Overview
Business leaders are aware of AI-driven cyber risks and their implications. But understanding changing risk profiles to make better decisions around the management of new exposures is the key to cyber resilience, according to Aon report. Beinsure analyzed the report and highlighted the key points.
The global threat landscape has shifted rapidly, with AI-powered cyber threats—phishing, malware, and social engineering—becoming more advanced and frequent.
Yet, only 30% of surveyed organizations hold cyber insurance, leaving many exposed to avoidable financial losses.
As technology evolves, particularly through AI, new risks emerge, requiring both awareness and updated approaches to cyber risk management, including ongoing changes in insurance coverage.
Key highlights
- AI-Driven Cyber Threats Accelerate. AI has transformed cyber attacks, increasing their volume, precision, and speed. Phishing, malware, and social engineering now pose greater risk, affecting both large enterprises and mid-sized firms.
- Cyber Insurance Adoption Remains Low. Only 30% of organizations have cyber insurance, leaving most exposed to significant financial losses. Coverage often fails to reflect the value of intangible assets, which now outweigh physical assets in most firms.
- Middle Market Firms Are the Most Exposed. Mid-sized companies accounted for the largest share of cyber claims in the past year. Despite this, over half have not conducted incident response simulations, and many rely on incomplete vulnerability scans.
- Disconnect Between Awareness and Action. While cyber risk ranks as a top concern, 40% of C-suite leaders remain unclear about what cyber insurance covers. Many underestimate the financial impact of attacks or misunderstand policy terms and limitations.
- Closing the Protection Gap Requires Urgency. To address growing cyber exposures, the market must innovate at scale, improve product clarity, and expand reinsurance tools. Better education, proactive risk management, and broader SME access are critical for reducing underinsurance.
Systemic cyber security events highlighted the compounded risk stemming from increasing technology interdependencies and how quickly a cyber event can affect organizations.
Cyber Threats Surge as Insurance Gaps Widen in the Age of AI
With over 600 mn cyber attacks occurring daily, the global threat environment has shifted dramatically.
AI-powered threats—ranging from phishing and malware to sophisticated social engineering—are increasing in frequency and impact.
Alongside this, state-sponsored actors, cyber crime syndicates, and hacktivist groups continue to fuel a volatile digital risk landscape.
Insurers have responded with broader cyber coverage, offering policies that address ransomware, data breaches, and operational disruption.
Yet, most companies remain unprepared to fully quantify their risk exposure or align coverage with current digital realities.
According to Global Cyber Risk Report, third-party risk continued as a frontline issue across the year, as businesses found it increasingly challenging to protect their supply chains.
And importantly, we observed occasional misunderstandings about what cyber insurance covers – and doesn’t cover — which reflects the need for more education across the industry.
Global competition in the cyber insurance sector increased, and pricing for US-based risks declined for the tenth consecutive quarter.
In Q1 2025, the market experienced a further softening, with a 7% reduction in cyber insurance premiums. Current conditions create a favorable environment for businesses of all sizes to secure cyber coverage, especially for middle market firms that remain highly exposed.
Middle market companies accounted for the largest share of cyber claims in the previous year. From a risk management perspective, 55% of these firms have not conducted a cybersecurity tabletop exercise, while 45% have vulnerability scans that assess less than the full scope of their enterprise
Cyber incidents, changes in climate, and business interruption risks
Cyber incidents, changes in climate, and business interruption are the chief risk concerns among key marketplace segments in the insurance industry, according to survey RiskScan 2024 from Munich Reinsurance America and the Insurance Information Institute (Triple-I) reveals.
Consumers, businesses, and the insurance industry all face significant cyber threats. From businesses who are at risk of customer data breaches to digitally connected homes, we are now in a world of ever-evolving cyber risks.
Cyber risks, changes in climate, and business interruption rank as top concerns in the marketplace
Fueled by consumer responses, changes in climate—evidenced by the increasing frequency and severity of extreme weather—ranked among the top three overall risks.
Although business interruption understandably wasn’t a top concern for consumers, businesses are subjected to loss events such as extreme weather caused by changes in climate, cyber attacks, and supply chain issues that could potentially disrupt their operations.
Cyber Attack Technique – Impact
| Cyber Attack Technique | RR Likelihood | Mean SVI* |
|---|---|---|
| Network and System Attacks | 19% | -51% |
| System Exploits | 8% | -31% |
| Human Factors | 12% | -30% |
| Malware | 20% | -28% |
| Unauthorized Access and Credential Attacks | 8% | -25% |
Source: AON
CrowdStrike Outage Underscores Systemic Risk
The recent global outage tied to a faulty CrowdStrike update revealed how interconnected and fragile digital systems have become.
The disruption affected critical services across sectors, spotlighting how a single software failure can cascade through IT, OT, and IoT networks.
This event acts as a case study in systemic risk. From an insurance standpoint, it raises questions about digital readiness, resilience, and the need for adequate risk transfer strategies.
It also highlights how modern cyber threats are evolving beyond traditional breach scenarios.
This is why cyber coverage matters. It’s a modern-day policy for foreseeable modern-day events.
David Molony, Head of Cyber Solutions for EMEA
Threat actors now have the tools to exploit and manipulate large-language models, introducing a new layer of complexity.
