Cyber Risk Is Getting More Complex—Here’s What Insurance Professionals Need to Know

The PLUS Cyber Think Tank highlights a cyber insurance landscape that is becoming more complex, interconnected, and long tailed, driven by evolving threats, regulatory pressure, and increasing claims severity. The key themes center on AI-driven risk, claims evolution, privacy litigation, and underwriting discipline. Key themes include:

Artificial Intelligence (AI) & Cyber Exposure

AI is rapidly moving from theoretical risk to real-world claims, including IP infringement, privacy violations, and AI-enabled cybercrime (e.g., deepfakes, social engineering). The concept of “silent AI” is also emerging, where policies may unintentionally cover AI-related exposures.

Why this matters:
Cyber professionals must reassess policy intent, exclusions, and aggregation risk, while anticipating how AI will amplify both the frequency and severity of cyber losses.

Business Email Compromise (BEC) & Funds Transfer Fraud

BEC and funds transfer fraud continue to be among the most frequent and costly cyber claims, with ongoing disputes around coverage triggers, definitions, and subrogation opportunities.

Why this matters:
Clarity in policy wording and stronger underwriting controls are essential, as these claims expose coverage ambiguity and operational vulnerabilities within insured organizations.

Privacy Litigation & Wrongful Collection

There is significant growth in non-breach privacy claims, including biometric privacy (BIPA), pixel tracking, and wrongful data collection, alongside increased legislative activity at the state level.

Why this matters:
These claims are often high-frequency and long-tail, requiring adjustments in underwriting, pricing, and claims handling strategies as cyber policies increasingly respond to privacy exposures.

Cyber Claims Trends & Litigation Environment

The cyber market is experiencing:

• Increased third-party litigation and class actions
• A growing “long tail” in cyber claims development
• Pressure on reserving and loss ratio assumptions

Why this matters:
Cyber is beginning to resemble traditional long-tail liability lines, requiring more sophisticated reserving, claims management, and actuarial modeling.

Business Interruption & Catastrophic Cyber Risk

Large-scale cyber events are driving higher-severity losses across insurance towers, raising concerns about systemic risk and infrastructure failure scenarios.

Why this matters:
Carriers must evaluate cyber as a potential catastrophic exposure, with implications for aggregation, reinsurance, and enterprise risk management.

Regulatory Environment & Ransomware

Government involvement continues to evolve, including:

• Ransomware payment scrutiny
• Sanctions compliance (e.g., OFAC)
• Expanding public entity exposure and global regulatory divergence

Why this matters:
PLI professionals must navigate regulatory compliance alongside coverage obligations, especially in cross-border incidents and ransomware response.

Forensics, Crypto & Claims Handling Complexity

There is increasing reliance on forensic vendors, crypto payment mechanisms, and compliance attestations, with limited standardization across the industry.

Why this matters:
Claims handling is becoming more technical and specialized, requiring greater coordination between insurers, vendors, and insureds, and influencing both cost and outcome of claims.

Cyber Risk Mitigation & Underwriting Discipline

Key discussions include:

• Establishing baseline security standards for insureds
• Use of active defense and proactive risk management services
• Balancing underwriting rigor vs. speed to quote

Why this matters:
Stronger underwriting discipline is critical to maintaining portfolio quality and long-term profitability, particularly in a competitive and evolving market.

Data, Claims Classification & Profitability

The industry is examining how claims are generated, categorized (e.g., BEC vs. broader fraud), and used to inform underwriting, alongside concerns about profitability in a challenging rate environment.

Why this matters:
Improved data quality and analytics enable better pricing, product development, and risk selection, which are essential for sustaining cyber market stability.

The PLUS Cyber Think Tank underscores a market transitioning from short-tail, event-driven cyber risk to a more complex, long-tail liability environment.

For PLI professionals, these topics matter because they:

• Increase claims frequency, severity, and complexity
• Blur the lines between cyber, privacy, and traditional liability coverages
• Require clearer policy language and stronger underwriting discipline
• Demand greater technical expertise in claims handling and risk mitigation
• Put pressure on profitability, reserving, and reinsurance strategies

Ultimately, success in the cyber market will depend on the ability to anticipate emerging risks, adapt coverage frameworks, and leverage data-driven insights in an increasingly volatile threat landscape.

Thank you to the PLUS Cyber Think Tank for their continued insights that help shape the content PLUS provides throughout the year.

• Dena Cusick, HUB International
• Joe DePaul, Iron Gate
• Sian Dircks, Sompo International
• Nick Economidis, Crum & Forster
• Ria Iizuka, RPLU, AXA XL
• Kelly Lee, Ascot
• Stu Panensky, Pierson Ferdinand
• Paul Reyes, Swiss Re
• Mark Sadler, Great American
• David Shannon, Marshall Dennehey
• David Standish, Liberty Mutal Insurance
• Nathan Thomas, RPLU+, CPLP, Resilence
• Douglas Thompson, Everest Reinsurance Company

Do you have a Cyber-related content idea? Share your ideas at any time by submitting the PLUS Content Idea Form.

Submit Your Idea