Ransomware ballooned as a threat in 2020, with ransom demands dramatically rising; attacks growing more frequent; and nearly half of all extortionists stealing data or destroying backups on top of paralyzing computers. Insurers are scrambling to handle the volume of claims and the increase in payout amounts. Facing losses from ransomware coverage, they are more aggressively challenging policyholders on claims. That pushback includes insurers contesting victim firms’ submitted business losses and IT damage and sometimes seeking privileged materials about the firm’s compliance efforts, reported panelists at a recent Incident Response Forum session. Insurers have also intensified demands that policyholding firms improve their cybersecurity controls, said Acrisure’s national cyber risk practice leader Adam Abresch. This article distills the insights offered by Abresch and other cyber insurance leaders during the panel, as well as in our conversations with them, including questions that firms should ask insurers about coverage before and during ransomware incidents; how to navigate claims negotiations; and how insurers have increased scrutiny of firms’ ransomware prevention efforts. See “Identifying and Preventing Ransomware Attacks” (Oct. 15, 2020).