AI, Deepfakes, and Data Suppression Redefine Cyber Risk in 2026

As we approach 2026, Resilience’s latest cyber risk report delivers a stark forecast for claims adjusters, insurers, and risk professionals: artificial intelligence is not only transforming cyber threats but also magnifying their impact, speed, and scale. From deepfakes indistinguishable from real video to fully automated social engineering campaigns, attackers are increasingly leveraging AI to bypass human and technical defenses. Claims professionals should anticipate an influx of incidents involving impersonation, privacy violations, and AI-enabled vulnerabilities—especially as internal misuse and third-party risks grow.

Perhaps most urgent for adjusters is the evolution of ransomware tactics. Traditional encryption-based schemes are giving way to data suppression and hybrid extortion models that target not only direct victims but also subsidiaries, vendors, and customers. These attacks cause ripple effects across operational and reputational domains, making recovery far more complex. This shift demands a revised understanding of claim severity and policy adequacy, especially as insurers face growing pressure to define coverage boundaries in the AI era.

Litigation is becoming a near-certainty after every incident, with the plaintiff’s bar exploiting both modern privacy statutes and archaic legal tools to pursue claims. Legal defense and operational disruptions are now the primary cost drivers of cyber claims, with longer tail risks becoming the norm. Underinsurance, driven by mismatched risk quantification and limited policy structures, is emerging as a governance red flag. Claims adjusters must be prepared for the long haul—from breach notification to courtroom defense.

The insurance industry is also undergoing major transformation, with AI risks increasingly shifting into cyber and Tech E&O policies amid a soft market. This coverage migration, combined with ambiguous policy wording and rising regulatory uncertainty, complicates underwriting and claims adjudication. Adjusters will need to navigate more nuanced scenarios, where lines between technology failure, human error, and malicious action blur.

Third-party risk remains a critical blind spot, with centralized vendors becoming prime targets. Adjusters must be equipped to assess not only direct losses but also cascading operational impacts. As CISOs shift from a prevention mindset to one centered on resilience, claims professionals must follow suit—anticipating complex, layered losses and developing frameworks for rapid, coordinated response. The 2026 cyber landscape calls for proactive claims strategies that account for AI-driven threats, evolving legal exposures, and the growing imperative for operational continuity.