AI-Powered Cyberattacks 2026: Underwriting and Coverage Implications for Indian Corporates

Cyber risk has topped the global business-risk rankings for five consecutive years, and in 2026 it does so with its highest score on record. The Allianz Risk Barometer 2026 placed cyber incidents at the top with 42 percent of responses, but the genuinely new development is what sits at number two: artificial intelligence, the single biggest mover in the survey's history, leaping from tenth place to second on 32 percent. The two are not separate concerns. The reason AI rose so sharply is, in large part, that AI is now an attack accelerant, and the reason cyber scored so highly is that AI has made attacks faster, cheaper, more convincing, and harder to detect.

The mechanics matter for underwriters because they change the loss profile, not just the headline threat. Allianz reported a 300 percent increase in AI-driven malware in the first quarter of 2026 alone, and described attackers using agentic AI to automate the hacking lifecycle, compressing the time from initial entry to encryption from days down to minutes. That compression is the underwriting story. A defender that previously had days to detect lateral movement and isolate systems may now have minutes, which raises both the probability that an intrusion becomes a full encryption event and the severity when it does. Ransomware already accounted for around 60 percent of the value of large cyber claims (those above one million euros) in the first half of 2025, and AI-accelerated intrusion makes that severity tail fatter.

For Indian corporates the exposure is concentrated and rising. India's threat volume is enormous: security vendors detected hundreds of millions of malware incidents across Indian endpoints in 2024, including over a million ransomware detections, and India's BFSI sector alone has been absorbing cyberattacks at roughly 1.6 times the global average, with incident counts climbing from about 1.4 million in 2021 toward the multi-million range by 2025. The first half of 2024 saw a reported 175 percent surge in phishing attacks targeting the Indian financial sector year on year, a curve that AI-generated content has only steepened. Healthcare, hospitality, and BFSI together contributed well over half of all detected attacks. These are precisely the sectors that buy, or should buy, cyber cover, and precisely the sectors where underwriters are sharpening their questions.

The sentiment data confirms the shift in posture. By early 2026, around 76 percent of Indian CISOs ranked AI-enabled cyberattacks as a top priority, and roughly 83 percent of organisations were integrating AI into their own defensive operations. This is an arms race, and underwriters know it. The implication for risk managers and brokers is that the AI-driven attack vector is no longer an emerging-risk footnote; it is the central variable shaping how cyber risks are assessed, priced, and conditioned in FY2026-27. Understanding how insurers translate this threat into questions, controls, triggers, and exclusions is now core to placing cyber cover competently in India.

To understand the underwriting response, it helps to be precise about how AI changes attacks rather than treating it as a vague intensifier. There are four distinct shifts, each of which maps to a different part of the underwriting assessment.

The first is scale and automation. Traditional attacks required human effort at each stage: reconnaissance, crafting lures, exploiting access, moving laterally, and executing the payload. AI automates these steps, lowering the technical barrier so that less-skilled actors can run sophisticated campaigns, and allowing skilled actors to run far more campaigns in parallel. Underwriters read this as a higher base frequency of attempts against every insured, which raises the importance of automated, machine-speed defences rather than human-paced response.

The second is quality of social engineering. Generative AI produces phishing emails, voice messages, and chat content that are fluent, contextually accurate, and free of the spelling and tone errors employees were trained to spot. For Indian corporates this defeats a control that organisations historically leaned on heavily, namely awareness training that taught staff to notice that a message felt off. Underwriters now treat awareness training as necessary but no longer sufficient, and look for technical and procedural controls that do not depend on an employee's gut instinct.

The third is deepfakes and synthetic identity. Convincing audio and video impersonation of executives, vendors, and counterparties is now affordable, enabling fraudulent payment instructions, fake approvals, and impersonation during incident response. This is the vector behind a wave of fund-transfer fraud where an employee receives what appears to be a genuine instruction from a senior leader. Underwriters respond by probing payment-authorisation controls and out-of-band verification, because the technical perimeter may be intact while the human and process perimeter is breached.

The fourth is speed of the kill chain. Agentic AI that automates intrusion-to-encryption collapses the defender's window. Underwriters increasingly distinguish between insureds that can detect and contain at machine speed, through endpoint detection and response with automated isolation, network segmentation, and tested incident-response runbooks, and those relying on manual review and business-hours staffing. The latter now look materially worse on severity.

What underwriters model, then, is a risk where frequency is up across the board, where the controls that matter have shifted from awareness toward technical automation and procedural verification, and where the severity tail is fatter because intrusions convert to encryption faster. This translates into a more granular submission process. Insurers want to know not merely whether controls exist but how they are configured, whether they cover the whole estate, and whether response is rehearsed. The era of a short cyber proposal form and a soft-market price is over for AI-exposed sectors. A broker who understands this can prepare a client's submission to answer the questions before they are asked, which is the single biggest lever on both terms and capacity.

The clearest signal of how seriously insurers take AI-driven attacks is the control stack they now require, often as a precondition of cover rather than a discount. Each control maps to a specific AI-amplified threat, and brokers should be able to explain that mapping to clients so the requirements read as risk management rather than box-ticking.

