Ransomware attacks are rising sharply while artificial intelligence is accelerating how quickly cyber criminals can prepare attacks, brokers have been told.
Experts speaking during a recent webinar hosted by cyber specialist insurer CFC warned the threat landscape is evolving rapidly even as insurance markets begin to stabilise.
The session, titled The Inside Cyber Scoop: What brokers need to know in 2026, explored market dynamics, emerging risks and opportunities for brokers as adoption of cyber insurance remains relatively low outside the US.
Jason Hart (pictured left), managing director of proactive & global cyber security services, said ransomware activity is continuing to rise, alongside other cybercrime such as business email compromise.
“If we look at FY25 compared to FY24, there was roughly a 33%, 34% year-on-year increase with ransomware,” he said.
The rise is being driven partly by ransomware-as-a-service models that allow less technically skilled actors to participate in cybercrime.
“Cyber criminals are basically creating affiliate programs,” Hart said. “The barrier to entry for a less skilled individual to have really deep cyber knowledge or coding knowledge can just literally go on and be an affiliate of one of these programs.”
Automation and artificial intelligence are also helping attackers scale operations, while data extortion tactics are becoming more common.
“Many groups now are skipping the encryption and just stealing the data from clear text within that organisation and using that,” Hart said.
While artificial intelligence has dominated cybersecurity headlines, Hart said its main impact so far has been accelerating existing attack methods.
Historically, identifying an attack path into an organisation could take months or even years.
“What if I was to tell you now I could do that in five milliseconds using a simple tool as ChatGPT,” Hart said.
AI tools can rapidly identify external assets, map vulnerabilities and generate targeted phishing campaigns.
“It’s just evolution,” he said. “It’s the ability to collate the information and act upon the information to conduct the attack.”
James Burns (pictured centre), global head of cyber, said the cyber insurance market has matured to the point where it can no longer be viewed as a single global ecosystem.
“It’s actually really difficult to talk about the cyber market as if it’s one cohesive ecosystem anymore,” Burns said.
The US market remains highly competitive, with dozens of active cyber insurers placing sustained downward pressure on pricing. “Cyber loss activity has ticked up, which means that US cyber portfolios have been getting less and less profitable,” Burns said.
Some insurers are now expanding internationally into markets including the UK, Europe and Australia, increasing competition in those regions.
Softer pricing has also helped improve accessibility for smaller businesses, Burns said.
The discussion also highlighted how disruption affecting large organisations can cascade through supply chains and create significant pressure for smaller businesses.
Burns pointed to disruption affecting Jaguar Land Rover’s UK operations last year as an example. “When JLR stopped producing vehicles, they also stopped placing orders with around 700 of their suppliers,” he said.
Many of those companies had only days before they ran out of cash, prompting the UK government to guarantee up to £1.5 billion in loans to support affected firms. “It’s not an over-exaggeration to say that supply chain risk in very specific circumstances can be an existential threat to small businesses,” Burns said.
Despite rising threats, adoption of cyber insurance remains relatively low outside the United States. Kelly McGuinness (pictured right), national cyber, tech and pro-development leader for Canada, said there remains significant room for brokers to expand coverage among clients.
“There’s just a lack of awareness and a lack of willingness to have difficult conversations to a certain degree,” McGuinness said.
Brokers who successfully place cyber insurance often help clients visualise realistic claim scenarios.
“If brokers take the time to know what the client’s exposures are and walk them through a claim situation for their specific company, they help to make what’s perceived to be intangible risk a little bit more tangible,” McGuinness said.
Cyber risk is becoming an increasingly central advisory issue for brokers as threats evolve and adoption of cyber insurance remains uneven.
