Ever‑Evolving Cyber Threats: How Agents Play a Critical Role in Alerting Clients

• By: Olivia Overman
• October 6, 2025

Over two‑thirds (69%) of U.S. firms in Hiscox’s “Cyber Readiness Report 2025” reported an increase in the number of times their organization experienced a cyberattack in the past 12 months. As a result, U.S. business leaders consider cyberattacks and data breaches to be a bigger threat to their organizations than skills shortages and bankruptcy, according to the report.

“Businesses today face more sophisticated, scalable and interconnected risks than ever, with attackers automating across the entire cyberattack process,” says Shawn Ram, chief revenue officer, Coalition. “By using botnets, for example, cyber attackers can scan the internet for vulnerable systems to subsequently attack and compromise.”

“Ransomware‑as‑a‑service (RaaS) platforms can also be used to deploy more attacks, scaling the number of potential victims exponentially,” he says.

In 2024, the global average cost of a data breach to companies reached $4.8 million, a 10% increase from 2023 and the highest increase since the pandemic, according to the “2024 IBM Cost of a Data Breach” report. The average cost in the U.S. exceeded this number, reaching $9.3 million per breach, according to a KnowBe4 report.

Today, businesses throughout the U.S. continue to be challenged by the changing nature of the risks they are facing. “In the U.S., businesses of all sizes are seeking coverage, prompting carriers to offer the same expertise we’ve provided to large firms for years to small‑ to medium‑sized businesses,” says Rachel Rossini, head of mid‑market, cyber, AXA XL. “While premiums are stabilizing, companies must meet stricter underwriting standards and demonstrate strong cybersecurity practices to qualify for coverage.”

The cyber insurance market continues to respond through monitoring, support and adaptation to the ever‑changing threats.

“There’s no doubt that we have a very fast‑evolving threat landscape that moves at an unprecedented rate,” says Michelle Waldron, vice president of cyber services, Beazley Security, Beazley’s wholly owned cybersecurity firm. “And that requires cyber insurance to remain dynamic and adaptable because the threats do come up without much warning.”

“Almost every type of company is susceptible to almost any type of cyber loss, and it means that insurance can no longer only focus on providing financial support—it needs to address the evolving nature of risk,” Waldron explains. “That’s why cyber insurance needs this full spectrum approach that continuously analyzes risk and also helps businesses with the controls.”

Independent agents play a key role in helping clients understand the major cyber threats they could face—and why cyber insurance can no longer be considered optional coverage.

“It used to be that companies were worried about being a direct target, where threat actors would pick a company, research it, and attack that company,” says Patricia Kocsondy, head of global cyber digital risks, Beazley. “Then it evolved to using automated scanning to discover companies with exploitable vulnerabilities that would be an easy hit. It was a ‘low‑hanging fruit’ type of method. Then, we started to see a series of vendor attacks on companies that the policyholder was dependent on or had contracts with, so we see threat actors now using vendor attacks to reach a wider range of targets.”

“Many companies may rely on third‑party providers or outsource IT companies to manage their security for them,” Kocsondy explains. “Now that third parties have also become the avenue of attack, then it really points out the extent to which ordinary companies can be at risk.”

Agents also play a key role in alerting clients to the fact that “generative artificial intelligence (AI) has made phishing attempts more tailored, and email attacks have become more difficult to spot because they are free of the grammatical errors and generic language that used to serve as red flags,” Ram says. “New threats like vishing—voice phishing—and deepfakes are harder to prevent.”

Additionally, cyber warfare is playing a role. “Nation states are increasingly involved in cyber espionage, sabotage and infrastructure attacks, especially against critical sectors like energy, finance and health care,” Rossini says. “It’s not just about individual hackers anymore; these are often well‑funded, highly organized operations.”

A cyber‑aware culture can ensure that clients understand that “the cyber policy is a support at the end of the day to a landscape that changes so frequently,” Waldron says. “Insurers are leveraging the way we communicate and how frequently we communicate with policyholders and agents with the goal of helping an agent to educate their client base, particularly if there is a vulnerability or an advisory that will actually result in a loss.”

“Carriers are leveraging the tools and resources of security partners by hiring personnel that are highly trained in this area so that they can engage thoughtfully throughout an entire policy year with education and preventative and mitigation techniques,” Waldron explains. “That’s what makes having a full spectrum approach to cyber insurance so unique.”

Olivia Overman is IA content editor.