Generative artificial intelligence (gen AI) has supercharged both attackers and defenders in the cyber arena.
Amid this AI arms race, insurers are facing a dangerous moment. Industry leaders at the Insurance Innovators Summit in London this week warned that soft market conditions in cyber are threatening to dilute underwriting standards.
Speaking on a panel focused on AI and cyber risk, experts from Marsh, Tokio Marine and Markel said the cyber threat environment is evolving faster than traditional insurance models can track, creating a widening gap between the pace of innovation in cybercrime and the controls in place to prevent it.
“There isn’t one single critical threat anymore… the list is getting longer,” said Kelly Butler (pictured, second from left), managing director and head of cyber for the UK at Marsh Specialty.
“Ransomware and extortion remain number one, but we’re also seeing cloud identity compromise, software and services supply chain attacks becoming more prevalent, AI-enabled social engineering, and nation-state attacks increasingly targeting operational technology.”
Panelists agreed that generative AI has made phishing and credential-theft campaigns more convincing, faster to deploy and harder to detect. Daljitt Barn (pictured, second from right), global head of cyber risk at Tokio Marine, said attackers are now using AI to automate phishing at scale.
“We’re now seeing carriers use AI to continuously scan insureds’ environments and flag unpatched vulnerabilities,” Barn said.
The cyberattack on UK retailer Marks & Spencer earlier this year was raised repeatedly as a warning for large corporates.
According to Barn, the attackers bypassed traditional perimeter controls and gained access by exploiting the company’s help desk function to generate fresh credentials.
“Even the biggest corporates struggle with identity governance: understanding what users are doing, how credentials are being created, and what happens when people change roles,” said Barn. “The positive thing is that M&S did have insurance, which helped. But what insurers and boards now look at is not just ‘Are we covered?’ but ‘How fast can we recover?’ The restoration phase is becoming more important.”
Matthias Schneider (pictured, rightmost), chief risk officer at Markel, said the M&S incident reinforces the need for liquidity planning and resilience testing.
“Restoration time is critical. Organizations need to stress test how much they can absorb financially during an outage,” he said. “Insurance is part of the solution, but not the only one.”
Despite rising loss activity, cyber insurance is slipping into a softer market cycle, bringing concerns that this could encourage insurers to relax minimum security requirements.
“There’s a lot of competition and a lot of hungry people wanting to write cyber insurance,” said Butler. “Some of the hygiene is being forgotten about. That’s dangerous.”
She argued that the most sustainable carriers will be those that embed threat intelligence, monitoring tools and hands-on risk advisory rather than simply offering cheaper premiums.
Barn echoed that view, noting that the industry learned “painful lessons” from the last hard market. “Even though the market is soft right now, most carriers learned hard lessons in 2019–2021 and are trying to offer services, not just policies,” he said. “The better tools are now threat-intelligence-led.”
All three speakers agreed that the future of cyber underwriting depends on real-time intelligence, not historical claims data.
“Cyber doesn’t behave like property or casualty – by the time you collect the data, the risk has already changed,” Butler said. “We need continuous monitoring, AI-driven predictive models and rapid communication to the client."
Schneider added: “In Germany, for example, we’re already seeing improvements in how risk is understood and documented. Better data enables better AI, because AI needs high-quality training inputs. That’s what will drive better outcomes."
