Log In Get Started
Stock Markets April 28, 2026 09:45 AM

Munich Re and Chubb Say Agentic AI Will Raise Frequency of Cyber Attacks, Not Immediate Severity

Reinsurer and insurer highlight ransomware, data breaches, BEC and DDoS as concentrated loss drivers and warn of faster, more automated threats

By Hana Yamamoto CB
Munich Re and Chubb Say Agentic AI Will Raise Frequency of Cyber Attacks, Not Immediate Severity
CB

Reports from Munich Re and Chubb indicate that the emergence of agentic and autonomous AI tools is likely to increase how often cyber incidents occur in the near term, while not necessarily driving a proportional rise in financial severity immediately. Both firms stress that insured cyber losses remain concentrated in ransomware, data breach, business email compromise and distributed denial-of-service attacks, and that governments, manufacturers and technology companies face the greatest exposure in 2025. They also outline how AI can expand attack surfaces through deepfakes, convincing domains and targeted social engineering, and how faster automated attacks compress the window for manual defence and response.

Key Points

  • Agentic and autonomous AI are expected to increase the frequency of cyber attacks in the near term, with less evidence of a corresponding immediate rise in severity.
  • Insured cyber losses remain concentrated in ransomware, data breach, business email compromise (BEC) and distributed denial-of-service (DDoS) attacks; governments, manufacturers and technology firms are most exposed in 2025.
  • AI-driven capabilities such as deepfakes, realistic domains and personalized social engineering expand attack surfaces, while automated attacks can compromise multiple systems within minutes and shrink the window for manual intervention.

Munich Re and Chubb have published reports drawing the same central conclusion: agentic and autonomous AI are set to boost the frequency of cyber intrusions in the near term more than they will increase the individual severity of those events.

Both reports underline that insured cyber losses continue to cluster in four principal categories - ransomware, data breach, business email compromise (BEC) and distributed denial-of-service (DDoS) attacks. According to the analyses, these threat types now touch almost every sector, with governments, manufacturers and technology companies singled out as facing the highest exposure in 2025.

Munich Re highlights that ransomware-related financial impacts still arise primarily from business interruption. The reinsurer says attackers are leveraging AI to automate reconnaissance and exploitation, which facilitates deeper infiltration into targets and supply chains. Ransomware campaigns have evolved beyond simple file encryption, the report finds, with many incidents now combining encryption with data breaches. There is also a noticeable shift in attacker behaviour toward campaigns that focus solely on exfiltrating data without encrypting it.

Looking ahead, Munich Re expects the next wave of cyber risk to be influenced by a combination of geopolitical factors, supply chain vulnerabilities, increasingly sophisticated cybercrime operations and the rise of both agentic and physical AI. The reinsurer maps possible insurance implications across both first-party and third-party elements. On the first-party side, affected coverage areas could include system failure and business interruption, incident response, data restoration and cyber extortion. On the third-party side, Munich Re anticipates potential upticks in claims tied to wrongful collection, privacy violations, media liability and technology errors and omissions.

Munich Re also notes that AI capabilities already enable the rapid production of deepfakes and highly realistic domains and websites, and can be used to craft personalized social engineering and phishing messages. Those capabilities, the report says, are expanding existing attack surfaces at scale.

Chubb's report presents related findings. The insurer reports that malicious actors are applying agentic and autonomous AI to compromise multiple systems within minutes, which significantly shortens the timeframe available for manual intervention. Chubb further observes that rising AI adoption worldwide has produced a parallel effect: while AI can be used to enhance detection and remediation, it is also being exploited by adversaries to develop more sophisticated attacks.

Both firms' assessments point to an operating environment in which frequency of incidents may rise as adversaries harness automation, even as immediate per-incident financial severity does not necessarily increase at the same pace. The reports also suggest insurers and insureds may need to reassess coverage scopes and response capabilities as automation and AI-driven techniques become more prevalent.

Risks

  • Increased incident frequency driven by agentic AI could elevate operational disruption risk for governments, manufacturers and technology companies, particularly through business interruption tied to ransomware.
  • Automation of attacks shortens the time available for defenders to detect and respond, increasing the likelihood of successful multi-system compromises and stressing incident response resources.
  • Expansion of attack surfaces via AI-generated deepfakes, convincing domains and targeted phishing raises the risk of privacy violations, wrongful collection claims, media liability and technology errors and omissions for covered entities.

More from Stock Markets

Australian Shares Slip as Healthcare, Financials and Gold Weigh on Index Apr 29, 2026 Fuchs posts Q1 results above forecasts, raises sales outlook for 2026 Apr 29, 2026 Huhtamaki Tops Q1 Expectations but Flags Rising Polymer Costs as Margin Risk Apr 29, 2026 Kambi Holds FY26 EBITA Target Despite €4m Colombia Tax Hit Apr 29, 2026 Pernod Ricard Calls Off Merger Negotiations With Brown-Forman Apr 29, 2026