Cyber risks are growing faster and hitting harder than before, and many current insurance plans just don’t cover the full scope of the damage anymore. This new reality is pushing companies to rethink how much protection they need and what kind of policies they buy.
Andy Lea, chief insurance officer at Embroker, recently shared some insights on this shift. He pointed out that it’s not just about theory anymore—businesses actually face more risks from more attackers using more ways to break in. Because of that, companies require bigger insurance limits and up-to-date policy language to truly safeguard themselves.
A big challenge is that artificial intelligence (AI) is changing how cyberattacks happen and how quickly damage spreads. Tools like voice cloning and automated phishing make it easier for criminals to trick people and cause losses faster than ever. So, it’s not enough to just have protection for typical breaches; coverage needs to keep up with these new threats and their costs.
Lea also emphasized that insurance policies from the past often don’t consider newer attack methods or emerging costs, which can leave businesses exposed in unexpected ways. That means having the latest policy details is just as crucial as the price.
One area gaining attention is AI-driven social engineering—where attackers use AI to fool people rather than hacking systems directly. Lea said that strong procedures and awareness are just as important as technology in fighting these attacks. Brokers and insurers are playing different but important roles here: brokers help businesses present their risk well to underwriters, while carriers offer guidance and services before any breach happens.
Another factor is “technology debt.” Newer tech companies tend to have less of this because they use modern, cloud-based systems with strong cybersecurity tools. They usually face fewer and smaller claims. But older companies struggle with outdated systems that are expensive and tough to protect. Many don’t realize how much this adds to their cyber risk and costs.
On top of cyber insurance, AI is also forcing companies to look at professional liability coverage. When firms use AI as part of their services, regular cyber policies often don’t fully cover mistakes or errors related to AI. Lea noted that some professional liability policies may cover AI by default, but this isn’t always clear, and there are some exclusions. To address this, Embroker has created policy endorsements that clearly include AI risks, so companies can be confident their protections are solid.
Looking forward, AI will likely impact not only attacks but also how insurance companies assess and monitor risk. Processes like submitting applications and ongoing monitoring may become more automated. For growing businesses, this means understanding how insurers see and track their risk will be just as important as buying coverage.
In today’s fast-changing cyber world, one thing is clear: companies need strong limits, modern policies, and a good grasp of how their technology choices affect their risk. Without this, they could be leaving themselves open to big losses they never saw coming.