nunc enim sit morbi lacus, molestie et nunc. Nullam sed facilisi id malesuada. Ante purus velit, quam scelerisque ultrices scelerisque donec.
Velit egestas vel ornare pellentesque ridiculus. Mauris tempor augue quis mattis suspendisse feugiat commodo posuere. Faucibus massa adipiscing nullam elit, ac vel accumsan. Phasellus eget ac dignissim fermentum ac placerat elit, metus. Nulla porttitor ante egestas molestie quis quam. Pharetra magna sit mauris tellus gravida rutrum libero sit. Justo orci cras euismod proin massa lorem ut. In non tellus phasellus faucibus ullamcorper nullam odio dui et.
Mashberry
Gerard Vecchio
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Tellus in penatibus condimentum malesuada ante vulputate nisi, arcu leo. Amet urna sapien purus vestibulum fermentum a. Cursus metus massa donec sed varius. Nunc enim sit morbi lacus, molestie et nunc. Nullam sed facilisi id malesuada. Ante purus velit, quam scelerisque ultrices scelerisque donec.
Velit egestas vel ornare pellentesque ridiculus. Mauris tempor augue quis mattis suspendisse feugiat commodo posuere. Faucibus massa adipiscing nullam elit, ac vel accumsan. Phasellus eget ac dignissim fermentum ac placerat elit, metus. Nulla porttitor ante egestas molestie quis quam. Pharetra magna sit mauris tellus gravida rutrum libero sit. Justo orci cras euismod proin massa lorem ut. In non tellus phasellus faucibus ullamcorper nullam odio dui et.
Relation Insurance
Timothy J. Hall
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Tellus in penatibus condimentum malesuada ante vulputate nisi, arcu leo. Amet urna sapien purus vestibulum fermentum a. Cursus metus massa donec sed varius. Nunc enim sit morbi lacus, molestie et nunc. Nullam sed facilisi id malesuada. Ante purus velit, quam scelerisque ultrices scelerisque donec.
Velit egestas vel ornare pellentesque ridiculus. Mauris tempor augue quis mattis suspendisse feugiat commodo posuere. Faucibus massa adipiscing nullam elit, ac vel accumsan. Phasellus eget ac dignissim fermentum ac placerat elit, metus. Nulla porttitor ante egestas molestie quis quam. Pharetra magna sit mauris tellus gravida rutrum libero sit. Justo orci cras euismod proin massa lorem ut. In non tellus phasellus faucibus ullamcorper nullam odio dui et.
Mashberry
Phil Trem
M&A
Insights 2021
Insurance Business America uncovers the answers to brokers’ biggest questions about mergers and
acquisitions, with expert insight from MarshBerry, Baldwin Risk Partners and Relation Insurance
Read on
Phil Trem
MarshBerry
Timothy J. Hall
Relation Insurance
Gerard Vecchio
MarshBerry
Industry experts
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Tellus in penatibus condimentum malesuada ante vulputate nisi, arcu leo. Amet urna sapien purus vestibulum fermentum a. Cursus metus massa donec sed varius. Nunc enim sit morbi lacus, molestie et nunc. Nullam sed facilisi id malesuada. Ante purus velit, quam scelerisque ultrices scelerisque donec.
Velit egestas vel ornare pellentesque ridiculus. Mauris tempor augue quis mattis suspendisse feugiat commodo posuere. Faucibus massa adipiscing nullam elit, ac vel accumsan. Phasellus eget ac dignissim fermentum ac placerat elit, metus. Nulla porttitor ante egestas molestie quis quam. Pharetra magna sit mauris tellus gravida rutrum libero sit. Justo orci cras euismod proin massa lorem ut. In non tellus phasellus faucibus ullamcorper nullam odio dui et.
Mashberry
Phil Trem
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Tellus in penatibus condimentum malesuada ante vulputate nisi, arcu leo. Amet urna sapien purus vestibulum fermentum a. Cursus metus massa donec sed varius. Nunc enim sit morbi lacus, molestie et nunc. Nullam sed facilisi id malesuada. Ante purus velit, quam scelerisque ultrices scelerisque donec.
Velit egestas vel ornare pellentesque ridiculus. Mauris tempor augue quis mattis suspendisse feugiat commodo posuere. Faucibus massa adipiscing nullam elit, ac vel accumsan. Phasellus eget ac dignissim fermentum ac placerat elit, metus. Nulla porttitor ante egestas molestie quis quam. Pharetra magna sit mauris tellus gravida rutrum libero sit. Justo orci cras euismod proin massa lorem ut. In non tellus phasellus faucibus ullamcorper nullam odio dui et.
