CyberCube’s H1 2026 Global Threat Briefing, 'AI Risk Landscape: Implications for Cyber (Re)insurance', notes that threat actors are exploiting common security gaps more quickly, particularly identity misconfigurations and unpatched systems.
William Altman, Director of Cyber Threat Intelligence Services and report author, said: “AI is compressing the cyberattack lifecycle, reducing the time threat actors spend between initial compromise and operational disruption, and in some cases enabling impact to occur before detection and containment are effective. As a result, recovery capability may become a more important determinant of business interruption (BI) loss severity than traditional preventative controls.
“As AI becomes more deeply embedded in critical business operations and increasingly concentrated across compute infrastructure, hyperscale cloud platforms, and foundation model providers, the potential for portfolio aggregation risk may rise. This reflects the tightly coupled nature of the AI supply chain, where dependencies on a small number of dominant providers create shared points of exposure across insureds. This increases the likelihood of correlated losses rather than isolated events, particularly as AI systems take on greater roles in automation, decision-making, and operational control.”
The report says underwriting can adapt by:
Focusing on identity security and patch latency as primary drivers of how attacks propagate and convert into lossEvaluating recovery capability as a key determinant of business interruption (BI) severity, not just detection and containmentUnderwriting directly responding to the governance of AI agents, including permissions, API scope control, logging, and segregation of duties.
The research also calls on cyber catastrophe and aggregation risk modelers to begin incorporating AI risk dynamics into their work, noting that such analysis will become increasingly necessary if AI evolves from an augmentative capability into core operational infrastructure. In that scenario, dependencies across compute, cloud, and model providers could act as shared points of failure, requiring explicit modeling of how disruptions at these layers might propagate across insured portfolios and generate correlated, cross-sector losses.
A copy of CyberCube’s report can be viewed here.
|
