The cyber risk landscape in 2026 is evolving quickly, as cybercriminals update attack methods and seek to exploit businesses in new ways. Meanwhile, traditional malware is giving way to novel AI-enabled threats, a shift that encourages cyber risk professionals to take a proactive approach to assessment, controls evaluation, and client education.
How is the cyber threat landscape evolving?
Widespread adoption of AI tools by attackers to facilitate faster and more sophisticated fraud, phishing, and malware design
Greater reliance on cloud services and remote access, expanding attack surfaces
Greater prevalence of synthetic identities and deepfake technology, producing convincing fraud vectors
Data from incident response and claims show higher severity losses from automated and identity-based attacks
Insurance policies – and the underwriters behind them – must evolve just as quickly as the threats they’re designed to cover. Some policies written even within the past year may no longer adequately reflect AI-generated phishing, autonomous ransomware, or deepfake fraud exposure.
CFC’s cover has always been broad enough to cover AI-driven attacks. Now with the addition of affirmative AI cover, brokers and clients can move forwards with clarity and confidence. And at a time when fintech is facing monumental changes in regulation and economic uncertainty, 2026 is the year to incorporate forward-looking intelligence into underwriting decisions and risk scoring.
AI-generated phishing at scale
Phishing no longer comprises only generic emails requesting your login credentials. In 2026, AI-generated phishing is sophisticated, personalized, and automated at scale.
Key characteristics:
Emails and messages crafted with deep understanding of roles and responsibilities
Dynamic content and adaptive messaging to bypass traditional filters
Targeted attacks on executives, finance teams, or critical operational staff
Implications for businesses:
Increased likelihood of credential compromise and account takeover
Higher claim frequency for social engineering losses
Potential financial losses from fraudulent transfers and data breaches
Underwriting considerations:
Evaluate the effectiveness of email filtering and anti-phishing technologies
Check multifactor authentication (MFA) implementation across all critical accounts
Assess employee awareness programs and simulated phishing exercises
CFC case study
A law firm fell victim to a business email compromise scam after an employee entered login details into a phishing email, allowing attackers to monitor communications and impersonate the firm and a real estate agent.
The firm ended up transferring almost a quarter million to a fraudulent account, which was quickly withdrawn – although thankfully this was ultimately covered by the business’s cyber insurance policy.
Autonomous ransomware and intelligent malware
Autonomous ransomware is malware that uses AI to propagate, adapt, and bypass defenses without human intervention. Unlike traditional ransomware, it can:
identify vulnerabilities in client systems automatically
spread across networks and endpoints with minimal detection
tailor encryption and extortion tactics based on the target’s environment.
Potential business impact:
Significant operational downtime and data loss
Regulatory fines if sensitive data is exposed
Increased reputational risk
Underwriting evaluation:
Review patching cadence and vulnerability management practices
Recommend endpoint detection and response (EDR) tools are deployed
Promote backup strategies and incident response readiness
CFC case study
An auto parts dealer suffered a ransomware attack after hackers exploited RDP and weak passwords to access and encrypt its systems.
Despite restoring data from backups, the attack caused major disruption and over £1M in lost revenue – although fortunately, total losses were covered in the end by cyber insurance.
Identity-based attacks replacing traditional malware
2026 has seen a clear shift from malware-driven attacks to identity compromise. Threats now focus on credentials, accounts, and privileged access:
credential stuffing and password reuse attacks are increasing
account takeover (ATO) attempts are more frequent, especially on cloud platforms
exploitation of privileged accounts can bypass traditional malware defenses entirely.
Implications for underwriting and claims:
Higher exposure to financial fraud and data breaches without malware involvement
Traditional risk-scoring models may underestimate identity-driven risk
Key controls underwriters should assess:
MFA coverage across all critical systems
Single sign-on implementations and access policies
Logging, monitoring, and incident response plans for identity breaches
Deepfake-enabled fraud and synthetic identities
AI-generated video and audio can impersonate executives to authorize fraudulent transactions
Synthetic identities can bypass identity verification processes and commit fraud over time
Combined with phishing and social engineering, these attacks increase claims complexity
Impact for underwriters:
Fraud detection challenges exacerbate the likelihood of compromise
Can also lead to higher claim severity
Mitigation measures:
Assess employee training programs on verification protocols
Evaluate fraud detection tools that identify synthetic identities
Confirm client procedures for authorizing wire transfers and high-risk transactions
Implications for cyber underwriting
Emerging cyber threats in 2026 are reshaping how underwriters evaluate risk:
risk scoring: AI-driven cyber attacks and identity compromises require updated scoring models
policy terms: Coverage needs to have the breadth to cover AI, including autonomous malware and deepfake fraud
capacity decisions: Understanding client controls and resilience measures influences limits and pricing
claims insights: Incident response trends and recent claims inform underwriting decisions.
Underwriters who integrate these insights will be better positioned to evaluate client risk and price policies appropriately. Proactive understanding of AI-enabled threats and identity attacks strengthens confidence, improves risk assessment accuracy, and ultimately supports better claims outcomes.
Practical steps for 2026 and beyond
For brokers and underwriters:
Evaluate client controls: Review MFA, SSO, endpoint protection, and incident response plans
Understand emerging cyber threats: Stay updated on AI-generated phishing, autonomous ransomware, identity compromise, and deepfake fraud
Update risk scoring: Incorporate threat intelligence and claims data into underwriting models
Educate insureds: Recommend AI-aware phishing training, identity management improvements, and regular scrutiny testing
For businesses:
Employee training: Focus on spotting AI-driven phishing and social engineering attempts
Identity management: Strengthen MFA, SSO, and privileged access monitoring
Incident response planning: Regularly test and refine response procedures
Fraud detection: Implement tools to detect deepfake activity and synthetic identities
Prepare for the future with CFC
Brokers and underwriters who proactively understand the threats reshaping the cyber risk landscape, evaluate client controls, and adapt risk scoring will position themselves to improve claim outcomes, strengthen policies, and enhance overall cyber resilience.
Get in touch with CFC today to see how our cyber insurance can help you assess emerging threats, refine underwriting strategies, and guide insureds toward stronger risk mitigation in 2026. And be sure to check out our award-winning Response app, delivering personalized cyber threat alerts, access to critical security tools, and free expert advice 24/7.
