Skip to main content
Marsh logo

Article

US & Canada cyber claims 2025: Data privacy remains a challenge while ransomware lingers

Privacy breaches remain a top organizational concern, ranking as the top cyber threat in Canada and a top three threat in the US, according to our report.

01/27/2026 · 4 minute read

Key takeaways

  • Privacy breaches are one of the top concerns for organizations globally, according to a recent Marsh survey. Non-breach privacy risk shifted as claimants used a wider variety of statutes to pursue cyber claims. (A non-breach privacy event refers to a cyber event involving sensitive data or systems that do not involve unauthorized access or malicious actors.)
  • The volume of reported cyber claim notifications to insurers in the US and Canada declined in 2025, largely due to a reduction in correlated events.
  • At the industry level, communications, media, and technology companies experienced the most events; until recently, the healthcare industry held that distinction.
  • The number of ransomware claims declined by one-third; extortion payments, however, remain significant. 

Shift in non-breach privacy claims

Privacy breaches remain a top organizational concern, ranking as the top cyber threat in Canada and a top three threat in the US, according to Marsh’s Cyber catalyst report: Guiding priorities in cyber investments. Globally, privacy breaches tied with ransomware as the top overall cyber threat.

One notable change we saw in non-breach privacy claims in 2025 was the increased variety of US statutes under which they are being made (see Figure 1). For example, website tracking and other claims increased by 43% compared to 2024. This is primarily because plaintiffs’ attorneys are turning to statutes including wiretapping, the Computer Fraud and Abuse Act (CFAA), and the Electronic Communications Privacy Act (ECPA). At the same time, claims under the Biometric Information Privacy Act (BIPA) declined by 50% as clients are being more careful collecting biometric information. The same held true with claims under the Video Privacy Protection Act (VPPA), which fell nearly 59%.  

Non-breach privacy protection

Measures companies can take to help protect against non-breach privacy claims include:

  • Determining data ownership
  • Managing data and consent
  • Proactively controlling the retention and deletion of data
  • Protecting data and incident-related communications
  • Limiting use of regulated data to specified purposes
  • Understanding data sharing and managing third-party risks
  • Complying with regulations, including ones related to customer and “data subject” rights and cross-border data transfers

Absence of significant correlated events impacted cyber claims volume 

In 2025, the number of claims notifications from Marsh clients in the US and Canada decreased by 29% compared to 2024 (see Figure 2). 

Some of the decline can be attributed to a lack of correlated events compared to the prior year; many clients in 2024 were affected by the CrowdStrike and Change Healthcare events. However, even after removing correlated claims from the 2024 claims data, our clients still reported about 20% fewer events in 2025 than in 2024. 

Many factors contribute to the number of events (and thus claims) in any given year. Beyond reductions in correlated events, we believe that improved implementation of controls can significantly help. Because claim frequency did begin to increase during the latter part of 2025, quarter over quarter, it remains to be seen whether the lower annual claim frequency numbers in 2025 will carry over into 2026. This is certainly an area we will keep a keen eye on in the coming year.

Tech emerges as top target

While companies in every industry are at risk of a cyber event, over time certain ones stand out as being particularly frequent targets. Healthcare has historically experienced the highest number of claims; however, communications, media, and technology organizations have been higher for several quarters (see Figure 3). 

It’s worth noting that when looking at Canada and the US separately, healthcare remains the most targeted industry in Canada. 

Other notable trends

Ransomware claims decline in number, but not severity. The number of reported cyber extortion events declined by 33% in 2025 compared to 2024 (see Figure 4), which we attribute to improved organizational cybersecurity awareness and controls as well as less correlated events in 2025.

Ransomware continued to be top of mind and was tied with privacy breaches as the top risk cited by organizations globally in a recent Marsh survey. Ransomware was the top risk cited in Canada and a top three risk in the US.

Conclusion

The number of cyber claims submitted to Marsh in 2025 declined compared to 2024, even after we controlled for there being fewer correlated events in 2025. It will be interesting to see if this trend holds in 2026. It should be worth noting that while event numbers fell in 2025, claim notifications are still significantly elevated since 2022.

Among the positives from the drop in claims numbers is the likelihood that it is driven in part by organizations improving their cybersecurity measures. Room for optimism can be taken from the intent most organizations expressed in a recent Marsh survey to increase their cybersecurity spending in 2026.

Looking ahead, it is important to recognize the evolving role of artificial intelligence (AI) in cybersecurity. While AI-related claims are not yet prominent, the potential for such claims is growing as AI technologies become more widespread. While attackers are increasingly using AI to enhance their tactics, organizations are adopting AI-driven tools to bolster their cyber defenses. This dual dynamic highlights the critical importance of strong governance. Organizations must stay aware of how AI is being used, understand any relevant restrictions, and define clear processes to assess risks and implement effective mitigation strategies.

(Note that the 2025 data in this report was gathered through November 30, 2025, and extrapolated for the full year).

Related insights

Hands using smartphone in city

Article

How can businesses navigate technology risks and opportunities in a competitive age?

01/21/2026
Corporate business team and manager in a meeting

Podcast,Featured insight

Risk in Context Podcast: Getting ahead of 2026’s top risks to build resilience

01/06/2026
Cyber buyer's study

Report,Featured insight

Cyber catalyst report: Guiding priorities in cyber investments

12/09/2025
professional business person are working in communication of online marketing job plan with laptop by using a hand to typing computer keyboard at modern office workplace or co-working space

Article

What is cyber insurance?

11/20/2025
View more