Business owners rush to replace cyber coverage after major insurers pull back following AI driven claims surge

Business owners rush to replace cyber coverage after major insurers pull back following AI driven claims surge

Market shock, quick renewals

Small and midsize businesses are accelerating insurance shopping this spring after several large carriers reduced their exposure to certain cyber risks and tightened underwriting standards. Underwriters have told brokers they will shrink appetite for high-severity social engineering claims and dependent business interruption, prompting firms whose renewals are imminent to seek replacement policies or add-ons.

Why insurers are changing course

The change follows a marked shift in the claims mix. A leading cyber insurer reported that 60 percent of claims in 2024 were related to business email compromise and funds transfer fraud, a category that has grown more costly and harder to underwrite. That pattern, combined with a rise in AI-enabled impersonation and synthetic media, has forced insurers to reassess which risks they will carry and at what limits.

Pricing and capacity flows have responded. Industry data show overall direct written premiums for U.S. cyber insurance contracted in 2024, a sign that some buyers are failing to find the same breadth of coverage at earlier price points. At the same time, carriers are increasingly applying sublimits and endorsements for social engineering and vendor outage exposures, leaving many policyholders with narrower protection than their policy limits suggest.

Businesses feel the pinch

The effect is immediate. Accountants, law firms, manufacturers, and regional retailers report receiving renewal notices that demand new security controls, raise retentions, or carve out coverage for certain types of AI-related losses. Many business owners described a frantic month of calls to brokers, who are combing the market for specialty writers and layering coverage across multiple carriers to replicate previous limits. Smaller firms say the administrative burden and cost have risen, and some are shifting budget from technology projects to secure higher levels of insurance.

The role of AI in the risk landscape

Insurers and cyber specialists point to generative AI as a multiplier of social engineering effectiveness. Deepfake audio and highly personalized prompts are enabling threat actors to impersonate executives and vendors at scale, increasing both the frequency and severity of funds transfer fraud. Industry studies and breach reports highlight that incidents involving AI or shadow AI are becoming a material factor in loss severity and incident response complexity. Insurers are responding by tightening terms and demanding more robust multi-factor authentication, endpoint detection, and vendor controls before committing capacity.

What owners should do now

Risk managers and advisers say to act quickly and document improvements. Priorities include enforcing multifactor authentication for finance teams, segregating approval workflows for payments, validating vendor recovery plans, and negotiating explicit sublimits in writing. Where primary capacity has been reduced, layering with crime policies or buying captive solutions are options some midmarket buyers are exploring. Brokers warn that delays can leave firms exposed at renewal.

Outlook

Underwriters say the market will likely remain selective until loss trends stabilize or new products explicitly cover AI-related exposures. For now, business owners face a choice: invest in security to meet stricter underwriting terms, accept narrower coverage, or shop for multiple specialist carriers to rebuild protection. The scramble to replace or reconfigure cyber cover is underway, and its effects will be visible in this year's renewals cycle.