Artificial intelligence will continue to significantly change the cyber insurance landscape in 2026 by empowering attackers and defenders alike, experts say.

“AI will fundamentally reshape cyber risk—there’s no question about that,” said Maria Long, chief underwriting officer at Resilience.

This technology is assisting both attackers and defenders in operating with speed, automation and sophistication, and in the process, it’s “turning cybersecurity into an escalating arms race,” she said.

“My concern is that in this soft market, with persisting capacity growth and carriers eager for market share, the market may very well overextend with respect to affirmative AI coverage.”

Maria Long, Resilience

“AI is lowering the barrier to entry for cyber criminals, allowing even low-skill actors to expose vulnerabilities that would have previously required significant expertise,” she said.

Melissa Carmichael, head of U.S. cyber risks at Beazley, is also seeing the use of AI on both sides of the fence.

“We anticipate that hackers will increasingly use AI to enhance their capacity for automating attacks, including ransomware attacks, and we really saw that throughout 2025 and expect more of that in 2026,” she said. “But because the attackers will be using AI tools to identify vulnerabilities, it’s also all the more reason for the good guys—our policyholders—to use AI tools to do the same with the goal of preventing an attack before it happens.”

Speed Versus Strategy

Long added security gaps are creating a new category of internal risk, with emerging privacy violations generating unexpected claims around incidents that don’t fit the traditional data breach mold. These security gaps can arise when organizations are so focused on efficiency that privacy hygiene becomes an afterthought.

“Many organizations have neglected basic acceptable-use policies in their rush to deploy AI,” she said. “The problem stems from employees using AI tools without understanding the privacy implications.”

This same race for efficiency is seen in the insurance industry as insurers grapple with how to adequately cover AI risk. Competitive pressure may lead to overly broad coverage grants, creating unexpected losses and subsequent market corrections, Long said.

“My concern is that in this soft market, with persisting capacity growth and carriers eager for market share, the market may very well overextend with respect to affirmative AI coverage,” she said. “Some markets may race to offer AI coverage to gain market share, potentially before they fully understand or can adequately price the exposures they’re taking on.”

Because of the widespread adoption of AI, there is an urgency in the insurance industry to address its usage and risks, said Jonathan Selby, general manager at Founder Shield.

“Almost everybody I work with is using AI to some extent. Maybe they are not an AI company, but they have some level of artificial intelligence baked into their operating systems, and there’s risk that comes with that, right?

Jonathan Selby, Founder Shield

“Almost everybody I work with is using AI to some extent. Maybe they are not an AI company, but they have some level of artificial intelligence baked into their operating systems, and there’s risk that comes with that, right?” he said. “A lot of the insurance companies, specifically the cyber insurance companies, are starting to either affirmatively address AI risks or add specific exclusions related to AI risks.”

Coalition CEO Joshua Motta said he views AI risk as all-encompassing like cyber risk, making it challenging to insure.

“A cyber-related loss encompasses the entire known spectrum of risk. Of course, it can result in the obvious things—a data breach or a business interruption. But, you know, people have been locked out of their hotel rooms. There has been property damage,” he said. “I think of AI in the same way. It’s a peril that encompasses the entire known spectrum of risk. It will hit every known insurance policy or has the possibility to.”

Carmichael agreed, adding that this could mean some AI-related risks will see gaps in coverage as cyber insurers work to understand the right approach.

“I think the real, critical element here is understanding the physical exposure that can come from a cyber incident and that’s something that we’ve been focusing on,” she said. “How do we bridge that gap that is within property policies? Property policies, for the most part, are very limited in terms of what they will cover for a malicious cyber attack. In many cases, it’s a small supplement that’s available under a property policy for a malicious act. So, how can cyber insurance and cyber products help bridge that gap?”

“It will hit every known insurance policy or has the possibility to.”

Joshua Motta, Coalition

Insuring AI Risk

This means that 2026 could bring shifts in how AI-related exposures are covered and who bears the risk, Long said.

“We foresee a wave of coverage migration that will push AI exposures onto cyber and tech E&O policies,” she said. “At Resilience, we are taking a careful look at how to address this in the policy form, examining both frequency and severity and ensuring cyber remains relevant while protecting itself from risks it didn’t intend to cover under the cyber form.”

Motta said that while insuring AI in the current environment is unavoidable to some degree, some insurers will likely omit coverage for new exposures created by AI while the risks are still new.

“You’re certainly seeing some exclusions…so it’s going to be an interesting year to see kind of where it falls,” he said.

However, he cautioned that trying to exclude AI could be “the death knell” of cyber insurance companies, as that is now one of the greatest exposures many insureds have.

“Even if you take what cyber insurance traditionally covers—which are security failures or privacy violations—if you try to distinguish a security failure that involves AI versus not, you will have dramatically reduced the coverage that you provide to the client,” he said, “which I think would make you not competitive and would obviously destroy the value of the product.”

Long said insurers need to focus on several key areas in 2026. They need to stay up to date with AI frameworks as a guide for underwriting. They also need to pay attention to the latest regulations to calibrate expansion of coverage or to include or exclude coverage related to the enforcement of regulations.

“And remember sub-limits? These have been vastly cast to the side by the market. It’s time to bring them back into the conversation as a critical risk management tool,” she said. “We need to look at the present with an additional look into the future.”

Selby said it can also be helpful to look to the past.

“Insurance is funny because people look at insurance as this old-school, antiquated, slow-moving industry because it’s been around centuries,” he said. “But it’s funny, just because things don’t move that quickly, you look back five or 10 years, and it is very different.”

While the insurance industry has been in a soft market over the past few years, Selby sees change on the horizon.

“I think that’s going to change,” he said. “And I think a lot of it is going to be driven by increased expenses from claims and legal fees.”

Motta added that a shift will also likely occur as more people invest in technology and insurers in turn try to add value with the service they provide to consumers.

“They’re trying to become partners to organizations and not just insure them but actually help them prevent losses. That’s happening not just with the InsurTechs anymore but also the incumbents, which I think is fantastic,” he said. “From my perspective, the insurance industry has an incredibly important role to play. For a typical business owner, they’re not worrying about how to protect the land, sea and air around their business. They have the federal government or local law enforcement to do that. But there’s now this fourth domain of business activity, which is the cyber domain. That’s where the insurance industry, I think, has a role to play. We can fill that gap.”