Who are Peterson Technology Partners?

Peterson Technology Partners, also known as PTP, is a staffing and consultancy firm, located in Chicago and operating globally. PTP specializes in providing IT staffing and talent supply management solutions.

What services does PTP offer?

PTP is known for sourcing best-in-class talent for the IT industry, specializing in the fields of Artificial Intelligence, Data Science, Cloud Computing, DevOps, and Cybersecurity.

What are the benefits of working with PTP?

PTP’s proprietary 5-step assessment process ensures that our clients receive only the absolute best-in-class talent for their staffing needs. Our 4-point promise to every client guarantees Quality, Speed, Agility, and Customization.

Do I have to pay for this service?

We require no payment from job-seekers. If you’re a job-seeker looking for your next great opportunity visit the Jobs page. If you’re an employer looking for top-tier talent to meet your staffing needs, Contact Us to start building your customized service plan.

Cyber Insurance: Understanding the Risks, Rewards, Coverage, and Obligations in the Age of AI

Back in 1997, a man named Steve Haase was an insurance broker and senior vice president at the firm Hamilton Dorsey Alston Co. He’d had the notion of creating insurance to protect companies who had data stolen from servers (called Internet Security Liability, or ISL) but was really struggling to make it a reality.

The year before, Amazon was founded, and worldwide internet users had grown from 40 million to 100 million. (Compare to the 900 million average weekly users ChatGPT claims to be nearing today.)

By 2017, cyber insurance had become the fastest growing sector of the insurance industry. There were 471 firms selling it, with more than $3 billion in premiums.

By 2025, according to Swiss Re, this figure hits $15.6 billion.

Still, as pointed out by author Josephine Wolff (and reprinted in Slate), cyber insurance remains a unique form of coverage in many ways. While companies continue to increase their data-gathering, and cybercrime rises along with it, we’ve gotten data breach notification laws that have added fuel to the fire.

Factors like these have increased both the need for and popularity of cyber insurance. But still, there are no governing requirements on what it has to cover, which companies must get it, or companies who must be given an option to purchase it.

It’s also not required by law (like car insurance), nor underwritten by governments (like terrorism or flood). And still the damages it seeks to cover are hard to understand and predict but can be catastrophic.

Facing threats like ransomware (up 37% per Verizon’s 2025 DBIR), data breaches, and unplanned outages, all with a total global cost of some $1.2 trillion annually in 2025 (per Cyber Defense Magazine), and it’s no wonder why its popularity is spiking.

In today’s newsletter I look at cyber insurance in light of AI, and consider coverage issues and rising cyber insurance costs, as well as the defenses many policies require before extending coverage.

With attacks like this year’s Jaguar Land Rover outage causing an overall economic hit of some $2 billion (£1.5 billion, according to the Cyber Monitoring Centre), it’s a topic that’s unlikely to stop.

Cybercrime and AI’s Impact on Cyber Insurance

We run a bi-monthly cybersecurity roundup in our PTP Report (one is due soon, and you can check out our latest one here), and one thing that never fails to boggle my mind is the scale of cyber attacks today.

Breaches are so common that most everyone’s been exposed in some capacity. This year we’ve seen a rash of attacks that raided enterprise Salesforce instances, and with ransomware, criminal encryption can paralyze companies suddenly and without warning. In these cases, organizations face liability and remediation expenses, but also investigation, and sometimes most costly of all, workplace stoppage and brand damage.

With so many big-ticket exposures, and questions about employee responsibility and the scale of state-sponsored attacks, underwriting for cyber insurance is getting more rigorous, exclusions and coverage are getting tighter, and costs are going up.

All with AI changing both sides of the equation.

Deepfakes have been mentioned in our AI and cybersecurity roundups for two years now, with stories on fraudulent video calls (like the one last year that fooled a bank employee to hand over $25 million to criminals) and digital-document forgeries (which jumped 244% last year overall per the Entrust Cybersecurity Institute).

GenAI-based fraud is now expected to cost the US alone $40 billion annually (per Deloitte).

And now AI cybercrime is moving to the next level, with attacks uncovered by Anthropic and Google which are fully agentic and even use LLMs while executing.

On the other side of this fight, AI is being used defensively with increasing effectiveness, but also is improving underwriting itself, as covered in more depth in our recent PTP Report on AI use in the financial services.

Is it a wash? This remains to be seen.

Topping Cyber Insurance Risks: Ransomware, BEC, and Systemic Events

While cybercrime comes in all shapes and sizes, the most dangerous and distressing types are limited to a few categories.

Ransomware Coverage Remains the Headliner

We used to think of data breaches and ransomware as separate entities. The former was like the original 1997 use case for cyber insurance, with the latter resulting in companies getting their systems locked down.

Today, the two frequently overlap. Sophisticated criminal groups, often using ransomware-as-a-service (RaaS) offerings, break into systems and lurk, hiding their presence. They move laterally and extract what they can steal, and, if discovered, encrypt your data.

They then approach companies with ransom demands built around releasing data and/or unlocking your systems.

The good news here is that the average ransomware payment dropped in 2025, down to around $1 million. Also, 97% of companies hit with ransomware were able to get their data unlocked, either by backups, decryption, or yes, paying the ransom (both per Sophos). Ransom payments themselves have also dropped, though they are still believed to occur in more than a third of disclosed cases (down from 50%).

Varonis has reported on one strain of ransomware (HardBit) that even asks businesses about their cyber insurance policies, to ensure that ransom demands fall within a company’s insurance coverage. You can read an example ransom note here for more.

It should be no surprise that, because of cases like this, and rising frequency of attacks overall, some providers are eliminating or seeking to reduce ransom coverage, which has long been a staple of cyber insurance.