Relation Insurance
Timothy J. Hall
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Tellus in penatibus condimentum malesuada ante vulputate nisi, arcu leo. Amet urna sapien purus vestibulum fermentum a. Cursus metus massa donec sed varius. Nunc enim sit morbi lacus, molestie et nunc. Nullam sed facilisi id malesuada. Ante purus velit, quam scelerisque ultrices scelerisque donec.
Velit egestas vel ornare pellentesque ridiculus. Mauris tempor augue quis mattis suspendisse feugiat commodo posuere. Faucibus massa adipiscing nullam elit, ac vel accumsan. Phasellus eget ac dignissim fermentum ac placerat elit, metus. Nulla porttitor ante egestas molestie quis quam. Pharetra magna sit mauris tellus gravida rutrum libero sit. Justo or24ci cras euismod proin massa lorem ut. In non tellus phasellus faucibus ullamcorper nullam odio dui et.
Mashberry
Gerard Vecchio
Share
Share
Share
Published 27 Oct 2025
Contact Us
Specialty
Best in Insurance
Resources
Risk Management
TV
News
UK
Copyright © 2025 KM Business Information UK Ltd
RSS
Sitemap
Contact us
About us
Conditions of Use
Privacy policy
Cookie policy
Terms & conditions
People
Contact Us
Specialty
Best in Insurance
Resources
Risk Management
TV
News
UK
RSS
Sitemap
Contact us
About us
Conditions of Use
Privacy policy
Cookie policy
Terms & conditions
People
Copyright © 2025 KM Business Information UK Ltd
Contact Us
Specialty
Best in Insurance
Resources
Risk Management
TV
News
UK
RSS
Sitemap
Contact us
About us
Conditions of Use
Privacy policy
Cookie policy
Terms & conditions
People
Copyright © 2025 KM Business Information UK Ltd
question around whether ransomware payments will be banned and instead focusing on the resilience and technical maturity of the company itself.
Still, according to Dagdelen, in a claims scenario there’s always the issue of whether the company can afford not to pay a ransom.
“We, as insurers, never recommend paying a ransom, but there are considerations that should be taken into account when discussing if ransom payments should be banned or not,” added Dagdelen. “I’d like to stress that ransomware payments are not the biggest claim expense to insurers – but a ban could encourage organisations to do what they should be doing already, which is getting the right coverage, planning for preparation, prevention and recovery.”
�According to AXA XL’s recent research, non-ransomware claims are more significant than many businesses believe. The company’s research found that the top three triggered coverages are data breach response, business interruption and cybersecurity coverage – with ransomware and extortion coming in fourth place. �
“We must help businesses look at how to prepare, prevent and recover,” said Leemans. “That’s obviously still the best option. While a ban may encourage organisations to do what they should be doing already, it’s more about preparation and protecting effectively rather than relying on the last resort of ransom payments. Ultimately, the bigger goal over the longer term is that a ban would deter and discourage ransomware attacks in the UK.”
�And Cheshire agrees adding that this ban is unlikely to impact the overall demand for cyber insurance because the claims won’t just go away overnight.
�“In the UK the government is looking at proposing a ban on public sector entities from paying ransom demands,” he told IB. “However, we haven’t seen it as an absolute stop – the threat actor groups are still making those ransom demands against public sector companies. They’re just choosing not to pay them now, whereas historically they may have not had the option.”�
For Cheshire, the most interesting part of the ransomware payout ban is how it would, or even could, be policed – and what that would look like exactly.
�“If there is a ban on making ransom payments, how do we know whether that’s actually happening and whether people are doing it or not? Are we going to be fining companies? Companies that have gone through a very large cyber incident felt that their only route to save themselves is to pay a significant sum to a criminal activity group – and we’re going to fine them? Kick a man whilst he’s down.”
�Here is where the importance of open and clear communication comes into play. As Leemans told IB, effective cybersecurity coverage comes down to the relationship between client, broker and insurer – and that exchange of information.
�“Not all cybersecurity providers are equal,” she explained. “It's important to really rely on expertise, and that’s where AXA XL can help prepare and protect clients against that cyber risk.”�
Friend or foe? AI’s double-edged sword�As we move further toward 2026, advancements in technology and AI are both accelerating cybersecurity awareness as well as giving a “leg up” to criminals looking to exploit gaps in organizations’ security. Research from the UK government found that in 2025, four in 10 businesses reported a cybersecurity breach – that equates to 612,000 organisations affected. And that figure is expected only to rise as AI becomes more widely adopted.
