UK Cyber Insurance and Security News: June 2026

Three threads run through the past two weeks: patching pressure, enforcement against ransomware crews, and a cyber insurance market that keeps getting cheaper while quietly getting harder to claim against. Here is what happened between roughly 4 and 18 June, and what it means if you buy cover or hold Cyber Essentials.

Microsoft ships its biggest ever Patch Tuesday: 208 fixes and an exploited zero-day

Microsoft’s June 2026 Patch Tuesday on 9 June fixed a record 208 vulnerabilities, the largest single update since the programme started in 2003. Among them was CVE-2026-41091, a Windows Defender elevation-of-privilege flaw already being exploited in attacks, plus 33 critical issues including remote code execution bugs in Hyper-V and a BitLocker bypass. For a small business the lesson is the one insurers keep repeating: a patch backlog is now a claim risk, not just an IT chore. Cyber Essentials gives you 14 days to apply high-severity or critical fixes, and underwriters increasingly check this through external scans rather than your word, so an unpatched internet-facing box can sink both your certification and a future claim. Our Cyber Essentials patch deadline calculator works out your 14-day clock. Details at BleepingComputer.

Conti ransomware operator pleads guilty after extradition

A 44-year-old Ukrainian national, Oleksii Lytvynenko, pleaded guilty in mid-June to wire fraud conspiracy over his role in the Conti ransomware operation, which the FBI links to at least $150 million in ransom payments and attacks across 47 US states and 31 countries. He was extradited from Ireland and built a malware “loader” that delivered Conti to more than 1,000 networks. Prosecutions like this rarely stop the wider ecosystem, but they show that extradition and long sentences are now realistic, which is part of why UK policy is moving towards a ban on ransom payments by public bodies. The practical takeaway for buyers is unchanged: assume you will not get your data back by paying, and check that your policy funds incident response, forensics and business interruption rather than just a ransom line. More from Help Net Security.

Cyber premiums keep falling, but more than 40% of claims are now denied

Reporting in mid-June reinforced an uncomfortable split in the market: premiums are still soft, with some forecasts pointing to a further fall through 2026, yet more than 40% of cyber claims are being denied. The leading reason is not an obscure exclusion but material misrepresentation, where a forensic review after a breach finds that the controls you attested to on the application, most often MFA, were not actually in place everywhere. Carriers are increasingly running external attack-surface scans during underwriting instead of trusting self-attestation. The buyer’s defence is simple and free: answer the proposal form precisely, deploy the controls fully before you sign, and keep evidence. Read what cyber insurance covers and excludes before your next renewal. Analysis at Insurance Business.

Social engineering and funds-transfer fraud stay the underwriter’s worry

The same reporting flagged what is keeping cyber underwriters up at night: AI-assisted social engineering, business email compromise and authorised-push-payment fraud, where the loss comes from a tricked employee rather than a hacked server. These claims are growing in frequency and severity, and many standard policies cover them only partially or with sub-limits. If your business pays invoices or moves client money, treat social engineering and funds-transfer cover as a line to negotiate, not an afterthought, and pair it with call-back verification on payment changes. Our guide to social engineering and BEC cover explains where the gaps usually sit. Background at Insurance Business.