Multi-factor authentication (MFA) is the baseline. Because AI-generated phishing reliably harvests credentials, passwords alone are no longer a defensible boundary. Insurers increasingly require MFA not just for remote access and email but for privileged accounts, administrative consoles, and access to critical systems. Gaps in MFA coverage, such as legacy systems or service accounts that bypass it, are exactly where underwriters probe, because attackers using automated tooling will find those gaps faster than ever.

Endpoint detection and response (EDR), increasingly extended detection and response, is the answer to the compressed kill chain. When intrusion-to-encryption can happen in minutes, human monitoring cannot keep pace; EDR with automated containment can isolate a compromised endpoint at machine speed. Insurers want to know whether EDR is deployed across the whole estate, whether it is monitored around the clock (in-house or through a managed service), and whether automated response is enabled rather than alert-only.

Email security is the front line against AI-crafted lures. Because the content quality of phishing now defeats human detection, insurers look for technical email controls: anti-phishing and anti-spoofing protections, domain authentication, attachment and link sandboxing, and inbound filtering tuned for impersonation. The logic is explicit: if employees can no longer be relied on to spot a fake, the fake must be stopped before it reaches them.

Employee verification for fund transfers is the procedural control aimed squarely at deepfakes and business-email-compromise. Insurers, and crime or social-engineering extensions in particular, increasingly require documented out-of-band verification of payment instructions, dual authorisation above thresholds, and call-back procedures using independently held contact details rather than details supplied in the suspect request. For Indian corporates running high-volume vendor payments, this is often the single most important control against deepfake-enabled fraud.

Beyond these four, insurers commonly require segregated and tested offline or immutable backups (so ransomware cannot destroy recovery options), network segmentation and least-privilege access (to slow lateral movement), prompt patching of internet-facing systems and known-exploited vulnerabilities, and a tested incident-response plan with named external counsel and forensics partners. For Indian corporates, alignment with CERT-In directions on incident reporting and log retention also matters, because demonstrable regulatory readiness reassures underwriters that response will be orderly.

The practical point for brokers is that this stack is now the price of entry to the cyber market for AI-exposed sectors, not a route to discount. A client missing core controls may face declinature, sub-limits, coinsurance, or steep retentions rather than a higher premium alone. The broker's job is to map the client's actual posture against this stack early, identify and help remediate gaps before marketing, and present the control story in a way that lets underwriters say yes.

Once cover is in place, the operative question is whether and how an AI-driven loss triggers it. This is where careful wording analysis earns its keep, because the same incident can land in very different parts of a cyber programme depending on the attack vector and the policy's definitions.

A conventional AI-accelerated ransomware event generally engages the core grants of a cyber policy: incident-response and breach costs, cyber extortion (the ransom and negotiation costs, where payable and lawful), business interruption for the income lost during downtime, data restoration, and any third-party liability for affected data subjects. The fact that AI made the intrusion faster does not change the trigger; an unauthorised access and a security failure occurred, and the policy responds. The AI angle mainly affects severity, which is why business-interruption waiting periods, indemnity periods, and sub-limits deserve close attention for Indian corporates whose downtime costs can escalate quickly.

Deepfake-enabled fund-transfer fraud is the harder case, and the one most likely to surprise an unprepared insured. When an employee is deceived by a synthetic voice or video into authorising a payment, the direct financial loss is often not a classic cyber loss at all. There may have been no breach of network security; the systems worked, and a person was manipulated. Whether the loss is covered typically depends on a social-engineering fraud extension, a fraudulent-instruction or funds-transfer-fraud grant, or a crime policy, each of which usually carries its own sub-limit, conditions, and verification warranties. A standard cyber policy without these extensions may not respond to the stolen funds at all, even though it would respond to a data breach arising from the same intrusion. Brokers must make this distinction explicit to clients, because the assumption that the cyber policy covers any AI-enabled financial loss is both common and wrong.

Third-party liability and regulatory exposure form another layer. An AI-driven breach that exposes personal data can trigger liability to affected individuals and regulatory costs, which in the Indian context is increasingly shaped by the Digital Personal Data Protection framework and CERT-In obligations. Coverage for regulatory investigation costs and any penalties (where insurable) should be confirmed, as should media-liability and reputational-harm grants where deepfakes target the insured's brand directly.

A further nuance is the question of attack attribution. Cyber policies carry war and hostile-act exclusions, and some carry infrastructure or systemic-event language. Sophisticated AI-driven attacks are sometimes attributed to state-linked actors, which can put an insurer in a position to argue an exclusion. The wording of these exclusions, and any carve-backs for cyber operations that fall short of war, has become a genuine point of difference between markets in 2026, and a clause that looks boilerplate can decide whether a large claim is paid. Indian risk managers placing significant cyber limits should treat the war and systemic-event language as a negotiated term, not an afterthought, and should understand exactly how their chosen market reads it.

Pricing in 2026 reflects a market that has matured out of the chaotic hardening of earlier cyber cycles into a more disciplined, controls-based equilibrium, with AI as the variable now pushing in the opposite direction to the underlying softening. The net effect for any given Indian corporate depends almost entirely on its control posture and sector.

