Cyber Coverage Gets Creative as Threats Evolve Faster Than Carriers Can Respond

This article was originally published on Insurance Business and is reprinted here with permission. 

The cyber insurance market has remained highly volatile, but also increasingly inventive in its response to fast-evolving digital threats, according to Alex Clark, vice president and cyber solutions practice leader at Hylant. The industry's ability to adapt is being tested in real time by threat actors who continue to outpace traditional defenses.

“The current state of the market is, one, creative. Two, self-learning, but three, also very volatile,” said Clark. “Bad actors are really good at what they do. They’re constantly coming up with new ways to attack companies and manipulate individuals. We always go back to that human element - getting people to make rash decisions, click on links, etc.”

To keep pace, carriers needed to rethink not just what they cover, but how they structure and price that coverage. Clark emphasized the importance of containment. “Claims may happen. But how can we manage that and reduce the blast radius? How do we make a $10 million claim into a $1 million claim, or a $1 million claim into a $100,000 claim?”

Phishing Tactics Get Smarter—And Harder to Spot

The widespread use of AI tools like ChatGPT had raised the sophistication of phishing attempts, removing the obvious red flags that once made them easier to identify. “Those phishing emails that used to have spelling errors or slightly different language dialects are no more,” said Clark.

That shift is pushing more companies to invest in employee training - not just to prevent incidents, but to flag and report attempts in real time. Clark points out that successful mitigation increasingly hinges on frontline awareness.

Coverage itself also requires customization that reflects industry-specific exposures. “Healthcare is different than manufacturing. Manufacturing is different than retail. Retail is different than finance,” he said. “We try to train our team and our clients not to put coverage in a box.”

This customization is especially critical as business risks expand beyond IT departments and into the broader organization, fueled by growing dependencies on third-party vendors and interconnected systems. “This is no longer just an IT risk - it’s a business risk,” said Clark. “The more we can tailor cyber to the likes of property or general liability, the better we can communicate at a strategic level.”

Closing the Gap Between Applications and Reality

While the market had made progress in developing coverages that address newer risks - such as dependent business interruption and deepfake-related fraud - the application process remains a significant barrier.

Clark said there is still a disconnect between what applications ask and what carriers actually needed to know. “Filling out the right applications, getting the right information, playing that game of telephone from the carrier to the broker to the client - this is exactly what we’re asking for,” he said.

Often, the real story goes beyond what the form captures. “Maybe the application’s a no, but what’s plan B and C that you’ve implemented that the application’s not asking? How do we go deeper than the app?” Clark likened the process to calling an audible in football. “We line up at the line of scrimmage, we don’t like the defense on the other side. What can we call to make our play work the right way?”

AI, Quantum and the Limits of Predictability

Looking ahead, Clark said insurers would need to prepare for rapid shifts in both offensive and defensive capabilities, especially as AI and quantum computing continue to accelerate. “We don’t necessarily know where that’s going to go and where that’s going to lead us,” he said.

Still, the industry’s best shot at staying relevant comes back to fundamentals: educating employees, building out incident response plans, and communicating across internal teams and third parties. “With cybersecurity, we’ve got to evolve, and we can’t rest on our laurels,” said Clark.

Related Reading: What Is Cyber Insurance?

The above information does not constitute advice. Always contact your insurance broker or trusted advisor for insurance-related questions.