The Growing Cyber Threat: How AI is Fueling Attack Frequency and Why Most Small Businesses Remain Unprotected

As artificial intelligence transforms the cybercriminal landscape and attack frequency soars, a surprising protection gap persists among the businesses that need coverage most.

By: Munich Re | September 25, 2025

The cybersecurity landscape has undergone a dramatic transformation in recent years, with artificial intelligence emerging as both a powerful defensive tool and an increasingly sophisticated weapon in the hands of cybercriminals. While large enterprises have responded with comprehensive security strategies, a concerning trend has emerged: the vast majority of small to midsize businesses may remain vulnerable to cyber attacks, with most reportedly choosing to forgo cyber insurance coverage despite escalating threats.

Recent industry data reveals a striking disconnect between the growing cyber risk environment and protection adoption rates. This gap represents not just a business continuity challenge, but a fundamental market maturation issue that the insurance industry is working to address through enhanced education and product development.

The AI-Powered Surge in Cyber Attacks

Florian Happ, PhD, Cyber Underwriting Manager, Munich Re US

The frequency and sophistication of cyber-attacks have reached unprecedented levels, accelerated by the emergence of what experts call “dark Large Language Models (LLMs)” – the use of artificial intelligence tools engineered specifically for criminal purposes.

“The omnipresence of AI, particularly in the form of ‘dark LLMs,’ has transformed the threat landscape,” said Florian Happ, PhD, Cyber Underwriting Manager at Munich Reinsurance America, Inc. (Munich Re US). “Think of these as the evil twins of conventional LLMs – like a FraudGPT instead of ChatGPT. These tools have made it much easier for threat actors to generate malicious code and automate their activities, enabling them to scale their operations significantly.”

This technological evolution has fundamentally changed the economics of cybercrime. Where attackers previously could only execute one attack at a time, AI automation now enables them to cast a much wider net with significantly less manual effort.

The impact extends beyond simple automation. Modern AI-powered attacks have eliminated many of the traditional warning signs that previously helped potential victims identify threats.

“They can now produce incredibly convincing phishing attacks tailored to specific addresses and even across language barriers, making them much more successful,” Happ said. “In the past, phishing attempts were often easily detectable due to broken English or obvious errors. Today’s AI-generated attacks have eliminated these telltale signs.”

The financial incentives driving this transformation are substantial. The considerable money involved in ransomware criminal activity, combined with AI decreasing entry barriers into cybercrime, has attracted numerous new actors seeking profit. This has created a more complex and unpredictable threat environment that challenges traditional response strategies.

“On the loss settlement side, insurers must now navigate a more scattered landscape of threat actors,” Happ said. “The expansion has had a significant impact. Identifying hacker groups has never been easy, but in the past, we could more easily identify who we were dealing with. We knew the channels and how to reach them.”

The Protection Gap: Why Many Small Businesses Aren’t Buying Coverage

Despite the escalating threat environment, the adoption of cyber insurance among small to midsize businesses remains surprisingly low. A recent Munich Re survey found that more than 70% of small to midsize businesses in the US do not have cyber insurance in place, creating what industry experts characterize as a significant protection gap.

This disconnect becomes even more pronounced when considering the potential impact of cyber incidents on smaller organizations, which typically have fewer resources to recover from attacks compared to larger enterprises.

“From a reinsurer perspective, we see losses on the rise and becoming more costly for the insurance industry as a whole, which underlines the value of cyber coverage,” Happ said. “Cyber continues to be a threat that is difficult for businesses to predict and poses a significant risk.”

Research into the underlying causes of this protection gap has identified three primary factors that may explain why small to midsize businesses do not have cyber insurance.

The first factor is simple awareness. Many business owners may not realize that insurance protection is available for cyber risks, or they may not understand that such coverage is critical for their operations.

The second factor relates to product comprehension. Cyber insurance is a relatively complex product that requires specialized knowledge to explain it and transfer that knowledge effectively.

“The cyber coverage might be too complex to understand, which is why companies aren’t buying it,” Happ said. “Consequently, agents might not be pushing it because the product requires specialized knowledge and cannot be easily handled in the normal insurance purchasing process.”

The third factor involves risk perception – perhaps the most fundamental challenge in the market. Unlike traditional risks such as fire or theft, cyber risks can appear abstract and difficult to quantify.

“One hypothesis is that cyber risk is intangible compared to a risk like fire,” Happ said. “The risk of fire affecting your business is simple to imagine. It is much harder to imagine how customer data might become inaccessible, production data encrypted, or external software you rely on, such as payment processing, becoming non-operational.”

This perception challenge is compounded by the prevalence of basic technical security solutions. Many business owners feel adequately protected because they have purchased cybersecurity software. The State of SMB Cybersecurity in 2024 reveals that 94% of small to midsize businesses have experienced at least one cyberattack.

“People feel protected because they’ve purchased a cybersecurity solution that they believe ‘protects everything,'” Happ said. “When an agent brings up the topic and people don’t see the risk, it becomes a difficult conversation. You cannot sell an insurance policy if people don’t completely understand the risk.”

Building the Foundation for Effective Education

Successfully addressing the cyber insurance protection gap requires a multi-layered approach that begins with education but extends to fundamental changes in how the industry approaches product development and distribution.

The challenge starts with agent and broker education. Insurance professionals need sufficient comfort with cyber risk concepts to engage in meaningful conversations with their clients about protection needs.

“You need a certain level of comfort to sell a product,” Happ said. “My feeling is, if you’re not able to communicate the value, customers will not trust your insurance purchasing advice. If you don’t understand the risk profile of your client, you can’t effectively discuss the topic.”

This education must be practical and scenario-based. Agents need to understand not just the technical aspects of cyber risks, but how to translate those risks into concrete business impact terms that resonate with small to medium size business owners.

The product development side requires equal attention. For the cyber insurance market to achieve long-term sustainability, the products must be and remain relevant.

“For long-term sustainability, the product needs to be available and adequately address the protection needs of potential buyers and policyholders,” Happ said. “At Munich Re US, we are actively working to examine and address this topic, understanding what drives business owners’ purchasing behaviors and which products will best help mitigate their cyber risk.”

Data and insights play a crucial role in this educational process. Reinsurers like Munich Re US support the broader market by sharing loss trend information and risk assessment expertise with primary insurers, enabling more informed product development and distribution strategies.

“We use data to support the understanding of loss trends and share insights about our observations,” Happ said. “When we discuss with insurers how the loss environment is changing and what that means for our cedants’ portfolios, it helps our clients provide cyber protection in the long term.”

The market maturation process requires coordination across the entire ecosystem. Carriers, purchasers, agents, and data providers all need to develop expertise simultaneously to create a sustainable foundation for growth and to support the protection of an ever more-increasing digitized global economy.

“This is fundamentally about learning and market maturation,” Happ said. “The entire ecosystem is evolving simultaneously – carriers, purchasers, and data providers all gaining experience together.”

Looking ahead, the cyber insurance market faces both significant challenges and substantial opportunities. As AI continues to transform the threat landscape and business dependence on digital systems deepens, the need for comprehensive cyber protection will only grow.

“The resiliency aspect and availability of insurance are very important for a sustainable market,” Happ said. “We are committed to making cyber insurance available in the market.”

For insurance professionals and business owners ready to address the evolving cyber risk environment, the key lies in building a foundation of mutual understanding that translates complex digital risks into concrete business protection strategies.

To learn more about Munich Re US’ cyber insurance solutions, visit https://www.munichre.com/us-non-life/en/solutions/reinsurance/cyber-risk.html.

This article was produced by the R&I Brand Studio, a unit of the advertising department of Risk & Insurance, in collaboration with Munich Re US. The editorial staff of Risk & Insurance had no role in its preparation.

Munich Re, and its family of companies, has been a leader in risk for more than 100 years. We are spearheading innovation to deliver competitive advantages for our clients every day and disrupting on our own terms to reimagine the world of risk itself. Munich Re Specialty is a description for the insurance business operations of affiliated companies in the Munich Re Group that share a common directive to offer and deliver specialty property and casualty insurance products and services.

New Jersey WCMCO vs MCO

The importance of care direction and the provider network.

By: Horizon Casualty Services, Inc. | September 2, 2025

Workers’ compensation is designed to provide medical care and wage replacement to employees who suffer job related injuries or illnesses. In New Jersey, workers’ compensation is regulated by the Division of Workers’ Compensation under the Department of Labor and Workforce development.

A critical component of a successful workers’ compensation system lies in how medical care is delivered and managed. This is where the distinction between a Workers’ Compensation Managed Care Organization (WCMCO) and a traditional Managed Care Organization (MCO) becomes especially important. Horizon Casualty Services (HCS) is an affiliate of Horizon Blue Cross Blue Shield of New Jersey; however, the product that HCS delivers to its clients – a robust occupational health network – is different than the medical products that Horizon Blue Cross Blue Shield of New Jersey delivers to its members.

A WCMCO is specifically designed to address the unique needs of the workers’ compensation system. A traditional MCO operates in the group insurance space focusing on providing access to routine and preventive care and managing complex health care needs in the right setting, while a WCMCO is structured around the effective and appropriate management of occupational injuries. A WCMCO focuses on timely treatment, appropriate return to work strategies, and regulatory compliance within the workers’ compensation framework. While both types of organizations manage provider networks and oversee care delivery, a WCMCO must adhere to different standards and legal obligations specific to workplace injuries. A WCMCO must focus solely on the claimant’s injury and not take into consideration the claimant’s other health conditions.

Provider networks play a pivotal role in the effectiveness of the overall workers’ compensation process. These networks are composed of physicians and specialists experienced in occupational medicine and trained in the documentation and protocols necessary for managing work related injuries. HCS partners with providers on education, a critical component to maintaining its prominent status in New Jersey. Using specialized oversight strategies also ensures providers meet performance benchmarks. This includes regular quality audits, outcome tracking, adherence to evidence-based guidelines such as ODG, and prompt communication with all parties involved in the claim.

