Cyber Insurers Face New Risk as AI Accelerates Coordinated Attacks Across Sectors
Insurers are reassessing their cyber underwriting models as artificial intelligence speeds up attacks that cascade across interconnected digital systems, creating concentration risk on a scale the market may struggle to absorb.
The global average cost of a data breach reached $4.7 million in 2025, according to IBM's Cost of a Data Breach Report. Ransomware hit 59% of organizations in the past year, according to Sophos.
What concerns insurers most is not isolated breaches but systemic failures. Last year's attacks on UK retailers-including Marks & Spencer, Co-op and Harrods-showed how companies sharing similar technology stacks and suppliers can experience correlated disruption simultaneously.
How Shared Infrastructure Creates Concentration Risk
Modern organizations depend on shared platforms: SaaS software, cloud providers, identity management systems. A single vulnerability in one of these services can compromise thousands of customers at once.
Xavier Marguinaud, head of cyber at Tokio Marine HCC, said: "Many of the most significant events in 2025, including ransomware attacks, were not isolated data breaches, but disruptions that cascaded across suppliers, cloud platforms and entire sectors."
Attackers are shifting tactics away from purely technical exploits. They now target trusted relationships-stealing credentials, compromising access tokens, and exploiting third-party integrations to move through networks faster and at greater scale.
Isaac Guasch, cyber security leader at Tokio Marine HCC, said: "Attackers can now operate faster and at greater scale. An appropriate response should include disciplined identity governance, strong monitoring, token lifecycle management and structured AI oversight."
AI as Accelerant, Not Revolution
AI is speeding up reconnaissance, automating phishing campaigns and discovering vulnerabilities faster. But experts caution against treating it as a fundamentally new risk category.
Guasch said: "AI should be seen as an accelerator rather than a revolutionary threat. Most successful intrusions still rely on familiar weaknesses like credential theft or misconfigurations."
Insurers are adjusting models accordingly. Tokio Marine HCC's underwriting teams work with in-house security specialists to continuously update risk models using emerging threat intelligence. The company does not calibrate models specifically for AI.
Marguinaud said: "In most documented cases, AI accelerates or scales existing techniques rather than introducing fundamentally new loss drivers. From a cyber risk perspective, the focus remains on access control, operational resilience and dependency management."
Capital Adequacy Under Stress
The industry faces a bigger question: whether it holds enough capital to withstand a truly systemic cyber event affecting multiple sectors simultaneously.
Concentration in cloud providers, software libraries and identity platforms creates the potential for correlated losses that could test the limits of the cyber insurance market. Such scenarios are becoming more plausible, not less.
To manage this exposure, insurers are investing in modeling capabilities, stress-testing portfolios and diversifying risk across industries and geographies. External models help validate internal assumptions about aggregation risk.
Marguinaud and Guasch said: "Sustainable underwriting, realistic pricing and careful portfolio construction are essential if the sector is to remain adequately capitalized and structured to withstand a large systemic event."
Organizations can reduce their own exposure by understanding critical dependencies, reducing blast radius, strengthening identity controls and regularly testing business continuity plans. The focus for 2026 will likely shift from pure prevention to resilience.
Your membership also unlocks:
