Postcard from NetDiligence: Overcapacity, AI and Akira dominated the hallway talk
Insurers, brokers, investors and cybersecurity leaders met in Philadelphia to size up what's next for cyber risk. Three themes cut through every panel and hallway chat: too much capacity chasing premium, AI's growing role on both sides of the ball, and concerns about Akira's sustained activity.
Overcapacity is testing underwriting discipline
More carriers and MGAs are leaning in. Larger lines, broader appetites, and sharper competition are pushing on price and terms. It's tempting to grow. It's also where portfolio drift starts.
Guardrails that held up the market in 2022-2023 still matter. Keep ransomware coinsurance where warranted, hold sublimits for dependent business interruption and system failure, and resist creeping limits on vendor-driven exposures. Clean accounts deserve credit; they don't need giveaways.
Claims remain noisy: business email compromise, third-party breaches, and extortion keep loss costs elevated. The scoreboard rewards attachment point discipline and clear triggers over flashy growth.
Rates and terms: precision over broad moves
Rate relief on clean renewals is common, but loss-hit and control-light risks still need corrections. Use data to tier accounts, not anecdotes. Calibrate deductibles and event aggregates to vendor concentration and credential hygiene, not just revenue bands.
AI: threat amplifier and control multiplier
Attackers are using AI to write better phishing, clone voices, and speed up reconnaissance. On the defense side, teams are improving detection, workflow, and IR speed with the same tools. Exposure depends on use cases, data flows, and vendor choices-not slogans.
Underwriting questions that cut through the noise:
- What AI use cases touch sensitive data? Is data isolated, masked, and logged?
- Are vendors using third-party models? What are the SLAs, indemnities, and audit rights?
- Are prompts/outputs filtered for secrets and PII? Are model actions permissioned and reversible?
- Are deepfake-resistant payment callbacks in place for finance and HR?
If you need a common language for controls and governance, the NIST AI RMF offers a solid baseline.
Akira is still a problem
Akira's playbook is familiar: credential theft or weak remote access, quick network discovery, data exfiltration, then double extortion. Mid-market targets feel it most, but larger firms aren't immune. Severity is driven by downtime, restoration, legal work, and negotiation time, not just any payment.
Controls that move the needle:
- Enforce phishing-resistant MFA everywhere, especially VPN and RDP; kill legacy protocols.
- EDR with behavioral rules and 24/7 monitoring; contain at first alert, not after forensics.
- Offline, immutable backups with regular restore tests; segment the blast radius.
- Privileged access management and rapid patching for internet-facing services.
For reference, see CISA's joint advisory on Akira: Stop Ransomware: Akira.
Portfolio watch-outs for the next two quarters
- Capacity drift: Track average limit deployed, attachment points, and ransomware coinsurance use by segment.
- Vendor concentration: Map SaaS, MSP, and cloud dependencies; set aggregate caps by provider and region.
- Wording hygiene: Align war/hostile-act clauses, widespread event sublimits, system failure triggers, and social engineering verification warranties.
- Funds transfer fraud: Expect more deepfake voice/video; require out-of-band checks and named-counterparty controls.
- Disclosure pressure: Public companies need tight incident materiality playbooks and board briefings.
Actions for insurers and brokers now
- Refresh control minimums: phishing-resistant MFA, EDR with MDR, privileged access control, offline backups, and email authentication (SPF/DKIM/DMARC).
- Right-size limits: tie to revenue, data footprint, vendor reliance, and recovery time objective-not just peer benchmarks.
- Quote structure: use sublimits and coinsurance for ransomware and dependent BI instead of blanket declines.
- Pre-bind services: scanning, attack-path reviews, and payment-fraud drills for SMEs; reward participation with deductible credits.
- IR readiness: confirm panel vendor contracts, contacts, and 24/7 routes before day one; run a joint tabletop.
- Data loop: push post-incident findings back into underwriting questions within 30 days.
Team skills: closing the AI literacy gap
Underwriters and claims teams need consistent AI fluency to ask better questions and spot weak control stories. If you're building a training plan, see role-based options here: AI courses by job.
Why this conference still matters
NetDiligence brings together the people who write, place, and respond to the risk. If you missed it, skim agendas and mark sessions that match your portfolio issues: NetDiligence Conference. Then turn two ideas into actions within your next renewal cycle.
Enjoy Ad-Free Experience
Your membership also unlocks:
