Proactive services, vendor risk and AI-driven underwriting are reshaping cyber insurance strategy
Cyber insurance has matured beyond its early role as a balance-sheet hedge. As cybercrime grows more complex and interconnected, buyers are no longer satisfied with coverage that responds only after a loss. Instead, they are demanding solutions that help prevent incidents, manage evolving threats and integrate cyber risk into broader enterprise decision-making.
“I’ve often used the analogy to health insurance with cyber insurance,” said Tim Burke (pictured), EVP and head of cyber | commercial E&O at IMA Corp. “There’s always a great unknown, and you’re trying to break it down in a way that’s understandable.” For Burke, the comparison highlights a shift in mindset. “Cyber insurance can be more than just a financial backstop,” he said.
From expensive paper to proactive partnership
For years, cyber insurance was viewed largely as a costly necessity – coverage purchased to satisfy contractual requirements or board expectations. Burke described it bluntly as “an expensive piece of paper.” That perception, he said, has changed meaningfully over the past five to six years as new providers entered the market with broader service offerings.
Burke likened the evolution to health insurance paired with wellness support. “What if I could get you really good health insurance, but it came with a dietitian or a personal trainer?” he asked. Today’s cyber policies increasingly come with embedded services such as employee training, vulnerability scanning and threat intelligence, all designed to reduce the likelihood and severity of loss.
Those tools only deliver value, however, if clients know they exist. “Part of that is incumbent on brokers to educate clients so they know these options are available,” Burke said. When used effectively, these services provide measurable return on investment by improving resilience and tailoring coverage to actual risk profiles. “The expectation now is for a more proactive solution, as opposed to a purely reactionary solution that just writes a cheque after a loss,” he said.
Addressing crime scenarios that defy prediction
While emerging threats such as funds transfer fraud receive significant attention, Burke emphasized that the most acute vulnerabilities remain stubbornly familiar. “The majority of losses we see still emanate from human error – unforced errors,” he said. As a result, employee education and loss-control training remain foundational elements of any effective cyber program.
Burke encourages clients to take full advantage of the educational resources bundled within their policies. Even organizations that do not license third-party tools can often access carrier-provided solutions that strengthen first-line defenses. At the same time, the nature of cybercrime continues to evolve in unpredictable ways. “Sometimes you couldn’t make up some of these loss scenarios,” Burke said.
To stay ahead, Burke’s team works closely with claims professionals to stress-test coverage language against real-world incidents. Historically, many of these losses were addressed under commercial crime policies, which remains appropriate for exposures such as social engineering. Increasingly, however, Burke sees advantages in leveraging cyber policies that include rapid-response incident teams. “If you can turn to your cyber carrier within a short window, they can often mitigate the situation very quickly,” he said. That speed and coordination can materially change outcomes.
Where cybercrime and traditional theft converge
As cyber tools are used to enable physical theft, the distinction between crime and cyber coverage has become less clear. Burke pointed to scenarios in which criminals hack systems to facilitate the theft of tangible goods, such as manipulating warehouse access controls to allow fraudulent vehicles to collect inventory.
“It’s not uncommon for a company to have both a crime policy and a cyber policy, with some overlap,” he said. In many cases, cybercrime language is broader and can be extended to contemplate losses beyond funds, including products and physical assets. While such incidents may resemble traditional theft, the method of loss – involving network access or system manipulation – often brings them squarely within cyber coverage if policies are structured properly.
Third-party risk and the supply chain blind spot
Third-party incidents and supply chain disruptions now represent a significant share of cyber claims, introducing what Burke described as one of the industry’s “great unknowns.” As coverage for contingent business interruption has broadened, companies no longer need to list every critical vendor to secure protection. That evolution has simplified placement but increased the importance of internal analysis.
“The first step is to take a deliberate look at who your critical vendors are and whether you’ve done the analysis to understand the potential downside if that vendor is down,” Burke said. Brokers play a central role in helping clients model those scenarios and translate them into appropriate limits and contract terms.
Burke also expects to see more subrogation activity as cyber carriers seek recovery from vendors whose failures trigger losses. Tracking those cases, he said, provides real-time insight into the true financial impact of third-party failures. At the same time, companies must ensure contracts require vendors to carry adequate cyber coverage and limits. “If you need to look to a vendor to be made whole, do they have the financial means?” he asked.
Cyber carriers are increasingly supporting this process by offering tools that monitor vendor security posture. “You can now get intelligence on the security posture of your critical vendors,” Burke said, allowing organizations to identify concerns before a third-party incident cascades into their own environment.
Related Stories
