Takeaways:
- Large language models are more vulnerable to AI-powered attacks
- Companies need to have cyber defense plans ready to go
- Defenses and insurance coverages should be reviewed quarterly
AI is making cybersecurity more challenging, requiring more frequent updates of cyber defenses, according to Jennifer Wilson, head of cyber at Newfront, an insurance brokerage.
Wilson and executives from AXA XL and Surefire Cyber, speaking in a
"We can no longer just rely on silent AI coverage," Wilson said. "We as brokers need to work with the markets to make sure that we are negotiating affirmative AI language for our clients. The SEC recently broadened the cybersecurity guidelines to include disclosure of material events and cybersecurity protocols to incentivize businesses to investigate disclosure obligations. Many insurers have added coverage for SEC investigative costs."
While advances in technology have helped cybersecurity defenses, they have also enhanced what hackers can do, according to Gwenn Cujdik, North America incident response and cyber services lead at AXA XL.
"We've gotten better at using technology to respond to and investigate claims, so we can get through large networks really quickly and efficiently and pull data and evidence and review that really quickly," she said. "But as technology increases for us, it increases for the bad guys. Reconnaissance took a couple months. Now, it takes such a short period of time, and the amount of data that they're able to siphon off through an attack is just breathtaking."
Companies should improve their preparedness for cyber incidents, Wilson stated. "You might want to have an internal conversation well in advance, so that when the event happens, you're not wasting time debating internally back and forth on what the company's posture is going to be," she said.
Companies should update their backup systems, including testing their ability to restore data and operations, once a quarter, according to Marc Bleicher, chief technology officer at Surefire Cyber, a cybersecurity services company. Companies now also need "immutable backups," since hackers have started to pursue backup systems first, Bleicher added. "Make sure they're properly segmented, offline and not part of your main infrastructure," he said.
Just as companies should update their defenses quarterly, they should also review their cyber insurer's policy language, which is often now changing quarterly, according to Wilson.
The current cyber insurance market is advantageous for companies to review their coverage, according to Caitlin Alpern, team lead, large accounts, AXA XL.
"There are a lot of different cyber carriers, and everyone's looking to grow their books. Rates are really competitive right now, and they have been over the last two years," she said. "We've seen a lot of decreases, sometimes even double-digit decreases in the last two years. Q4 accounts that I'm working on are starting to level off and flatten, and I think will be flat for 2026, as far as rates."
