Log In Get Started
Stock Markets April 28, 2026 09:45 AM

Munich Re and Chubb Say Agentic AI Will Raise Frequency of Cyber Attacks, Not Immediate Severity

Reinsurer and insurer highlight ransomware, data breaches, BEC and DDoS as concentrated loss drivers and warn of faster, more automated threats

By Hana Yamamoto CB
Munich Re and Chubb Say Agentic AI Will Raise Frequency of Cyber Attacks, Not Immediate Severity
CB

Reports from Munich Re and Chubb indicate that the emergence of agentic and autonomous AI tools is likely to increase how often cyber incidents occur in the near term, while not necessarily driving a proportional rise in financial severity immediately. Both firms stress that insured cyber losses remain concentrated in ransomware, data breach, business email compromise and distributed denial-of-service attacks, and that governments, manufacturers and technology companies face the greatest exposure in 2025. They also outline how AI can expand attack surfaces through deepfakes, convincing domains and targeted social engineering, and how faster automated attacks compress the window for manual defence and response.

Key Points

  • Agentic and autonomous AI are expected to increase the frequency of cyber attacks in the near term, with less evidence of a corresponding immediate rise in severity.
  • Insured cyber losses remain concentrated in ransomware, data breach, business email compromise (BEC) and distributed denial-of-service (DDoS) attacks; governments, manufacturers and technology firms are most exposed in 2025.
  • AI-driven capabilities such as deepfakes, realistic domains and personalized social engineering expand attack surfaces, while automated attacks can compromise multiple systems within minutes and shrink the window for manual intervention.

Munich Re and Chubb have published reports drawing the same central conclusion: agentic and autonomous AI are set to boost the frequency of cyber intrusions in the near term more than they will increase the individual severity of those events.

Both reports underline that insured cyber losses continue to cluster in four principal categories - ransomware, data breach, business email compromise (BEC) and distributed denial-of-service (DDoS) attacks. According to the analyses, these threat types now touch almost every sector, with governments, manufacturers and technology companies singled out as facing the highest exposure in 2025.

Munich Re highlights that ransomware-related financial impacts still arise primarily from business interruption. The reinsurer says attackers are leveraging AI to automate reconnaissance and exploitation, which facilitates deeper infiltration into targets and supply chains. Ransomware campaigns have evolved beyond simple file encryption, the report finds, with many incidents now combining encryption with data breaches. There is also a noticeable shift in attacker behaviour toward campaigns that focus solely on exfiltrating data without encrypting it.

Looking ahead, Munich Re expects the next wave of cyber risk to be influenced by a combination of geopolitical factors, supply chain vulnerabilities, increasingly sophisticated cybercrime operations and the rise of both agentic and physical AI. The reinsurer maps possible insurance implications across both first-party and third-party elements. On the first-party side, affected coverage areas could include system failure and business interruption, incident response, data restoration and cyber extortion. On the third-party side, Munich Re anticipates potential upticks in claims tied to wrongful collection, privacy violations, media liability and technology errors and omissions.

Munich Re also notes that AI capabilities already enable the rapid production of deepfakes and highly realistic domains and websites, and can be used to craft personalized social engineering and phishing messages. Those capabilities, the report says, are expanding existing attack surfaces at scale.

Chubb's report presents related findings. The insurer reports that malicious actors are applying agentic and autonomous AI to compromise multiple systems within minutes, which significantly shortens the timeframe available for manual intervention. Chubb further observes that rising AI adoption worldwide has produced a parallel effect: while AI can be used to enhance detection and remediation, it is also being exploited by adversaries to develop more sophisticated attacks.

Both firms' assessments point to an operating environment in which frequency of incidents may rise as adversaries harness automation, even as immediate per-incident financial severity does not necessarily increase at the same pace. The reports also suggest insurers and insureds may need to reassess coverage scopes and response capabilities as automation and AI-driven techniques become more prevalent.

Risks

  • Increased incident frequency driven by agentic AI could elevate operational disruption risk for governments, manufacturers and technology companies, particularly through business interruption tied to ransomware.
  • Automation of attacks shortens the time available for defenders to detect and respond, increasing the likelihood of successful multi-system compromises and stressing incident response resources.
  • Expansion of attack surfaces via AI-generated deepfakes, convincing domains and targeted phishing raises the risk of privacy violations, wrongful collection claims, media liability and technology errors and omissions for covered entities.

More from Stock Markets

Citi Sees Limited Overheating Risk in Japan's Tech-Led Rally Apr 28, 2026 Oslo shares tick up at close with Healthcare, Pharma and Utilities leading the charge Apr 28, 2026 Ryanair CEO Says High Jet Fuel Costs Could Push European Carriers Toward Collapse Apr 28, 2026 FCC Signals Possible Review of Disney Broadcast Licenses Amid Kimmel Controversy Apr 28, 2026 F1 CEO Says Only One of Two Canceled Middle East Grands Prix Is Likely to Be Rescheduled Apr 28, 2026