�As Leemans told IB, her team is seeing an increase in supply-chain attacks impacting multiple organisations and amplifying the potential for losses.
“These threats are particularly concerning because they can compromise multiple entities simultaneously – they’re harder to detect and defend. Cybercriminals are exploiting those weaker links to gain access to larger organisations. Ransomware attacks continue to be a top �
concern due to increased sophistication and impact. The threat actors are employing advanced techniques, targeting critical infrastructure and demanding higher ransoms, often causing significant operational disruptions and financial losses.”
A rise in AI capabilities has also enabled threat actors to automate and scale attacks, including creating highly convincing phishing emails, deepfake scams and automated malware. And the increase in volume and sophistication of the threats makes any defence more challenging.
“Everything we’re seeing this year we’ve normally seen before, but the level of sophistication from the threat actor groups is much higher,” said Cheshire. “[They take approaches] that have potentially worked on a few people and hone those skills to exploit vulnerabilities.”
�Dagdelen agreed, adding that AI can be seen as something of a double-edged sword in that it’s being used by both attackers and companies trying to ward them off.
�“Companies are regulated, hackers are not – that’s important to keep in mind when considering who is always one step ahead,” she warned.
Regulatory frameworks: changes on the horizon �Looking at that regulation element, it’s key that employers in ��
the UK stay ahead of all developments – of which there are predicted to be many. As Leemans revealed to IB, there’s been an enhanced focus on compliance and accountability, especially regarding new frameworks.
“Regulatory frameworks such as the UK GDPR, the EU NIS2 Directive and the upcoming UK Cyber Security and Resilience Bill are emphasising stricter data protection and cybersecurity requirements, which prompt businesses to prioritise compliance as a core element of their risk management strategy. We’re moving away from purely reactionary measures towards encouraging proactive risk assessments, routine vulnerability testing and adoption of best practices.”
For Dagdelen, she’s keen to make the distinction between how these regulations impact both the client and the insurer. As she told IB, from a client’s perspective new regulations can help support companies – especially when it comes to SMEs. The process can help give the client guidance on the minimum requirements that protect their company against future cyber losses.
�“From an insurer’s perspective, our risk assessments are based on different frameworks,” she added. “When you compare these frameworks with all the new regulations, there’s a huge overlap between the requirements of these regulations and the frameworks. So, from our perspective, it’s actually very positive. And in the long term for the client, if they’re complying with these regulations and acts, we know that they’ll be more resilient to future cyberattacks, allowing them to access better terms and conditions for cyber coverage.” �
Bridging the SME cyber coverage gap �Looking back over the past 12 months, all speakers agree that there’s been a shift in the market. After going through a period of hardening, 2020–2023, businesses have emerged from the other side in a position of market softening.
�“Insurers have a much better understanding of what a good cyber risk looks like,” added Cheshire. “They’re asking the right questions, which then means that our clients are investing into the correct lines of security and are being better rewarded for the good work that they’ve done. Our clients who’re protecting themselves properly and have invested into cyber risk management are seeing the largest benefits.”
Dagdelen concurred, explaining that there’s a marked difference between the SME market and the larger firms out there.
�“For the SME sector, the market is a bit more stable,” she told IB. “Although we have new players, especially with the new MGAs, the market is still being less affected. And we’re also seeing changes in underwriting philosophy, especially in the SME sector where scanning tools reduce questions in the proposal forms.”
Concluding, Leemans agreed – explaining that insurance rates continue to be competitive for the large corporates and that there’s a gap in protections for SMEs that needs to be addressed as we head into 2026.
�“A lot of SMEs don’t buy cyber insurance yet. They’re still on a journey of getting to cybersecurity maturity – that’s a real gap in protection. Moving forward, we need to help more of those small and medium-sized businesses with cybersecurity awareness and protection.”�
Source: AXA XL
Large loss claims account for 88% of all its global cyber losses; this suggests that a relatively small number of large claims are responsible for the majority of cyber losses (claims that surpass $1M)
Since around 2018, ransomware has emerged as a leading cause of large claims, affecting 54.3% of claims in recent years
Prior to 2019, only 35.7% of attacks were flagged internally; since then, some 66% of incidents were detected by the insured themselves
AXA XL: Key trends in major claims, ransomware attacks
Source: KPMG, IBM
Cybercrime: A global concern
76% of security leaders are concerned about cyber threats evolving in sophistication
�72% believe they are “first adopters” of technology to combat them in the years ahead
�Cybercrime costs are expected to escalate worldwide to almost $14T by 2028
�Ransomware costs victims an average of $1.85M per incident, with attacks rising by 13% over a 5-year period�
