Why Cyber Liability and Identity Theft Protection Can No Longer Be Optional

The latest reporting on the Iran conflict offers a clear warning to the insurance industry: cyber risk is no longer a standalone IT issue. It is now woven into geopolitics, physical conflict, supply chains, financial crime, and consumer identity misuse. Cyber Magazine’s recent coverage of the war described cyber operations as integral to military activity, including disruption of communications infrastructure and intelligence gathering through hacked cameras. Palo Alto Networks’ Unit 42 — a cyber security company — reported that, after the February 2026 strikes, Iran began a multi-vector retaliatory campaign, and that geographically dispersed proxies and hacktivist groups were likely to continue low-to-medium sophistication disruptions such as distributed denial-of-service attacks and hack-and-leak operations. An analysis from the Center for Strategic & International Studies also pointed to a reported 700 percent increase in cyberattacks targeting Israel after earlier strikes, reinforcing how quickly geopolitical events can spill into the digital domain.

Small Businesses in the U.S.

This really matters for small businesses in the United States because they do not need to be direct targets of a nation-state to suffer the consequences. When geopolitical tension drives a surge in cyber activity, the first wave may hit governments, telecom providers, or infrastructure. The second wave often hits everyone else through phishing, credential theft, spoofing, IP-camera exploitation, exposed remote access tools, third-party vendors, and opportunistic ransomware. Unit 42’s March 2026 brief explicitly warned that while internet disruption inside Iran could hinder more sophisticated state-directed attacks in the near term, dispersed operators and affiliates outside the country were still expected to pursue disruptive campaigns against perceived adversaries and nearby regions. In other words, sophisticated cyber conflict raises the background noise and threat volume for ordinary businesses and individuals alike.

Coalition’s 2026 Cyber Claims Report helps explain what that means in the real economy. Drawing on data from more than 100,000 policyholders, the report found that global cyber claims frequency rose 3 percent year over year in 2025, even as average severity declined, showing that attacks are happening more often even if better response is sometimes limiting the damage. More importantly for small businesses, the report’s claims-by-revenue section shows that companies with less than $25 million in revenue experienced a 1.21 percent claims frequency in 2025, up 10 percent from the prior year, while businesses with $25 million to $100 million in revenue saw claims frequency rise to 3.96 percent, up 3 percent. Coalition also notes that for micro-SMBs, even an average loss of $77,000 can be far more disruptive to the balance sheet than a six-figure loss at a large enterprise.

The claims mix is just as important as the frequency trend. Coalition reports that business email compromise (BEC) accounted for 31 percent of claims in 2025 and funds transfer fraud for 27 percent, meaning email-based financial crime drove 58 percent of all claims. BEC claims frequency rose 15 percent year over year, and 52 percent of funds transfer fraud claims originated from a BEC event. Across all funds transfer fraud claims, 71 percent resulted from social engineering. This is a critical lesson for carriers, MGAs, wholesalers, and agents: the modern cyber claim is not always a Hollywood-style malware event. Very often, it starts with a trusted inbox, a spoofed vendor instruction, or a convincingly urgent message that tricks an employee into moving money or giving away access.

Biggest Threat

Ransomware remains the most severe commercial cyber threat. Coalition found ransomware accounted for 21 percent of claims, with average severity of $262,000 in 2025. Dual-extortion attacks, where systems are encrypted and data is exfiltrated, represented 70 percent of ransomware claims and carried an average loss of nearly $299,000. Average ransom demands rose 47 percent to more than $1 million. Even though 86 percent of victims refused to pay and negotiators reduced paid demands by an average of 65 percent, the message is unmistakable: a serious cyber event can still create a liquidity crisis for a small business through downtime, forensics, legal expense, notification costs, and reputational damage.