The broad market backdrop is that cyber pricing globally has been more stable and in places softening from the peaks of the hard market, as capacity returned and loss ratios improved on the back of stronger controls. Against that backdrop, AI-driven threat escalation is a counterweight that keeps underwriters disciplined and prevents a wholesale return to soft-market terms for exposed risks. Indian corporates therefore see a bifurcated market: well-controlled, lower-risk buyers can achieve competitive terms and rising capacity, while poorly controlled or highly exposed buyers in heavily targeted sectors face flat-to-rising pricing, tighter conditions, and harder negotiations.

Sector is a major rating factor. BFSI, healthcare, hospitality, and IT and digital-services firms attract the most underwriting scrutiny because they are the most attacked and hold the most sensitive or monetisable data. For these sectors, underwriters price not just the probability of an attack but the severity profile shaped by AI-accelerated kill chains and the regulatory consequences of a breach. A mid-market Indian manufacturer with a smaller data footprint and good controls presents a very different risk from a private hospital chain handling large volumes of patient data, and pricing reflects that gulf.

Control quality is the dominant lever within a sector. The presence, completeness, and configuration of MFA, EDR, email security, tested backups, and payment-verification procedures move pricing more than almost any other factor. Underwriters increasingly use external scanning and security ratings to validate self-reported controls, and discrepancies between the proposal form and the scan are a fast route to harder terms or declinature. For brokers, this means the submission must be accurate and evidenced; an aspirational control story that the scan contradicts damages credibility and price.

Structure also shapes the economics. Retentions (deductibles) have risen and are used by underwriters to share severity risk, particularly for ransomware and business interruption. Sub-limits on cyber extortion, social-engineering fraud, and systemic events are common, and Indian corporates should size their limits against realistic loss scenarios rather than nominal figures. Coinsurance on ransomware payments and waiting-period structures on business interruption further tune the risk transfer. A broker structuring an FY2026-27 cyber programme should model these levers together, because the headline premium is only one part of the total cost of risk.

The constructive message for clients is that pricing is now substantially within their control. Investing in the required control stack does more than satisfy underwriters; it materially reduces both the probability and severity of an AI-driven loss, which is the basis on which insurers reward the buyer with better terms and broader cover. The broker who frames the renewal as a controls-and-evidence exercise rather than a price negotiation consistently delivers better outcomes.

Placing cyber cover well in 2026 is a process of anticipation: knowing the questions underwriters will ask about AI-driven risk, assembling the evidence in advance, and structuring the programme so that the most likely AI loss scenarios are actually covered. The following plan turns the preceding analysis into a sequence brokers and risk managers can execute for an FY2026-27 renewal.

Start with a controls gap assessment against the core stack: MFA across remote access, email, privileged and administrative accounts; EDR or XDR across the whole estate with automated containment and round-the-clock monitoring; technical email security against AI-crafted phishing and impersonation; segregated, tested, immutable backups; network segmentation and least-privilege access; prompt patching of internet-facing and known-exploited vulnerabilities; and a tested incident-response plan with named forensics and legal partners. Identify gaps early enough to remediate before marketing, because remediation before renewal is worth far more than explanation during it.

Give specific attention to the deepfake and fund-transfer vector, because it is both fast-growing and frequently uncovered. Confirm that documented out-of-band verification, dual authorisation above thresholds, and independent call-back procedures are in place, and then confirm that the programme actually contains a social-engineering or fraudulent-instruction grant with a sub-limit sized to the client's real payment exposure. A client that runs large vendor payments without this grant has a material, often invisible, gap.

Then scrutinise the wording, not just the schedule. Read how the policy defines the triggering events, how business-interruption waiting periods and indemnity periods are set, what the cyber-extortion and social-engineering sub-limits are, how regulatory costs and penalties are treated under the Indian data-protection regime, and, critically, how the war, hostile-act, and systemic-event exclusions are drafted and whether they carry carve-backs for cyber operations short of war. In a year when serious attacks may be attributed to state-linked actors, this exclusion language can determine whether a large claim is paid, and it varies materially between markets.

Finally, build the submission as a risk-quality narrative. Present the control stack with evidence, address the AI-driven threats the client faces by sector, demonstrate regulatory readiness on CERT-In reporting and data protection, and pre-empt the external scan by ensuring self-reported controls match reality. Underwriters reward an applicant who clearly understands its own AI exposure and manages it, with both better pricing and broader cover.

Comparing how different insurers define cyber triggers, scope social-engineering and deepfake fraud, and draft their war and systemic-event exclusions is exactly the wording-level work that decides whether an AI-driven claim is paid, and it is difficult to do at scale across a market. Sarvada gives commercial insurance brokers structured, searchable access to insurer cyber wordings so they can compare triggers, grants, sub-limits, and exclusions side by side and build AI-aware cyber programmes that hold up when a claim arrives. Brokers who want to sharpen their cyber placements for the AI-driven threat landscape can Request Access to evaluate the platform for their practice.