Gallagher: Is AI & Cyber Insurance a New InsurTech Frontier?

Cybersecurity professionals are confronting a new reality in 2026 where AI deployment and cyber risk management are no longer separate disciplines.

According to the latest Q1 2026 Global InsurTech Report from Gallagher Re, investment into AI-focused insurance companies reached US$1.63bn in the first quarter of the year.

This figure represents a marginal decrease from the US$1.67bn recorded in Q4 2025, but shows sustained capital interest in technologies that address digital risk.

The report states that 95.2% of all insurtech funding in Q1 was directed toward AI-focused companies.

This concentration of capital suggests insurers are attempting to price and manage exposures that security teams are already confronting in production environments.

Digital risks merge into one

The Gallagher Re report suggests that cyber insurance, professional indemnity and AI liability are converging into a single business line called Digital Risks.

This convergence is taking place because the primary threat vectors for these exposures often originate from the same sources.

Malicious threat actors and technical failures within concentrated cloud infrastructure are creating liability exposures that span multiple traditional insurance categories.

For security professionals managing AI deployments, existing general liability or professional indemnity policies may not adequately cover AI-related incidents.

The report identifies what it terms silent AI risk, where AI exposures are inadvertently covered by traditional policies that were never designed or priced for such scenarios.

As AI agents move into production environments, they are executing commands and triggering workflows with the same privileges as human administrators.

Security teams are now tasked with designing controls for systems that operate probabilistically rather than deterministically.

New insurance products target AI liability

A new category of insurance providers is emerging to address gaps in traditional coverage.

According to the report, Munich Re pioneered AI performance guarantees, while newer firms like Testudo and Armilla target third-party liability for organisations deploying AI systems.

If an AI system makes a discriminatory recruitment decision or a chatbot provides legally binding misinformation, the liability could fall on the deploying organisation rather than the developer.

Paris-based Stoïk closed a US$21.7m (€20m) Series C round in January to scale its platform, which combines cyber insurance with active risk prevention and in-house incident response. The company acts as an outsourced Chief Information Security Officer for SMEs.

Evaluation methods remain inadequate

A challenge for both insurers and security professionals is the inadequacy of current AI evaluation methods.

Freddie Scarratt, Global Deputy Head of InsurTech at Gallagher Re, says: "The accumulation of silent AI risk represents a fundamental threat to underwriting discipline – it creates a scenario where insurers are providing 'accidental' capacity for complex, high-stakes events they have neither modelled nor priced."

According to Gallagher Re, the tech industry's reliance on empirical benchmarks using standardised tests on static datasets is not fit for measuring real-world loss. For a credible AI insurance market to scale, the industry requires a move toward behavioural evaluation.

This means security professionals will need new frameworks for assessing AI system behaviour in production environments rather than relying solely on pre-deployment testing.