The cyber insurance market is seeing one of its softest phases in years, with premiums dropping and policies becoming easier to get. But industry experts warn this doesn’t mean cyber risks are getting any safer. In fact, the opposite is true. While there’s plenty of capacity and competition among insurers, threats driven by artificial intelligence (AI) are increasing faster than cybersecurity defenses can keep up.
Maria Long, chief underwriting officer at Resilience, explains that although premiums are falling, it’s not because cyber incidents are less risky. The market has more players willing to write policies, which pushes prices down. However, AI-powered attacks are evolving quickly, making older security measures less effective. What was considered strong protection 18 months ago may no longer be enough.
Between 2020 and 2022, insurers tightened rules after a wave of ransomware and email fraud attacks. Businesses had to adopt stronger security like multi-factor authentication, encryption, and incident response plans. These steps helped improve cyber hygiene and reduced losses. But now, AI is being used to create sophisticated phishing scams and deepfake audio and video, making it harder to spot threats. Employee training and email filters alone aren’t cutting it.
Resilience’s recent data shows that social engineering—tricking people rather than hacking tech—made up 57% of cyber claims and 60% of losses in the first half of 2025. Attackers often impersonate executives using AI-generated voices or videos, bypassing technical defenses completely.
Manufacturers are especially vulnerable. Many rely on outdated systems they can’t easily replace without stopping operations. These legacy setups weren’t built with cybersecurity in mind, making them prime targets for AI-driven attacks. As IT and operational technology connect more, cyber incidents now risk causing physical damage, not just data theft or downtime.
Long cautions that with the market soft, some insurers might lower standards to attract more clients. She stresses that this must be avoided. Underwriters need firm guidelines to refuse risky business and focus on quality over quantity. It’s about steady profit, not just chasing bigger premiums.
Brokers also have a role to play. Long says it’s not just about finding the cheapest coverage but the right coverage. Brokers should help clients understand how much risk to keep, how much to reduce, and how much to pass on through insurance. Resilience offers not just policies but also security services to help businesses improve their cyber defenses. Encouraging clients to use these tools can lower risks, not just insure against losses.
Long concludes by saying the industry has to look beyond today’s ample capacity. Without strict underwriting and better protections against AI threats, losses will rise and the market will harden again. For now, the soft market may feel good on the surface, but it hides growing dangers beneath.