The soft market is a capital cycle, not a risk signal. AI is breaking the underwriting model that priced your cover. What matters is whether capacity is still there when the model catches up.
Your cyber renewal came through. Premiums were down. Your broker called it a buyer friendly market.
But price is not the main event. The question that matters is whether the capacity behind your cover will still be there when AI changes the loss model. Because right now, the market is pricing cyber risk on assumptions that AI is in the process of breaking.
The Underwriting Model Is Breaking
Since its inception, cyber insurance has been built to cover a human led risk. Underwriting frameworks, pricing models, policy terms, and incident response assumptions all reflect the limitations of human adversaries: finite time, finite resources, and observable patterns of behaviour. As Global Reinsurance noted in its January 2026 analysis, those assumptions are now eroding. The three pillars of the cyber insurance model, snapshot underwriting, historical loss data, and human paced threat assumptions, are all under pressure simultaneously.
https://www.globalreinsurance.com/home/has-cyber-insurance-lost-the-war-with-ai/1457411.article
Traditional cyber underwriting operates on a snapshot in time. Assess posture, analyse historical breach data, price a policy for the year ahead. That only works when risk evolves slowly enough for the snapshot to remain meaningful. AI breaks this premise. An adversary can now discover, prioritise, and exploit vulnerabilities in minutes, rendering yesterday’s assessment obsolete.
The nature of loss is changing too. AI enabled espionage does not announce itself with encrypted files and ransom notes. It enables silent, persistent exfiltration of intellectual property and strategic plans, losses that are harder to detect, harder to attribute, and harder to quantify. For insurers, that ambiguity complicates both claims handling and capital planning. Munich Re ranks AI as the number one challenge for cyber security and estimates modelled cyber accumulation potential at between $20 and $46 billion.
https://www.munichre.com/en/insights/cyber/cyber-insurance-risks-and-trends-2025.html
And that is only the inbound threat. Your own AI adoption has expanded the attack surface from the other direction. Model manipulation, data poisoning, adversarial inputs, prompt injection. These are not standard data breach or system failure scenarios. They sit in a grey area that current wordings were never designed for.
Why the Soft Market Is Not a Risk Signal
Primary cyber insurers cede approximately 44 per cent of premiums to reinsurers. Reinsurance appetite is the gatekeeper for capacity. When reinsurers tighten, primary insurers follow. Everything upstream from that decision flows from the cost of capital.
The current soft pricing exists because high premiums in 2021 and 2022 attracted new entrants and alternative capital into the market. Improved insured hygiene, multi factor authentication, endpoint detection, robust backup strategies, stabilised loss ratios between 75 and 88 per cent. Carriers competed on price. But this is a capital cycle, not a risk signal. The risk has increased. The capital deployed against it has temporarily exceeded what the market needs.
S&P Global Ratings predicts cyber premiums will increase 15 to 20 per cent per year through 2026, driven by reinsurance costs. Reinsurers are wary of systemic risk and will push for higher rates to deploy capital against an accumulation potential that Munich Re models in the tens of billions. That number drives reinsurance pricing, not your individual premium.
The soft market is a window, not a new normal. When AI driven losses reach a scale that tests the capital behind the market, the companies with governance evidence and aligned cover keep their capacity. The companies that renewed on autopilot during the soft cycle discover that cheap cover and available cover are not the same thing.
Three Questions Before You Renew
Does your wording address AI specific vectors?
Model manipulation and data poisoning on the inbound side. Your own AI producing harmful or incorrect outputs on the outbound side. If these are not addressed in the wording, they sit in silence. And as we have written elsewhere on Simplify Stream, silence in policy wording favours the insurer at claims stage.
Is the capacity behind your policy durable?
Who are the underwriters? What is their reinsurance position? A policy backed by capacity that will tighten or withdraw when AI losses materialise is not the same as a policy backed by underwriters who understand and intend to stay in the AI-exposed cyber market. Your broker should be able to answer this question. If they cannot, that tells you something too.
Has your broker mapped your AI adoption against your current wording?
This is the conversation most brokers are not yet having. The ones who do are the ones whose clients will not discover the gap after a loss. If your broker cannot explain where your AI exposure sits in relation to your cyber, PI, and product liability wordings, you need a different conversation.
Capacity Is the Driver. Price Is the Sidecar.
The soft cyber market is an opportunity to secure durable capacity with aligned wording, not just a cheaper premium. The founders who use this window to close the AI cyber insurance gap are the ones whose cover still exists when the capital cycle turns.
For how AI creates silent gaps across PI, product liability, and cyber, read The AI Insurance Gap You Won’t Spot Until It’s Too Late.
For the full consequence map including cyber supply chain exposure, read What Happens to Your Business When the First AI Product Liability Case Lands.
For how to have this conversation with your broker, read How You Talk to Your Broker About AI Decides What Cover You Get.
