As ever, change will continue apace in cyber insurance. Technological changes will affect organisations' risk profiles and facilitate new forms of attack. Legal changes will affect the regulatory burden on organisations and the class action landscape. New entrants and new capital will enter the market.
Artificial Intelligence ("AI") will continue to attract a lot of attention. Governments are plainly concerned about its unchecked use. Claims have already emerged in relation to AI developers' use of copyrighted material. And regulators are expected to facilitate closer alignment between governments with regarding the use of AI. In the UK, the priority is to regulate the most powerful Global Partnership for Artificial Intelligence ("GPAI") models. We await further guidance on this.
AI is not just a potential tool for good. In 2024 an assessment by the National Cyber Security Centre (NCSC") found that the most recent AI technology was likely to increase the volume of cyber-attacks in 2025. In a two-part podcast series last year we explored the complexities and ever changing world of cyber incident response and how cyber threats have continued to evolve.
The Cyber Security and Resilience Bill is a response to cyber-attacks on government institutions. It extends existing regulations to more digital services, the regulator's powers and reporting requirements. The UK government is also proposing to legislate for ransomware attacks and payments. A consultation published on 14 January 2025 is examining (i) banning ransom payments by public authorities and providers of critical national infrastructure (ii) requiring other organisations to notify the authorities before they pay ransoms (iii) reporting ransomware attacks above a particular threshold. These proposals raise interesting questions.
What will victims do if they are unable to restore their systems without paying a ransom?
Will threat actors 'migrate' from sectors where payments are banned to those where they are not?
What will happen if an organisation notifies authorities of an attack and comes under pressure not to pay?
To read the full Cyber section, download the Global Risks: Horizon Scanning report.
