Chubb Cyber Report Shows Large-Account Severity Doubled and Supply Chain Losses Multiplied 2.5x

Large U.S. businesses filed roughly 10 cyber insurance claims per 100 policies in 2025, down 34% from 15 the year before. Average claim severity for that same cohort reached $4.4 million, nearly double the $2.2 million average in 2024, and 586% above the 2021 baseline. That combination sits at the center of Chubb's 2026 Cyber Claims Report, covering claims data through December 2025, and introduces a third theme the actuarial market has been slow to quantify: how autonomous AI attacks change the severity and accumulation assumptions embedded in cyber pricing before that attack vector has its own credible development triangle. Reading carrier cyber reports alongside 10-K risk factors, the practical pattern is that AI first appears as a threat multiplier in loss data well before it has enough dedicated history to stand alone in pricing. The Chubb data offers a way to frame that conversation using observed claims rather than projection assumptions alone.

The Severity Picture by Market Segment

The Chubb report segments the cyber book into three size cohorts, and each tells a story the others cannot. The divergence between segments is large enough to invalidate any pricing approach that applies a single aggregate severity trend across a mixed book.

For small and medium enterprises, claim severity fell from roughly $215,000 to $142,000 year over year. That improvement likely reflects a combination of better endpoint controls, higher deductibles filtering out smaller claims, and a shift in attacker attention toward larger, higher-yield targets. SME frequency remained essentially stable, so the overall SME loss cost improved on both dimensions simultaneously.

The middle market moved in the opposite direction. Severity rose from approximately $619,000 to $759,000, reflecting the compounding effect of larger system footprints, more complex forensic investigations, and incident response costs that scale faster than revenue as organizational complexity grows. A mid-market company typically has more data touchpoints, more third-party integrations, and more regulatory exposure than a small business, which drives both the incident response tab and the notification cost.

The large account segment is the most significant. Severity reached $4.4 million in 2025, nearly double the $2.2 million average in 2024, with claim frequency simultaneously falling from 15 to about 10 per 100 policies. Business interruption costs and escalating data breach and privacy litigation expenses drove both the severity increase and the geographic spread of those expenses across jurisdictions. The 586% severity increase since 2021 is not simply an inflation story; it reflects structural expansion in the cost components that respond to large-account incidents, each of which has grown faster than the general price level.

The actuarial implication is direct. An SME book experiencing improving severity and a large-account book experiencing doubling severity will produce a blended aggregate trend that understates tail risk in the upper segment while appearing to show controlled loss experience overall. Actuaries relying on book-wide loss ratios to calibrate cyber pricing should decompose by revenue band before selecting any trend factors. The segments are not trending in the same direction, and the rates should reflect that.

Two Roles for AI in Cyber Claims

The Chubb report's emphasis on autonomous AI as an emerging driver requires a distinction that most market commentary does not make clearly enough, and conflating the two will send actuaries and underwriters in opposite directions at the same time.

The first role is AI as a threat amplifier: adversaries deploying AI tools to accelerate attacks, reduce human intervention requirements, and extend the reach of a single compromise across more systems in less time. This is what the Chubb report addresses directly. Autonomous AI enables sophisticated attacks that compromise multiple network segments in minutes, with minimal human oversight. Self-rewriting malware strains can evade signature-based detection mid-execution. Autonomous reconnaissance tools can map corporate networks, identify exploitable vulnerabilities, and hand off to automated exploit chains faster than any human attacker and before most incident response teams have received their first alert. The Chubb report places these capabilities at the center of its severity and accumulation analysis, and the loss data for 2025 reflects what happens when those tools reach broader adversarial deployment.

The second role is AI as a covered technology exposure: insurance liability arising from the insured's own AI operations. Automated underwriting decisions challenged as discriminatory, AI-generated content creating copyright or defamation exposure, autonomous claims processing errors generating disputes, AI advice tools producing harmful outputs. These exposures are slowly accumulating loss history, and some carriers have begun building explicit policy language to address them. The liability here attaches because of what the insured's AI system did, not because an adversary used AI to compromise it.

Both roles matter for cyber underwriting, but they require different actuarial responses. The threat-amplifier form does not need new policy structures. Existing cyber coverage language responds to system compromise and data exfiltration regardless of what tools the attacker used. What it needs is revised severity and accumulation assumptions, because AI-enabled attacks can produce faster and wider propagation than the attack timelines embedded in most historical loss data. The covered-technology form needs policy wording review and questionnaire expansion to capture what AI the insured actually operates and what oversight exists.

Pricing models that conflate these two roles will ask the wrong underwriting questions. A questionnaire designed to assess AI-liability exposure will not identify whether the insured's security stack can detect AI-accelerated lateral movement. A questionnaire designed to assess threat posture will not capture whether the insured's AI-driven claims processing creates adverse action liability. Both question sets are necessary. Neither substitutes for the other.

