Digital Insurance contacted insurance professionals to comment on cybersecurity trends for 2026.
Experts suggest cybersecurity risks are changing and artificial intelligence will create challenges.
Responses have been lightly edited for clarity.
Tanner Lewis, vice president, cybersecurity, New York Life
In 2026, there will be significant focus on securing AI agents that now operate across business systems and customer channels. The hardest challenges are finding these AI agents and managing what they can do. Some companies will struggle to know how many AI agents they have—let alone which users or systems they represent. The focus must shift to AI agent discovery, unique identity assignment, and lifecycle governance so that every AI action is visible, attributable, and accountable. Companies that build inventories of known AI agents, link them to responsible users, and apply consistent access controls will be positioned to harness AI safely.
Patrick Thielen, global head of cyber, Global Risk Solutions, Liberty Mutual Insurance
Digital transformations within cyber insurance have been occurring and evolving over the past 10 or so years. I'd break it into two broad categories:
First, internally, carriers and brokers are investing into tech-enabled and data-driven insights. These are used for things like risk selection, hygiene assessments, pricing, and portfolio management--enabling better, faster, more consistent, and more efficient decisions.
Also, externally, carriers and brokers have invested in user interfaces and digital transaction platforms that allow for partners and policyholders to get risk insights, get quotes, issue policies, and perhaps integrate into multi-carrier quoting platforms within brokerages or third party sites.
2026 will likely see a continuation of these transformations since carriers and brokers are at different stages of this evolution. Over time, developing or integrating these types of tools is becoming more straight forward since playbooks have broadly been established and many vendors exist that can assist, or even provide turnkey solutions in some cases.
Jennifer Kostyrna, senior director, product management, fraud and identity solutions, LexisNexis Risk Solutions
The rise of generative AI and deepfake technology is reshaping the threat landscape, turning identity into one of the most critical attack surfaces in insurance. As these risks evolve, carriers must treat identity verification as a core cybersecurity function, one that's powered by adaptive intelligence, not static credentials. Strengthening digital trust will be essential to protecting policyholders and preserving the integrity of the insurance ecosystem.
Melissa Carmichael, head of U.S. Cyber, Beazley
Cyber risk will continue to evolve in 2026, and businesses must shift from panic to preparation - across the full lifecycle of a cyber incident. While financial and operational impacts are often well documented, reputational and legal exposure is frequently overlooked. When shareholders demand answers after an attack and the organization is found to be underprepared or underinsured, the fallout can be severe. If a board's failure to prioritize cybersecurity or secure adequate cover comes to light, the damage can extend far beyond the initial chaos of the breach.
Alton Kizziah, CEO of Beazley Security
As the interdependence on external software providers continues to expand, even well-secured organizations will find themselves exposed through their less secure partners.
We expect to see a rise in impactful third-party incidents as threat actors increasingly target external software providers, cloud platforms, and managed services that organizations commonly employ to streamline operations and reduce costs. Consequences will include disruptive widespread service outages when major platforms or industry vendors are down, as well as increasing numbers of data breaches and operational disruptions that result in costly and brand-impacting regulatory disclosure and client notification events. These risks will drive investments in increased focus on vendor risk management, deploying Zero Trust architectures, and improving supply chain resilience.
As a result, third-party risk will become a board-level concern, driving investment in governance, continuous monitoring, and more rigorous oversight of external partnerships.
Corey Calajoe, VP technology shared services at ACORD Solutions Group
The rapid growth of AI will intensify cyber threats, with autonomous AI tools being weaponized by both attackers and defenders, accelerating phishing, malware deployment, and real-time threat detection. 'Deepfakes' will also continue to elevate social engineering risks, especially in high-stakes scenarios like financial fraud and crisis response. On another front, we'll see quantum computing spur significant cryptographic upgrades, with many organizations anticipating future quantum threats and proactively transitioning to post-quantum cryptography with an eye toward long-term data security.
Dr. Ann Irvine, chief data and analytics officer, Resilience
Third-party and vendor-related cyber incidents will become an increasingly dominant source of organizational disruption, as companies realize their biggest vulnerabilities lie in systems they can't directly control. Organizations will need to shift from simply vetting vendors to actively planning for inevitable supply chain failures, ensuring their response plans and insurance policies adequately cover these cascading impacts.
John Grise, EVP, Amwins Brokerage
In the cyber insurance sector, predictions for 2026 indicate a shift in focus towards sustainable rate adjustments, not only within the primary risk area but also significantly in the reinsurance market. As rates stabilize, the frequency of ransomware attacks persists, and the development of longer-tail cyber coverage continues, the market is currently priced to perfection, and more likely unprofitable. Although capacity remains abundant, there may be emerging pressures for rate increases in the second half of 2026
Insureds and brokers should exercise caution with markets that continue to aggressively acquire business with decreases. The quality of the carrier will become a crucial differentiator, distinguishing brokers and carriers committed to long-term viability from those adopting a riskier, transactional approach.
Matt Donovan, EVP, Amwins Brokerage
The cyber space has been awash with capacity for a number of years now, but the shift may have begun already with the cost of capital having risen. While the SME space appears to have fared much better than large ticket cyber on the loss front, many of the players at the forefront of the SME market segment have sold or are primed for acquisition. This begs the question, who will fill the void? Some larger cyber carriers have begun pushing widespread event restrictions, which are currently untenable in the market segment. Many large cyber (and tech) excess towers have exhausted full limits, which should eventually drive some tightening with the reinsurers behind the carriers targeting the larger ticket segment.
Mike Colford, SVP, cyber product leader, Westfield Specialty
Ransomware is likely to evolve again in the new year. In response to insureds' continued improvement of their cybersecurity controls, threat actors have refined their extortion tactics and strategies. As a result, we expect the sophistication of attacks as well as the potential severity of claims to increase even more. It's critical for insurers to help clients stay ahead of this escalation through robust underwriting, proactive risk services, and rapid, effective responses when cyber incidents do occur.
Eder Ribeiro, director of global incident response for TransUnion
Because most enterprises have invested heavily in their cybersecurity defenses, breaching them now takes far more planning and effort. Cybercriminals don't like this. They prefer low-effort, repeatable attacks. In 2026, they'll find them by moving down market, exploiting less hardened businesses and people. This is expected to up the demand for personal cyber insurance in both the consumer (individuals and families) and business (owners and executives) markets.
K Royal, global chief privacy officer and deputy general counsel, Crawford & Company
An uptick in cyber regulation will drive more activity and associated expenses from panel providers.
As cyber regulation and enforcement activity around AI increase, we're going to see an uptick in insureds who are hitting high deductibles and filing cyber claims in 2026. This will drive even more specialization from the professionals that provide cyber incident support - from panel providers to forensics and cyber investigators to the lawyers that handle data incidents. The onus will be placed on each of these providers to stay current in their technology and legal expertise—which will be a challenge in itself—and the expense for that expertise will be passed along to the insureds and, by extension, their carriers.
Rohit Makhijani, Forrester principal analyst
The insurance industry will face pivotal transformation in 2026 as AI reshapes operations across the value chain and carriers prioritize customer experience amid declining client satisfaction. AI will be a weapon and a threat creating rapid market expansion for cyber coverage. Novel underwriting will unlock high-risk markets, and the booming gig economy will create new microinsurance opportunities. Leaders must embrace AI-driven operational efficiency, invest in CX differentiation, and adapt for emerging market segments to stay ahead of competition.
