What has changed in the cyber claims landscape

Cyber risk is no longer just an external problem

Cybersecurity threats evoke the image of teams of ruthless and sophisticated hackers trying to break into a company’s servers. That possibility remains a viable and significant threat to companies. But a growing risk to companies comes from the decisions and mistakes they make internally.

Munich Re’s claims data showed that 25% of cyber incidents in 2024 were non-malicious, up from 18% the year before and 11% in 2021.

Companies often incorrectly assume that traditional cyber policies cover these claims.

For example, pixel tracking — a technology that collects behavioral and sometimes sensitive data from website visitors — can lead to accusations of wrongful data collection. As wrongful collection lawsuits have soared, particularly in 2025, carriers have pulled back on coverage for pixel tracking losses. Companies can find coverage, but insurers have grown cautious about their exposures to these claims. Cyber insurers view pixel tracking risks as the result of decisions companies make rather than as accidents or threats to businesses.

Similarly, copyright infringement — an escalating risk thanks to social media, influencers, and AI — amounts to a governance-driven loss. A policyholder accused of misappropriating another’s protected work may be an accident or because of carelessness, but it was a decision made by someone nonetheless. Cyber policies in the U.S. often provide varying levels of coverage for these media-related losses. Coverage has historically been less common in international markets, but carriers have been increasingly willing to include it.

Even where external attacks occur, human decision-making is at the core of some of cybersecurity’s biggest losses. An example of this is social engineering fraud (SEF). A threat actor could impersonate a corporate executive to convince an employee to transfer funds improperly. Though the employee is tricked, they still make the decision to transfer funds, which complicates coverage triggers and recovery.

AI as a force multiplier

In 2004, the U.S. Federal Trade Commission (FTC) issued advisories and testified before Congress to warn about mysterious emails where the sender purported to be the prince of a Nigerian royal family and promised the recipient fortunes if they first sent the sender their bank account information.

Today, these types of scam emails are the butt of help desk jokes and a callback to a comparatively primitive era of cyber threats. Information technology desks used to warn company staff against clicking on links in emails that featured elementary misuse of grammar, diction, and syntax.

With AI, however, threat actors can craft phishing emails that lead to system compromises with polished English and convincing graphics that can fool even the most cautious employees.

Hackers can use AI in several ways beyond phishing emails. They can use increasingly sophisticated technology to exfiltrate data, examine it quickly to identify sensitive records, and use it for ransom or extortion or to carry out more menacing threats. Attackers can use AI to evade security controls like antivirus software and endpoint detection and response, and ransomware threat actors can use large language models (LLMs) to conduct successful payment negotiations and apply pressure to their targets.

Moreover, AI helps criminals execute cyberattacks on an industrial scale.

AI’s influence in cyberattacks manifested itself globally in 2025

Increase in attacks from adversaries using AI.

An average breakout time of 29 minutes — a 70% reduction since 2021 — with the fastest breakout time of 27 seconds.

New adversaries identified and tracked by CrowdStrike, bringing the total to 281.

Source: CrowdStrike

For businesses, AI-enhanced cybersecurity threats can lead to increased litigation risks, reputational harm, and significant losses.

Regulators have been slow to establish AI guardrails.
Fierce competition among developers means there are few incentives to rein in troubling aspects of their ever-advancing models.

Ways AI is increasing cyber threats

01 RANSOMWARE

Whereas ransomware gangs once required considerable technical skill and tactical know-how to breach systems, purloin data, and issue ransom demands, AI allows modestly sophisticated attackers to deploy effective attacks. LLMs can craft evasive malware.

02 PRIVACY, DATA, & ERRORS & OMISSIONS RISKS

AI increases the risk of inadvertent data and privacy disclosures. Some AI applications and LLMs are free or cheaply available for anyone to use. An employee who uses one of these applications and inadvertently uploads sensitive company data poses a significant non-data-breach privacy risk.

03 BUSINESS EMAIL COMPROMISE (BEC) & FUNDS TRANSFER FRAUD

AI can conduct research to help attackers craft emails or voicemails that mimic a specific person’s writing or voice, leading to convincing impersonations. These impersonations can instruct others within an organization to transfer funds to a criminal’s account. Deepfake videos can achieve the same level of deception.

04 MEDIA & INTELLECTUAL PROPERTY RISKS

Beyond malicious attacks, AI adds to existing intellectual property infringement and defamation risks. AI developers train LLMs on human-generated writing, videos, sounds, and imagery. Using these tools to produce content can result in unauthorized reproduction of copyrighted works, images, and likenesses, giving rise to intellectual property claims. AI models also hallucinate or turn up incorrect information, which can defame people or businesses if published without verification.

Geopolitical tensions heightening cybersecurity risks

Geopolitical friction, strained alliances, and full-blown conflicts have destabilized the international community in recent years. International discord has led ideologically motivated hacktivists to open new frontiers in global conflicts by infiltrating corporate systems and disrupting operations, less for financial gain and more to make a point.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned this spring that Iran-affiliated actors targeted internet-connected operational technology devices in U.S. government critical infrastructure facilities, including energy and water facilities. CISA’s advisory indicated that the threat actors targeted widely used industrial automation products developed by the Rockwell Automation brand Allen-Bradley.

Several data-wiping attacks, in which hackers erase company data to disrupt operations, have occurred alongside the U.S.-Iran conflict. A U.S. healthcare company in March had data wiped from tens of thousands of company devices. An Iran-affiliated group claimed responsibility, but the provenance of the attack has not been confirmed.

A 2025 incident illustrated the perils of ideologically driven cyberattacks. Russia-affiliated hackers took advantage of weak passwords to gain control of water valves at a Norwegian dam and increase water flow by 500 liters per second. This lasted for four hours but was brought under control before the attack posed a public safety threat.

Organizations responding to the World Economic Forum’s Global Cybersecurity Outlook 2026 survey identified geopolitically motivated cyberattacks as the top factor they consider in their overall cyber risk mitigation strategies. The same report noted that 31% of respondents lack confidence in their home country’s ability to respond effectively to major cyber incidents, up from 26% in 2025.