The cyber insurance market is undergoing a significant transformation, driven by the rapid growth of digital threats and the complexities introduced by artificial intelligence (AI). According to Munich Re, the market is projected to reach approximately $16.3 billion in global premiums by 2025. Insurers are grappling with new challenges posed by AI-driven risks, leading to pivotal changes in policy coverage.

Market Growth and Stabilisation

Over the past five years, cyber insurance premiums have nearly tripled, with expectations that they will reach $29 billion by 2027. The increasing reliance on digital technologies fuels this growth. However, the market stabilised on rates by 2025 due to heightened competition, which also led to higher limits and enhanced services. Interestingly, ransomware payments have decreased as fewer victims opt to pay. The focus has shifted towards addressing supply chain vulnerabilities and non-breach privacy claims, such as wrongful data collection, prompting stricter underwriting practices. In recent periods, Beazley has scaled back its exposure, citing elevated claims costs. At the same time, two of its largest US rivals, Chubb and AIG, have maintained or expanded their portfolios—highlighting the volatility and divergent strategies in this still-maturing sector.

Evolving Cyber Threats

The landscape of cyber threats is continuously evolving, with ransomware attacks rising by 25% in 2024. Data exfiltration incidents have doubled, and high-profile cases like the Change Healthcare breach have resulted in billions in losses from outages and business disruptions. UK cyber insurance claims tripled in 2024, with insurers paying out at least £ 197 million compared to £ 60 million the previous year, according to the Association of British Insurers. This surge came before high-profile attacks on major retailers like Harrods and Marks & Spencer, as well as on the manufacturer Jaguar Land Rover.
AI has exacerbated these threats by automating phishing and zero-day exploits (unpatched vulnerabilities that vendors have had zero days to fix before attackers weaponise them). At the same time, nation-state actors target critical infrastructure using sophisticated tactics. Supply chain attacks highlight systemic weaknesses, further complicated by cloud misconfigurations.

AI and Agentic AI Exclusions

As artificial intelligence technologies advance rapidly, insurers are increasingly grappling with how to manage the complex and unpredictable liabilities these systems introduce. Leading carriers such as AIG, WR Berkley, Chubb, and Great American have begun introducing exclusions targeting AI-related risks within their cyber insurance policies. Their actions reflect growing concern about emerging exposures, including AI hallucinations, algorithmic bias, data integrity failures, and the unpredictable behaviour of autonomous or agentic AI systems. Traditional cyber coverage was not designed to address these nuanced risks, which often blur the line between operational failures, professional negligence, and technology malfunction. Consequently, many insurers are shifting responsibility for such losses toward errors and omissions (E&O) policies, fearing the potential scale of future claims that could reach billions of dollars if AI-related incidents trigger systemic market or reputational impacts.

Implications for Businesses

Businesses face mounting challenges in the evolving cyber insurance landscape, where AI and agentic AI exclusions in standard cyber policies create significant protection gaps. To secure favourable terms, companies must prioritise robust security investments, such as multi-factor authentication, zero-trust architectures, and AI-specific incident response plans, while conducting thorough third-party vendor audits. Emerging standalone AI liability products provide targeted coverage. Chaucer Group, in partnership with Armilla AI, launched a third-party liability policy in 2025 covering AI, while QBE North America introduced AI-focused cyber coverages for regulatory fines and LLMjacking (a type of cyberattack in which threat actors use stolen credentials to access cloud-hosted large language models (LLMs)). Still, surging premiums and stricter regulatory mandates are inflating overall costs. Proactive risk management, including comprehensive policy reviews and diversified insurance strategies, is essential to mitigate liabilities and maintain operational resilience amid these shifts.

Conclusion

The cyber insurance industry is at a crossroads, facing the dual challenges of escalating cyber threats and the unpredictable nature of AI technologies. As insurers retreat from covering AI-related risks, businesses must adapt by strengthening cybersecurity measures and carefully evaluating their insurance policies to ensure comprehensive coverage in this rapidly evolving environment.