Supply Chain Events and the Accumulation Calculus

The supply chain finding in the Chubb report is the number that should force the hardest conversations in accumulation modeling. A single ransomware event targeting a UK company in 2025 produced $568 million in direct losses for the targeted firm. Total losses across the supply chain reached $1.4 billion, affecting more than 5,000 UK organizations and causing manufacturing disruptions spanning five weeks across the UK, Slovakia, Brazil, and China. The ratio of supply chain loss to direct loss was approximately 2.5 to 1.

That multiplier is not derivable from the questions most underwriting questionnaires ask. An insured purchasing cyber coverage for its own operations may sit in the middle of a supply chain whose aggregate exposure is 2.5 times the direct insured value at risk. The carrier's actual exposure to that scenario depends on which policyholders share vendor dependencies with the targeted firm, not on each policyholder's individual risk characteristics alone. Because vendor concentrations tend to cluster around a small number of hyperscaler cloud platforms, specialized software providers, and logistics networks, the correlation structure across an insured portfolio may be much higher than a standard independence assumption implies. The actuarial models that matter for cyber catastrophe are ones that track vendor-dependency clusters, not geographic or industry clusters.

Autonomous AI amplifies this accumulation problem in a specific and measurable way. Traditional attack propagation is constrained by the speed of human attackers: lateral movement takes time, manual reconnaissance has limits, and incident response teams typically have some window to identify and isolate affected systems before propagation reaches adjacent organizations. AI-enabled attacks compress that window. An attack that takes 72 hours to propagate through a supply chain under human direction may complete in six hours under autonomous AI orchestration, before the first affected organization has identified the initial compromise and issued vendor warnings.

The practical actuarial response is zone-based accumulation testing with propagation speed as an explicit scenario variable. Cyber actuaries should structure portfolio stress tests around vendor-dependency clusters rather than SIC codes or geographies. Scenarios should parameterize the propagation timeline: how does the loss accumulation change if autonomous AI reduces mean time from initial compromise to cascading supply chain failure from 72 hours to six hours? How does the total affected policyholder count change if the propagation window closes before any network member can isolate? Those are not speculative modeling exercises. They are sensitivity analyses anchored to an empirically observed base case: the $568 million direct, $1.4 billion supply chain event the Chubb report documents.

The scenario also illustrates the accumulation risk from AI-accelerated exfiltration within the supply chain event itself. Five thousand-plus organizations affected means five thousand notification obligations potentially triggering simultaneously across multiple state breach notification regimes, each with its own timing requirements and per-record cost structure. The aggregate notification cost from one event, spread across that many insured organizations, could exceed the direct loss cost for many individual policyholders.

Privacy Complexity and Development Tail Assumptions

The third major theme in the Chubb report is privacy complexity, and it directly affects the shape of the loss development triangle for any carrier writing cyber with meaningful data-breach coverage. Data-breach claims in the U.S. exceeded $10.2 million in the most severe cases documented in the report, driven by the combination of regulatory notification costs, forensic investigation, business interruption, and an expanding perimeter of reinterpreted privacy statutes.

Two litigation theories have generated thousands of lawsuits in recent years, both exploiting laws written decades before web analytics existed. The 1988 Video Privacy Protection Act, originally aimed at video rental stores, has been applied to insurers and healthcare providers that embedded video analytics on their websites. The 1967 California wiretapping statute has been applied to cookie and tracking pixel usage by online businesses. These are not new legislation risks. They are established statutes whose application to digital behavior was discovered, systematized, and then scaled by the plaintiff bar. The claims channel they opened was not meaningfully visible in cyber underwriting questionnaires as recently as 2022, which means development triangles anchored to that era understate the tail for policyholders with digital analytics exposure.

Privacy litigation develops on a fundamentally different timeline than operational cyber events. Ransomware claims typically reach a reportable state within days of the incident, and most operational costs (restoration, forensics, ransom settlement) are resolved within 18 to 24 months of the loss date. Privacy class action cases tied to a data breach can take three to five years from the triggering event to final settlement, and the ultimate loss may depend on plaintiff class definitions that expand over time as additional individuals identify themselves as affected. The development factors appropriate for operational cyber are too thin to cover privacy litigation tails, and blending the two into a single composite triangle produces a factor that is wrong in both directions simultaneously.