Cyber Risk Now Outweighs Physical Asset Exposure
The shift toward intangible value has been significant. On average, the total value of intangible assets now exceeds tangible assets by 2.45%. A decade ago, this ratio was reversed.
Cyber incidents targeting information assets are now three times more likely than attacks on physical infrastructure like property, plant, or equipment (PP&E).
The disconnect between exposure and coverage is glaring. AI is reducing the barrier for entry for cyber criminals. The scale and speed of attacks are increasing, and yet, too many firms remain underinsured.
Despite this trend, insurance coverage has not kept pace. Organizations insure just 17% of their information assets, while 60% of PP&E is covered. Only 60% of companies currently express interest in buying cyber insurance.
Market Still Struggles to Engage C-Suite Decision-Makers
A major challenge lies in awareness. According to the Munich Re Global Cyber Risk and Insurance Survey, 40% of C-suite executives either don’t know cyber insurance exists or lack a clear understanding of what it covers.
Only 30% of respondents say their organization holds cyber insurance, and those that do report an average coverage limit of just $17mn—often inadequate given the financial consequences of modern attacks.
The survey, comprising over 7,500 participants from 15 countries across various sectors, underscores the escalating concerns of managers surrounding cyber security.
| % of Companies That Consider Their Cyber Insurance Coverage Sufficient | FY2024 | FY2022 | FY2020 |
| Yes | 56% | 58% | 53% |
| No | 27% | 29% | 32% |
| Unsure | 17% | 13% | 15% |
Despite heightened awareness, a staggering 87% of respondents in this group express doubts about their organizations’ preparedness against digital threats, marking a notable increase from previous years (2022: 83%).
Closing the Gap Requires Urgency and Innovation
As intangible risks grow and digital systems become more complex, the insurance industry faces a pressing question: is the market doing enough to attract and educate new buyers?
The insurance protection gap is massive. Closing it will demand more innovation—at scale—and better alignment between risk understanding and coverage solutions.
Measuring intangible assets poses significant challenges, but advanced analytics and risk modeling techniques can provide a clearer picture of potential exposures.
International cooperation and information sharing
International cooperation and information sharing between insurers, businesses and regulators are also crucial in addressing the protection gap effectively.
To further unlock growth, insurers need to make the insurance product more meaningful for buyers, while also continually adapting to the changing risk landscape. They should develop new distribution channels as well.
“Small to midsize enterprises have been historically less served by cyber insurance,” explains Rory Egan, head of Cyber & Analytics in Aon’s Global ReSpecialty, Reinsurance Solutions practice. “So, getting more policies into the hands of small and medium enterprises is going to be key.”
Reinsurance plays a key role in the growth of the cyber insurance market
Around 40 to 50% of premium is ceded to (re)insurers via proportional and non-proportional reinsurance solutions.
For the growing non-proportional component, around 15%t of capital supporting the insurance market is from third party capital providers, including cyber catastrophe bonds, cyber industry loss warranties and parametric solutions.
Proactive risk management and continuous education
Proactive risk management and continuous education are essential for organizations to stay ahead of evolving cyber threats.
By embracing these strategies, the cyber insurance market can effectively support businesses in managing their cyber risks and closing the protection gap.
Aon’s research on intangible risks shows that risk professionals see cyber loss scenarios as their key business risk, well in excess of any loss scenario on tangible assets. This is in terms of the probable maximum loss and the likelihood of occurrence at their own firm
“However, the research also suggests a perception gap exists around the tremendous value of cyber insurance as a product that can meaningfully address this risk,” says Egan.
FAQ
AI has increased the scale, speed, and sophistication of cyber threats such as phishing, malware, and social engineering. These threats now occur daily and often outpace traditional defenses, placing organizations under constant pressure to adapt.
Only 30% of surveyed organizations carry cyber insurance. This leaves the majority exposed to financial damage from cyber attacks, despite increasing frequency and impact. Most firms also underinsure intangible assets, where most cyber-related value loss occurs.
Cyber policies now include protection against ransomware, data breaches, business interruption, and third-party risk. However, many buyers misunderstand what these policies actually cover, highlighting a need for better education and clearer product communication.
Mid-sized firms remain the most vulnerable and least prepared. They account for the highest share of cyber claims, yet 55% have never conducted a cybersecurity exercise. Many also fail to scan their full digital infrastructure for vulnerabilities.
The leading concerns are cyber incidents, climate-driven disruptions, and business interruption. These risks frequently intersect, especially in digitally connected supply chains where a single cyber event can halt operations.
Despite growing awareness, 40% of C-suite leaders either lack awareness of cyber insurance or don’t fully understand it. Only 17% of information assets are insured, even though they are 2.5x more valuable than physical assets in most businesses.
Closing the gap requires more than awareness—it demands better product design, tailored coverage for SMEs, improved distribution channels, and cross-sector collaboration. Insurers must also expand reinsurance options and offer tools for proactive risk management and education.
………….
AUTHORS: David Molony – Aon’s Head of Cyber Solutions, Europe, the Middle East and Africa (Amsterdam, Netherlands), Rory Egan – head of Cyber & Analytics in Aon’s Global ReSpecialty, Reinsurance Solutions practice