On BEC and Social Engineering Coverage

Business email compromise (BEC) scams are a kind of social engineering that uses email to impersonate expected business communications.

These can often come from supposedly trusted sources and use fake documents you may be expecting to see. AI is greatly improving the quality of these fakes, lowering the bar for criminals.

These attacks can open the door for criminals to deploy malware, either for ransomware as above, or for more old-fashioned data breaches. (This was one vector in the Salesforce campaign mentioned above.) Such phishing attacks cost an average of $4.8 million (per IBM).

And with such losses generally not covered by general liability or errors/omissions policies, this common form of attack is another area of appeal for cyber insurance.

Cyber Insurance and Systemic Risk

This year we’ve had a number of high-profile outages in cloud systems like AWS and Azure that led to extensive knock-on downtimes for websites and services across the spectrum.

But none have been as impactful as the CrowdStrike update failure from July 2024.

This wasn’t caused by cybercrime but nevertheless crashed some 8.5 million Windows systems worldwide. It meant outages in hospitals, airplane delays, manufacturing lines ground to a stop, and of course retail transaction chaos.

It led the world (and us, at PTP) to talk about digital resilience again. It also led to some handwringing over the stability of cyber insurance, where claims were expected to hit some $1 billion or more.

One year on, this reportedly didn’t have the disastrous impact on insurer finances that was expected, but still, it serves as a wake-up call for the industry. If it had been a cyberattack, the damages would have been more than doubled, and it pointed again to the fragility and extensive connection of our digital world in ways that are often difficult to foresee.

Earlier that year, Warren Buffet warned insurers to exercise caution around cyber insurance for this very reason: the aggregated damages across systems can be very hard to predict and can spiral very quickly.

And not coincidentally, this episode only increased business interest in cyber insurance.

On Cyber Insurance Policies for Small Businesses

Aberdeen Research Analyst and Harvard School Adjunct Derek Brink wrote in November on the need for small businesses to seriously consider adding cyber insurance, and his take, which includes typical pricing, is worth the read if you’re such a business weighing the choice.

Smaller companies ($50 million or less in annual revenue) are increasingly being targeted by attackers, and the damages inflicted can wreak far more havoc at scale.

It can also help companies with:

Proactive Risk Flagging: Underwriters investigate your cybersecurity and can help you uncover weaknesses before they’re exposed.

Safety Net for Recovery: Aside from the deductible, policies can cover direct costs to help span financial gaps during disastrous events.

Incident Response: For companies that may not have access, insurers can get you to experts ASAP to help reduce downtime.

Impact Mitigation: Cyber insurance can also help limit outsize damages to your brand and revenue while you get back on your feet.

But as with all such policies, the devil is in the details, and small businesses in particular must be savvy about cost, deductions, and exclusions (see below).

Cyber Insurance Cost vs Coverage

So, up to here, I’ve been looking at the reasons why coverage is increasingly viewed as essential for many companies.

And, as you would expect, cyber insurance claim trends have largely been going up.

In the UK, the Financial Times reported that 2024 saw claims triple, and Cyber Defense Magazine puts claim and premium hikes at $50–100 billion a year in 2025 (as part of their total cost calculation).

But in the US, insurer Coalition (one of the world’s largest) actually saw ransomware claims drop slightly in 2024 from 2023.

60% of claims submitted to them actually related to transfer fraud and BEC.

Also of note in their data: third-party breaches accounted for 52% of all claims.

These facts matter because cyber insurance policies today can actually exclude both types.

Things like supply chain cyber-attack coverage, social engineering attacks, state-sponsored cybercrime, impacts from a known vulnerability, and even network failures (not caused by cybercrime) are all common exclusions.

Companies are used to scrutinizing cost vs coverage and deductible amounts for their insurance. But with cyber insurance, the highly varied nature of it can make assessing the coverage itself much more difficult—though essential—to parse.

Cyber Insurance Coverage and Underlying Security Requirements

And to get cyber insurance coverage, companies are scrutinized to ensure they have taken care of their own protection first.

As mentioned above, this service alone can be helpful, especially for small businesses which may lack sufficient staffing and capacity in cybersecurity.

For coverage on higher-risk aspects like ransomware, business loss for downtime, and social engineering, companies can require more extensive baseline cyber defenses to be put in place.

This means of course the basics like multifactor authentication (MFA) for all users, enterprise level endpoint detection and response, regular scanning and monitoring, documentation of patch and update management, and even encrypted and offline backups with clear restoration plans in place.

It’s also to your benefit to be able to demonstrate: clear network documentation and segmentation; effective access management controls; logging; and your assessment process for new tools, vendors, and third-party partnerships.

Some require annual security tests and proof of training on phishing and security awareness, for example, before agreeing to provide coverage for things like fraud.

Such practices should be considered a baseline, and if your business needs assistance with cybersecurity professionals or implementing these services, you can contact us at PTP. We have nearly thirty years of proven experience providing great tech talent, onshore, offshore, or nearshore, and love to help companies get their baseline defenses in shape.

Conclusion: Readiness, Cyber Insurance, and AI

As many companies learned during the CrowdStrike outages, or in the rash of attacks this year targeting customer data, cyber insurance can save you when you need it most.

For a product that initially no one wanted, it’s come a long way and today can be an essential piece of a company’s defensive posture. That said, as more damages are paid out and attacks intensify, companies must be aware of the shifting limits of their own coverage and pay attention to rising costs.

Bottom line: if you’re not paying for cyber insurance, it might be time to see if you should be. And if you are, ask yourself if you are really paying for the coverage you need.

Better to know now if you have real protection or just the illusion of it.