Autonomous AI makes the privacy development problem more acute in one specific way. Data exfiltration at machine speed can produce a larger affected population from the same intrusion than human-directed theft would, because AI tools can systematically identify and extract structured records from databases faster than any human attacker, often completing exfiltration before intrusion detection triggers containment. A breach that would have affected 100,000 individuals under manual extraction might affect 500,000 under AI-directed exfiltration, because the AI completes the extraction before the monitoring alert fires. Notification obligations attach per-individual under most state breach statutes. The downstream litigation exposure scales with the notified population. Actuaries who set development patterns based on 2020 to 2023 breach experience are anchoring to a period when most exfiltration was human-paced. That anchor may not hold.

Underwriting Forms and AI Readiness Gaps

The severity and accumulation patterns in the Chubb data point toward specific gaps in current underwriting questionnaire design, and filling those gaps is not a philosophical exercise in preparedness. It is the prerequisite for distinguishing, on a policy-by-policy basis, which accounts carry material AI-amplified exposure from accounts where the current questionnaire result is actually predictive.

Standard cyber questionnaires assess controls that address attack vectors that dominated loss history through 2023: multi-factor authentication, patch management cadence, tested incident response plans, encrypted backups, and endpoint detection platforms. These controls remain necessary and their presence or absence remains predictive for frequency. What they do not assess is the insured's specific resilience against the characteristics that make AI-accelerated attacks different in kind: fast lateral movement, autonomous reconnaissance, and cascading propagation through vendor networks before any human in the chain has had a chance to respond.

Three control attributes matter for AI-amplified threat scenarios in ways that current questionnaires mostly miss. Speed of lateral movement detection is one: an insured whose security stack generates an alert and triggers automated containment within minutes of anomalous lateral network traffic is in a materially different risk position than one whose log aggregation runs on an overnight batch cycle. Network segmentation enforceability is a second: can the insured isolate a compromised segment within minutes of a detection trigger, or does enforcement require manual change control that takes hours? Vendor dependency mapping is a third: does the insured know which critical software and cloud providers share infrastructure with peer companies in its industry, and has it stress-tested the scenario where that shared infrastructure is the point of entry for a supply chain event?

The insured's own AI operations create a parallel questionnaire gap, on the covered-technology side of the AI-in-cyber distinction. An organization deploying AI for autonomous customer interactions, automated claims adjudication, or real-time financial settlement has created a system that, if compromised or manipulated, could produce erroneous outputs at machine speed before any human review catches the error. The relevant questions include: what AI-driven processes operate without human checkpoint approval, what is the dollar threshold above which a human reviews an AI decision, and what monitoring exists to detect model drift or adversarial manipulation of AI inputs. These questions do not appear in most standard cyber applications. The exposure they address is real and growing.

Building Severity Scenarios from Observed Claims Data

The market framing of autonomous AI cyber risk operates almost entirely at the threat-narrative level. Capabilities are advancing, tools are commoditizing, attack speed is increasing. That framing is probably accurate. It does not translate directly into a pricing variable, and it cannot support a rate filing on its own.

The Chubb data provides the bridge an actuary actually needs. Dedicated AI-specific loss history does not exist yet. What exists is observed severity, accumulation, and development patterns in the current claims portfolio, patterns that AI amplification will stress in predictable directions and by parameterizable magnitudes.

Start with severity. The large-account average of $4.4 million and the supply chain 2.5x loss multiplier are observed anchors, not model outputs. An actuary can apply a range of AI-amplification factors to those anchors as explicit scenario parameters: if AI reduces mean time to lateral spread by half, how does the supply chain loss distribution shift? If autonomous exfiltration completes extraction on a larger fraction of records before detection, what is the change in notification cost across the state-by-state breach notification framework? If the average data-breach claim at $10.2 million reflects 2025 attack speeds, what does that distribution look like at twice the exfiltration rate? These are not guesses. They are parameterized ranges anchored to documented claims data, disclosed as scenario uncertainty rather than false-precision point estimates.

On the frequency side, the 34% decline in large-account frequency alongside nearly doubled severity is a pattern worth examining rather than accepting at face value. One interpretation is that defenses improved and attackers found fewer entry points. A second interpretation is that AI-enabled attackers have shifted toward fewer, higher-value targets selected with greater precision, because the per-attack investment required to deploy autonomous tools is better amortized against high-value victims. If the second interpretation is correct, frequency will continue falling as severity rises, because the attacker economics favor concentration. An actuary modeling frequency and severity with separate trend selections, rather than a single blended loss ratio trend, can track which interpretation the emerging data supports without conflating the two.

For loss development, the Chubb data supports maintaining at least two separate triangles: one for operational cyber events with their 18 to 24 month development horizon, and one for privacy-litigation claims with a three to five year tail. AI-accelerated exfiltration stretches the second triangle by increasing the notified population and accelerating plaintiff identification. That effect should appear as a rightward shift in the late-tail link ratios for privacy claims rather than in the shorter-tail operational factors, which is why composite triangles obscure the effect entirely.