WCMCOs focus on return-to-work outcomes, or the complexities of workers’ compensation claims management. The HCS provider network has been cultivated over the last 30 years to streamline and identify the best occupational health providers in New Jersey. HCS established and maintains its own Outcomes Focused Network (OFN) which ensures claimants will receive optimal care.

Heidi Coluni, Director of Provider Network Services, HCS

Heidi Coluni, Director of Provider Network Services, HCS, added “When I joined the organization almost 5 years ago, I did not realize how different a WCMCO operates from an MCO and the utmost importance of having the right provider in place the very first time an injured worker is seen. The OFN that my team has built over the years under Maura Berger, RN, ensures that our clients have access to not only providers, but access to providers who understand the difference between an injured worker and an insurance member.”

“I quickly learned that it’s nearly impossible to treat an injured worker like a member, so I dropped my MCO mindset,” Coluni added.

One of the most important advantages of having the right provider network in place is the ability to direct care from the outset of a claim. In New Jersey, employers have the right to choose the treating physician for workers’ compensation claims. This means that if a robust and high-performing provider network is already established, the employer or insurance carrier can quickly direct the injured worker to a highly qualified, in-network physician who specializes in occupational injuries. The early intervention is critical for several reasons:

1) Getting the injured worker to the right doctor early improves diagnostic accuracy and treatment outcomes. A provider familiar with work-related injuries will not only treat the condition effectively but will also be equipped to assess work restrictions and recovery timelines.

2) Early and appropriate care can reduce the likelihood of complications or delayed recovery, which in turn lowers the cost of the claim.

3) Timely and transparent communication from the provider helps claims adjusters make informed decisions quickly, preventing administrative delays and ensuring that benefits are delivered without unnecessary interruptions. Collaborating with providers ensures that notes are delivered promptly, and causality statements are clear right from the start.

Moreover, the direction of care at the beginning of the claim helps establish a framework for consistent, goal-oriented treatment. With the right providers in place, treatment plans are more likely to align with return-to-work goals and avoid unnecessary procedures or referrals. This coordination promotes accountability between workers, employers, and insurers.

The structure and oversight of medical provider networks are essential components of the workers’ compensation system in New Jersey. By leveraging the strengths of a well-managed provider network, employers and insurers can ensure that injured workers receive prompt, effective care from the right specialists. This early direction of care not only enhances recovery outcomes for the injured workers but also contributes to the overall success and efficiency of the workers’ compensation claim process. HCS is well poised to offer its workers’ compensation clients and prospective clients a network of professionals focused on occupational health throughout New Jersey.

For More Information

To learn more, email Jed Hoban, HCS Business Development Executive, at [email protected] or visit or visit https://www.horizonblue.com/horizoncasualty/.

About Horizon Casualty Services, Inc.

HCS, in business since 1994, is a leading PPO in New Jersey WC and PIP. HCS has a 100% direct-contracted provider network that includes almost all New Jersey acute care hospitals. The network delivers significant overall savings and, with its deep focus on precision, an extremely low appeals rate. Its PPO results, combined with its Healthcare Value Strategy and Outcomes Focused Network, enable insurers to be the best at delivering quality medical care to claimants at the right cost — clearly a win-win for all. HCS and Horizon Blue Cross Blue Shield of New Jersey are independent licensees of the Blue Cross and Blue Shield Association.

This article was produced by the R&I Brand Studio, a unit of the advertising department of Risk & Insurance, in collaboration with Horizon Casualty Services, Inc. The editorial staff of Risk & Insurance had no role in its preparation.

Horizon Casualty Services Inc., an affiliate of Horizon Blue Cross Blue Shield of New Jersey, in business since 1994, is a leading PPO in New Jersey workers' compensation and personal injury protection. The company's 100% direct-contracted provider network includes almost all New Jersey acute care hospitals, significant overall WC savings and, with its deep focus on precision, an extremely low WC appeals rate of 0.2%. Its PPO results, combined with its WC healthcare value and OFN strategy, enables insurers to be the best at delivering quality medical care to claimants at the right cost — clearly a win-win for all.

Conversations from PLUS. Zurich’s Japhet Boutin Discusses EPLI and Her Conference Role

Unlocking the Impact of Effective Medical Case Management

How Underwriting and Claims Are Reshaped by AI in Insurance — and How They Stay the Same

Mosaic Insurance Taps Karen Reilly and David Barr to Lead U.S. and International Business Growth

Sponsored: Munich Re

The Growing Cyber Threat: How AI is Fueling Attack Frequency and Why Most Small Businesses Remain Unprotected

The AI-Powered Surge in Cyber Attacks

The Protection Gap: Why Many Small Businesses Aren’t Buying Coverage

Building the Foundation for Effective Education

Share this article!

Trending Stories

Conversations at PLUS: Nine Questions for Jeff Kulikowski of Westfield Specialty

Liberty’s Jean-Christophe Garaix on the Evolution of Parametric Insurance

Elevated Buildings: Educating Clients on What’s Covered and What’s Not

Aroo Sivasubramaniam Discusses Resilience and the Insurance Gap with Risk & Insurance

More from Risk & Insurance