The same report also shows why cyber liability is no longer only about restoring systems. Coalition’s third-party allegations section found that security failure or data breach claims made up 32 percent of third-party allegations, with an average loss of about $136,000, while privacy-rights allegations accounted for 20 percent. That means when a small business suffers a cyber event, the damage can extend beyond first-party loss into customer claims, regulatory scrutiny, and privacy litigation. A cyber policy is increasingly protecting not only the insured’s own operations, but also its legal and reputational exposure after customer or employee data is compromised.

Don’t Forget About ID Theft

At the same time, identity theft threats to individuals continue to move in the wrong direction. The Federal Trade Commission Consumer Sentinel Network recorded 1,135,291 identity theft reports in 2024, and the agency said there were more than 1.1 million identity theft reports received through IdentityTheft.gov that year. Credit card identity theft was the largest single subtype, with 449,032 reports. A new report by Javelin Strategy & Research and cosponsored by AARP, reported that Americans lost $47 billion to identity fraud and scams in 2024, including $27 billion tied to traditional identity fraud affecting 18 million people, up from 15 million in 2023. A separate AARP piece noted the FTC’s 2024 identity theft reports were up from about 650,000 in 2019.

These are not separate stories. They are connected. Every small business that stores customer names, addresses, payment information, health data, tax documents, employee records, or login credentials is part of the identity-risk chain. When a business is breached, an individual’s identity often becomes the downstream loss. Javelin also reported that 54 percent of consumers saw more unusual text messages, 47 percent saw more emails with suspicious links, and 42 percent saw more emails with suspicious attachments, highlighting how fraud, phishing, and identity misuse increasingly overlap. Meanwhile, the Identity Theft Resource Center 2024 data-breach reporting underscores the sheer scale of exposed data in the market, with its long-running database now encompassing more than 21,900 tracked compromises and nearly 12 billion victim notices historically.

How Insurance Professionals Can Help

This is where the insurance distribution chain has a duty to lead. As an industry, we all should be making cyber liability and identity-related protection easier to buy, easier to explain, and easier to use. Insurance professionals should be embracing solutions that thoughtfully address the distinct and evolving exposures faced by smaller insureds, rather than focusing solely on the needs of mid-sized and larger organizations. Just as importantly, cyber and identity protection should be presented not only as optional add-ons, but as essential elements of a comprehensive risk management strategy — supported by clear education, streamlined access, and a seamless path to coverage. For a business client, that means some form of cyber liability protection for the company and some form of identity theft or personal cyber/fraud protection for the human beings behind the company, especially owners and employees who are increasingly exposed at work and at home.

One of the lessons from the Iran conflict coverage and the claims data is not that every small business should panic. It is that every insurance professional should adapt. Cyber warfare, hacktivism, ransomware, business email compromise, wire fraud, and identity misuse now live on the same continuum. The businesses and households that will weather this environment best are the ones that have protection in place before the incident, not after. Carriers, MGAs, wholesalers, and independent agents have an opportunity to do more than sell a policy. They can close a protection gap that is getting wider every year. And in a market where trust and relationships still matter, that may be one of the clearest ways to stand out. Let’s Go!

Ariel Rivera’s career spans roles as a cyber insurance program
manager for carriers and MGAs, insurance continuing education instructor, keynote speaker, risk purchasing group integrator, agency owners advisor, podcast host, and industry author. He founded his first independent insurance agency, Ariel Rivera & Associates Inc., in 2007 in San Juan, Puerto Rico, and later established Deer Insurance Agency LLC, in Jacksonville, Florida, in 2019.

In 2020, Rivera launched Fun Insurance Solutions LLC, offering product integration, M&A advisory, and marketing services to the insurance sector. He currently serves as the director of business development at RGS Limited, a prominent cyber insurance program manager and the administrator of the North American Data Security Risk Purchasing Group. Rivera also serves as president of the National Association of Professional Insurance Agents. Rivera’s commitment to others drives his work, embodying his belief that, “Helping others is my passion; insurance is just ONE way of doing it.”