This piece is by Jim Van Dyke
Trend lines in the cyber risk environment have been anything but straight during recent years. In 2025, data breaches worsened, reversing the declines seen in the previous year.2 But the real story for insurers and risk managers isn’t necessarily the volume of incidents — it’s how threats are evolving.
Rather than broad, low-value attacks, fraudsters are pursuing more lucrative data grabs — which have more damaging implications for consumers and insurers alike. As a result, today’s breaches expose increasingly sensitive information, such as Social Security numbers, driver’s licenses and financial credentials.3
So while the number of breaches starts rising again, so are the stakes for the organizations, insurers and individuals caught in their aftermath.
Targets move downstream
Most enterprises today have invested heavily in their cybersecurity defenses. Breaching such hardened systems now takes far more planning and effort — yet cybercriminals often prefer using techniques that are low-effort and repeatable.
As a result, the expectation for 2026 is threat actors will continue moving down market to exploit small and mid-size organizations that typically have less robust security.
While many of these organizations operate under the misconception they’re too small to be targeted, the reality is automation enables cybercriminals to launch broad-based attacks based on known vulnerabilities. These attackers often don’t know who they’ve infiltrated until after they’re in the system — and since small businesses also collect sensitive data, they’re at risk.
In fact, smaller organizations in the healthcare sector manage some of the most sensitive personal information consumers have. That explains why healthcare continues to be one of the most heavily targeted industries.
Cybercriminals know they need specific types of personally identifiable information (PII) that can be easily monetized, so they’re targeting those details. Unfortunately, the compromise of those details results in greater damage to victims, which has a direct impact on cyber claims.
Even if data breaches are fewer and impact a smaller number of individuals, they can still lead to significant downstream expenses. Insurers should expect to see a rise in:
● Greater financial losses from fraud incidents fueled by identity theft, account takeover and synthetic identity creation
● A larger number of legal disputes stemming from damages related to financial loss, time spent remediating fraud, and emotional distress
● Increased risk of regulatory penalties as state attorneys general and federal agencies increasingly connect breaches to consumer harm
TransUnion’s research shows 20% of American consumers lost money due to email, online, phone call or text messaging fraud last year.4 The fraud amount was $4,967— a significant increase over prior years. These costs ultimately drive higher claims for cyber insurers and greater scrutiny from reinsurers seeking to limit their exposures.
What breached data predicts about future fraud
The type of data exposed in a breach is a critical predictor of future fraud patterns that insurers and risk managers should weigh when modeling risk. The following are some of the top credentials exposed in 2025 and the fraud they can facilitate.
● Full Social Security numbers enable a wide variety of serious crimes, such as opening new loans using a victim’s identity, filing fraudulent tax returns or falsely claiming government benefits.
● Driver’s license numbers open the door for legal impersonation or motor vehicle fraud.
● Checking and savings account numbers, when used in conjunction with other stolen PII, allow criminals to access financial accounts and potentially take them over by changing the login credentials.
● Payment card data can be used for unauthorized purchases, especially online. The data can also be encoded onto counterfeit cards or sold on the dark web.
● Dates of birth can help criminals gain access to sensitive accounts like financial, healthcare or social media.
● Home addresses allow criminals to use valid address information on loans or credit applications to more easily bypass initial screenings. They can also reroute legitimate mail or deliveries in order to intercept them.
● Medical history can be used to obtain prescription drugs or insurance payouts. Criminals even use sensitive medical diagnoses in blackmail schemes.
● Health insurance account numbers enable medical identity theft where criminals receive medical services or goods in the victim’s name, or the submission of fraudulent claims for services the victim never received.
All these details can also be combined with other stolen or fictious information to build synthetic identities which criminals use to perpetrate more fraud. Since some of the details for the synthetic identity are true, it makes spotting fraud more difficult.
Given all the headlines and notification letters they see, many consumers may suffer from “breach fatigue” — mistakenly believing all their personal data is already exposed. But while email addresses and phone numbers are easily obtained, high-value credentials under attack are more elusive. Once exposed, they can cause greater damage to the victim and their insurer.
The shared impact means insurers have an opportunity — if not a responsibility — to educate clients, dispel myths and offer proactive steps to protect policyholders when their sensitive information is exposed.
Increasing disputes and regulatory risk
The legal and regulatory environment surrounding data compromise is also evolving. In recent years, courts have acknowledged the theft of highly sensitive PII creates a substantial risk of harm that can justify a lawsuit, even if no fraud has occurred at the time of filing.5
What’s more, regulators and plaintiffs are becoming increasingly equipped to connect breached data to real-world fraud losses. Forensic evidence enables them to show fraudulent activities specifically occurred shortly after — and with the data exposed in — a particular breach.
Combine those trends with the fact courts are accepting class action lawsuits from small victim groups — and the likelihood of litigation following breaches is clearly on the rise, even when the number of exposed individuals is relatively small.
How should we approach 2026?
Data breaches are only escalating — in frequency, number and precision. The combination of more breaches and more valuable data exposure amplifies the potential for financial losses and reputational damage across industries.
To keep pace, the insurance industry would be wise to refine how it assesses cyber risk. This may include evaluating the sensitivity of the data an insured organization possesses, incorporating breach risk scores into assessments, and adjusting limits to align with the potential cost of breaches that expose more damaging data.
Moving forward, a proactive, data-driven strategy will be essential to contain losses and anticipate where the next wave of hyper-targeted fraud may strike.
This article is an excerpt from TransUnion’s ebook, “2026 Cyber Protection
Challenges and Opportunities.” It can be found at: https://www.transunion.com/lp/cyber-protection-challenges-opportunities.
Jim Van Dyke is senior principal, innovation, at TransUnion. He is responsible for the product vision of TransUnion’s proprietary algorithm and risk database he developed for the personalized identity and fraud risk assessment of consumer risks, including data breaches and more. TransUnion’s Cyberscout brand helps to proactively protect global policyholders from growing cyber risk.
2,3,4 TransUnion, H1 2025 Update: State of Omnichannel Fraud 5 Cooley, Second Circuit Rules Individuals Have Standing to Sue for ‘Increased Risk’ of Identity Theft, 2021
Be the first to comment