AI is changing everything and that means a new approach to risk when it comes to cyber;
Underwriting and modeling approaches for cyber may need to evolve as AI is reshaping cyber risk by increasing the speed, scale, and coordination of attacks, says CyberCube, the leading provider of cyber risk analytics.
CyberCube’s H1 2026 Global Threat Briefing, ‘AI Risk Landscape: Implications for Cyber (Re)insurance’, notes that threat actors are exploiting common security gaps more quickly, particularly identity misconfigurations and unpatched systems.
William Altman, Director of Cyber Threat Intelligence Services and report author, said: “AI is compressing the cyberattack lifecycle, reducing the time threat actors spend between initial compromise and operational disruption, and in some cases enabling impact to occur before detection and containment are effective. As a result, recovery capability may become a more important determinant of business interruption (BI) loss severity than traditional preventative controls.
“As AI becomes more deeply embedded in critical business operations and increasingly concentrated across compute infrastructure, hyperscale cloud platforms, and foundation model providers, the potential for portfolio aggregation risk may rise. This reflects the tightly coupled nature of the AI supply chain, where dependencies on a small number of dominant providers create shared points of exposure across insureds. This increases the likelihood of correlated losses rather than isolated events, particularly as AI systems take on greater roles in automation, decision-making, and operational control.”
The report says underwriting can adapt by:
-
Focusing on identity security and patch latency as primary drivers of how attacks propagate and convert into loss
-
Evaluating recovery capability as a key determinant of business interruption (BI) severity, not just detection and containment
-
Underwriting directly responding to the governance of AI agents, including permissions, API scope control, logging, and segregation of duties.
The research also calls on cyber catastrophe and aggregation risk modelers to begin incorporating AI risk dynamics into their work, noting that such analysis will become increasingly necessary if AI evolves from an augmentative capability into core operational infrastructure. In that scenario, dependencies across compute, cloud, and model providers could act as shared points of failure, requiring explicit modeling of how disruptions at these layers might propagate across insured portfolios and generate correlated, cross-sector losses.
A copy of CyberCube’s report is attached. CyberCube hosted a webinar outlining the key findings of the report, which can be viewed here.
Be the first to comment