AI is Not the Enemy: Five Key Drivers of Cyber Claims in 2025
Artificial intelligence (AI) often grabs headlines as a major cyber threat, but that’s a misunderstanding. AI itself isn’t a standalone risk; it amplifies existing vulnerabilities across organizations. The real cyber claim drivers for 2025 are more complex and systemic.
Here are the five primary factors shaping cyber claims and the insurance landscape.
1. Non-Breach Privacy Claims: The Sleeper Risk
Cyber claims related to privacy used to focus mainly on data breaches—unauthorized access and data leaks. That has shifted. Regulators now scrutinize how companies handle data even when no breach occurs. This includes data collection, storage, usage, and sharing practices.
Legal actions are increasing around issues like pixel tracking and violations of the Video Privacy Protection Act (VPPA). Even older laws are seeing renewed use as plaintiffs explore new privacy concerns. In 2024, over 2,000 cyber-related claims were logged, with about 75% unresolved and many involving non-breach privacy issues.
These cases often take longer to resolve than fast-moving incidents like ransomware. Courts are increasingly allowing these claims to proceed, expanding exposure beyond typical sectors like media and healthcare.
2. Supply Chain Incidents: The New Normal
Supply chain risks have grown since the SolarWinds attack in 2020. Recent vulnerabilities such as MOVEit and breaches involving Change Healthcare, CrowdStrike, and Oracle highlight how vendor-client dependencies create widespread impact.
These events trigger operational disruptions and multiple insurance claims across industries. While reinsurers have flagged systemic risks, losses so far haven’t forced major changes in underwriting or policy terms. However, awareness is increasing, and both insurers and clients prioritize managing vendor risk more closely.
3. Evolving Threat Actors: Smarter, Faster, Global
Cybercriminal groups are becoming more sophisticated and adaptable. Groups like Scattered Spider, responsible for recent ransomware attacks on UK retailer Marks & Spencer, show how attackers evolve, relocate, and reemerge with new tactics.
These actors use advanced tools and social engineering to bypass defenses. The insurance market responds by encouraging stronger endpoint security, multi-factor authentication, and incident response planning. Yet, attackers continue to find fresh ways to breach defenses.
4. Non-Malicious Events: When Accidents Cause Chaos
Not all cyber incidents are deliberate attacks. In 2024, a software update error by CrowdStrike caused major outages worldwide. This incident shifted the conversation—cyber policies cover unintentional or non-malicious events, not just hacks.
This raised awareness among insureds about coverage for accidental disruptions. Well-crafted policies can provide protection here, making this an important area for risk managers and brokers to address.
5. AI as an Amplifier, Not a Standalone Risk
AI technologies intensify existing cyber risks rather than creating entirely new ones. From deepfakes targeting executives to AI-driven phishing and synthetic identity fraud, AI acts as a force multiplier.
Most organizations use commercial AI tools layered on current operations, which means AI magnifies vulnerabilities related to privacy, supply chains, criminal activity, and human error. True risk arises when developing AI models themselves, but for most, AI increases exposure on familiar fronts.
Is the Cyber Insurance Market Ready?
The cyber insurance market has adapted and remained resilient despite rising claim severity and complex risks. Underwriting has improved, and clients, especially mid-market and enterprise, are more informed about cyber threats than five years ago.
The market hasn’t overreacted to losses, and coverage changes have been measured. Collaboration between insurers, brokers, and clients has increased, with more focus on clear policy language and risk governance beyond ransomware scenarios.
Still, discomfort with cyber risk persists. Brokers play a crucial role helping clients become confident managing risks that continue to diversify and grow.
For insurance professionals looking to deepen their understanding of AI’s impact on cyber risk, exploring targeted AI courses can provide valuable insights. Platforms like Complete AI Training offer relevant resources for practical skill-building.
```Your membership also unlocks:
