Ransomware has always been a moving target but is now entering a period of volatility unlike anything we've seen before. Tactics are shifting rapidly, tools are becoming more sophisticated and more widely available, and the threat-actor landscape is splintering into a chaotic mix of groups, affiliates and opportunistic newcomers. For insurers, this fragmentation and instability is rewriting assumptions about predictability, frequency and severity.

To understand why ransomware feels more volatile than ever, it's important to start with how organized these operations once were. Historically, major threat groups behaved with a degree of predictability. Their operations had a clear methodology and often resembled a supply chain. One group identified or acquired a zero-day vulnerability; another specialized in gaining credentials and access to victims' networks; a ransomware group purchased that access and deployed their malware; and another entity handled negotiations, payment facilitation and hosting on data-leak sites. While criminal, these actors operated within consistent roles.

Today, that methodology and structure has fractured. Law-enforcement pressure, internal disputes and simple profit incentives have splintered once-dominant ransomware groups. Nowadays there is not just one geography or one group that's doing everything from start to finish. It's now a combination of parties. Coupled with this, their tools, particularly the ransomware variants themselves, have leaked into the wild or been deliberately sold off. As a result, sophisticated malware that was once tightly controlled is now available to operators with minimal skill. Cheaper, less advanced variants such as Dharma and Crysis proliferate broadly, while more refined strains like Akira or LockBit remain selectively distributed, but even those find their way to multiple groups.

This "plug-and-play" ecosystem means that a threat actor with little technical capability can now operate at a level previously reserved for elite cybercriminals. The result is a wave of attacks that are increasingly unpredictable in both frequency and quality. Some are clumsy and quickly detected, while others unfold with alarming precision.

At the same time, attackers have become far more agile once inside an environment. Earlier ransomware operations often unraveled when attackers encountered unexpected security controls. Today, threat actors pivot rapidly. If endpoint detection and response (EDR) tools block one path, adversaries switch tactics, attempt to disable protections or even infiltrate the security tools themselves.

In a recent Akira-related incident, adversaries gained access to a victim's SonicWall EDR environment, used it to disable protections across the entire network and maintained persistent access. A lesser threat actor would have been stopped at the first hurdle. Today's operators adapt with remarkable speed.

This agility is compounded by AI-driven malware development. Threat actors are now capable of generating malware tailored to a victim's specific security gaps. By feeding reconnaissance data into AI coding engines, attackers can produce bespoke code that evades detection. As a result, EDR tools lose some of their efficacy, and traditional antivirus can become entirely ineffective.

AI-generated phishing is also affecting attacker capability. Previously, many phishing attempts were identified by grammar and spelling errors. Today, threat actors can generate credible, fluent communications that mimic native language use, making social engineering exponentially harder to detect. The potential for automated scaling, for example one threat actor deploying hundreds or thousands of simultaneous phishing attempts, also poses a challenge.

While tools and execution are evolving, so too are the extortion tactics, with threat actors now using multifaceted pressure strategies. When improved backups reduced victims' need for decryption keys, threat actors began stealing data and threatening to leak it and cause reputational harm. And when regulators and law enforcement discouraged companies paying for data deletion promises, promises criminals often broke anyway, attackers escalated further.

Recent incidents also show threat actors emailing victims' employees and customers directly, claiming the organization "does not care about your data," or triggering every printer in an organization to output ransom notes - ensuring employees, customers and potentially the media know about the breach. Even more concerning is a trend toward re-attacks, where threat actors revisit a network weeks after an incident to exploit newly discovered gaps and re-encrypt systems, leveraging continuing disruption as a negotiation tool and providing incentives to victims to pay the ransom.

This evolution raises the stakes for incident response and negotiation. Speed, visibility, and technical capability are more critical than ever - and so is insurer preparedness.

For insurance and risk professionals, several priorities stand out in this new environment.

1. Baseline controls are still non-negotiable

Multifactor authentication, managed EDR and reliable offline or immutable backups remain the strongest defenses against ransomware and help to ensure business continuity. These controls buy the time and visibility needed to detect intrusions early and recover without paying a ransom. But they must be properly managed. Too many insureds deploy security tools without the professional oversight required for them to function effectively, just to satisfy an underwriting requirement.

2. Deploy advanced protections

Beyond baseline controls, insureds should also adopt least-privilege models, zero-trust architectures and AI-enhanced security tools that dynamically detect "known good" and "known bad" behavior. Historically, organizations avoided these approaches due to complexity, but modern implementations are increasingly manageable and fill critical gaps left by traditional defenses.

3. Prepare for negotiation scenarios that are more aggressive and less predictable

Extortion is no longer a one-dimensional threat. Insurance companies must partner with response teams experienced in managing multi-vector pressure tactics, from public-facing harassment to second-wave attacks. These partners are capable of advising clients through highly fluid situations.

The ransomware landscape is transforming rapidly, driven by fragmentation, automation and unprecedented agility among threat actors. For insurers and their insureds, adaptability is now a core competence. Those who evolve their incident-response strategies alongside the threat landscape will be far better positioned to protect both their clients and their own business.

Residents don't want to search high and low for protection; they expect it to appear where it's most relevant. Insurance has always been about confidence, but during a digital buying journey, confidence depends on timing, relevance, and the ease with which protection blends into the experience itself.

That expectation is reshaping strategy across the industry. The State Of Embedded Insurance 2024 found that 94% of insurers view embedded insurance as a critical part of their future strategy. It's clear that insurers are no longer treating embedded insurance as only a distribution tactic but are treating it as a customer experience (CX) function.

Embedded insurance isn't new. What is new is the maturity of the technology and partnerships behind it. The next step is deepening trust and reducing friction at the emotional peaks of the journey.

TWO MOMENTS THAT MATTER THE MOST

In CX, timing is everything. Embedded insurance delivers its biggest impacts at two places in the customer journey: at checkout and right after purchase.

At checkout, customers are already in decision mode. They're focused and ready to act. When protection is offered right there, without extra steps or redirects, it feels like a natural extension of the transaction, rather than a separate sale. Subtle integration is essential. Research from BCG found that "conversion rates for traditional insurers that have embraced this model are already higher than for separate insurance for the same products," reinforcing the power of being present at the right moment.

The second moment is right after purchase, when the customer starts using what they bought. That's when peace of mind kicks in and becomes tangible. Knowing they're covered from day one reduces post-purchase anxiety and builds trust between buyer and brand. This connection ties into measurable CX gains with higher engagement and improved retention.

These moments also help explain why embedded insurance is expanding so quickly. As smoother, better-timed experiences become the norm, adoption rises. The embedded insurance market is projected to grow from $143.88 billion in 2025 to more than $800 billion by 2032, a CAGR of 28%. This steep trajectory is fueled partly by higher conversion rates and growing customer preferences for protection that appears naturally within the journey.

INSURANCE THAT FEELS LIKE CARE, NOT COMMERCE

For embedded insurance to actually enhance the CX, it has to feel like part of the service. That starts with seamless integration: no pop-ups, no redirects, and no disruption. Protection should appear inside the same interface the customer already trusts.

Clarity matters just as much as placement, so straightforward pricing, quick activation, and simple-language explanations reduce the mental load that often accompanies insurance decisions. The experience also extends beyond the sale. Claims, renewals, and continuing support must feel as intuitive as the initial purchase; otherwise, trust gained in the beginning evaporates quickly.

Four levers determine whether embedded insurance feels like care:

• Timing: Arriving at the ideal moment in the right emotional window. Too soon and it's irrelevant; too late, and the customer has already mentally moved on. But hit that perfect moment and attention can quickly become willingness.
• Personalization: This revolves around contextual relevance and offering coverage that fits the user's situation without demographic stereotypes or generic add-ons.
• Speed: Instant activation reinforces confidence; waiting undermines the very safety insurance is meant to provide.
• Claims: The ultimate test. A smooth, low-effort claim can turn a customer into a word-of-mouth marketer.

For example, a tenant signs a new lease through a property management portal. They're immediately directed to a co-branded insurance portal to either purchase coverage or upload proof of an existing policy. The transition is simple. If purchasing in the insurance portal, the tenant can then select appropriate limits or choose coverage that protects their personal belongings. And if a pipe bursts after move-in, the tenant can upload a few photos through their digital account and submit a claim within minutes, guided through each step instead of navigating stressful paperwork alone.

These moments define the experience much more than policy language. When embedded insurance removes friction, both emotional and practical, it stops feeling like an upsell and starts feeling like protection. The impact is clear in customer metrics. A 2024 study found a 17-point increase in customer satisfaction with digital insurance claims, driven largely by improvements in the range of services offered on mobile apps and websites, as well as visual appeal. Clearly, showing up with the right design and at the right time can shape customer sentiment at critical moments.

CX LIVES OR DIES IN THE PARTNERSHIP LAYER

No insurer or platform can deliver embedded insurance on its own. And any embedded insurance experience can fall apart if the system behind it isn't prepared and aligned. CX is co-owned: the insurer, the distribution platform, and the underlying technology all shape the moment a customer is offered protection. The strongest partnerships don't feel like transactional business deals; they operate like shared problem-solving.

A BCG report says that "to make the most of their opportunities, insurers will need to support and collaborate extensively with their business partners to become the provider of choice." This means teams jointly determine where insurance should appear in a workflow and how it should feel when it does. Technology, design, and messaging must blend seamlessly with the platform's brand so that customers only see a single experience, not two companies stitched together.

All of this work happens long before the first customer sees an offer. During discovery, both sides typically map the data already available in the platform's journey, such as lease information and account details, to the minimum information an insurer needs to provide a quote. When this is done well, eligibility questions shrink, quoting steps become simpler, and drop-off decreases. Clearer language replaces legal jargon, and forms become shorter and more intuitive. This way, the partnership shapes the ease customers feel long before they think about making a claim.

Customers remember the experiences that remove fear, not the ones that add friction. So the next step for embedded insurance will come from insurers and platforms working in sync and designing for real human moments. The future of insurance hinges on making every step intuitive, predictable, and easy at every touchpoint.

One of the best ways for insurance agencies to grow is through acquiring or consolidating with another agency or book of business, especially since organic growth has softened. And many agency owners are finding that repeating the process – becoming serial acquirers – reaps strong benefits for their businesses if done correctly and effectively. Before heading down that path, it's important to understand the keys to making successful acquisitions and smart financing options.

General benefits of serial acquisitions

Regardless of the industry, serial acquisitions can provide the following advantages for the purchaser:

• Economies of scale – Serial acquisition allows overhead costs to be spread over progressively larger revenue streams. This advantage grows as the number of acquired firms increases.
• Instant revenue increases – With each new acquisition comes new revenue. These revenue increases can fund technology upgrades, enhance marketing efforts, and additional acquisitions.
• Higher company valuations - A Kearney study has shown that serial acquirers create greater shareholder value than companies pursuing fewer acquisitions. In addition, their success leads investors to assign higher values to serial acquirers.

Benefits specific to insurance professionals

In addition to the general advantages, there are several benefits of serial acquisition specific to the insurance industry:

• Ability to reach higher carrier bonus levels and higher commission levels – Most carriers offer incentives for agencies to meet certain levels of premium. With serial acquisitions, an agency can reach higher levels faster than through organic growth alone.
• Easier cross-selling and multi-lining – With multiple agencies connected through central ownership, clients can be offered new products and bundles, producing organic growth from inorganic growth.
• Immediate cash-based revenue – A buying agency takes on the predictable cash flows of the purchased business. With these liquid assets on hand, the buyer has more choices regarding how to continue growth and expansion.
• Access to talent – The shortage of new talent entering the insurance field is well documented. Serially acquiring other agencies allows a business to continually bring on experienced team members who can produce from day one. However, it's important that they also fit into the overall culture.
• Access to specialized knowledge and technology – Serial acquisitions are a great way to build up an agency's tech portfolio and expand into new service areas. With a careful eye to each target company's unique strengths, a serial acquirer can assemble a formidable agency with the ability to provide a wider range of services to a growing clientele.

Steve DeLuca, founder and owner of the DeLuca Agency, has successfully acquired more than 10 agencies. He advises agency owners who are just getting started with acquisitions to look at smaller agencies. As his company started to grow, he didn’t want anything “too big that could change the culture of our current business, and something that was not too difficult to roll into our book of business at the time.” Other key factors for good acquisitions, according to DeLuca are low loss ratios, profitability, and book rolls.

Seven keys to successful serial acquisitions

While there are many advantages of acquisitions (serial or individual), it's important to go into the process with one's eyes open. Not every acquisition opportunity is going to be a good fit, so it's wise to keep several points in mind when evaluating a potential acquisition target:

1. Foster cultural alignment - Adding more agencies to a portfolio is most successful when both have a similar workplace environment and are built on the same principles and goals.
2. Retain + maintain human capital - As mentioned previously, keeping talented employees on both sides of the acquisition should be a focus - those who can drive success and are flexible in a new environment.
3. Maintain strategic focus – An acquisition only makes sense if it fits with the agency's overall strategic focus.
4. Develop expertise – Acquisitions require specialized knowledge. If an agency is planning to pursue serial acquisitions, it's worthwhile to have a dedicated individual or team with the interest and knowledge to take the lead on investigating opportunities and structuring deals. DeLuca says: “You’ve got to have a mentor, someone that you can talk to, someone that can bring you through the process, because it can be very stressful. You’ve got to have a good attorney experienced in mergers and acquisitions. You’ve got to have your purchase agreements and all your forms in place, and you’ve got to have a good banker.”
5. Be willing to walk away – A deal that sounds great at the start may not look so good as time goes on. An agency owner needs to have the discipline to walk away from a deal that throws up red flags or doesn't prove to match the buyer's objectives.
6. Plan integration early – An acquisition is only successful if the companies involved integrate well after the sale. Plans for integration need to start early in the negotiations so there are no surprises when the companies come together.
7. Have a goal – Acquisitions should be part of an overall strategy for growth. Setting a goal for growth – e.g., $1 million in revenue per year – can help a buyer evaluate potential targets. This strategy avoids wasting resources on small fish as well as preventing becoming overwhelmed with targets that are too big to successfully integrate into the current business.

Financing options

Agencies with abundant liquid capital may choose to pay cash outright. However, that approach limits how much can be spent on other areas that drive growth (such as technology investments).

Loans from the Small Business Administration (SBA) are another option. With SBA loans, the borrower's personal assets are often used as collateral, and the paperwork for approval can be daunting. Even so, SBA loans can be a good option for borrowers whose credit is less than ideal.

Financing through specialty lenders who focus on the insurance industry is an appealing choice. These lenders – in contrast to most traditional banks – understand the nature of the insurance industry. They will often use the projected increase in cash flow as collateral for the loan, rather than encumbering other assets.

Summary

“In today's market, it's very hard to grow organically… so if you're going to grow, you've got to get into mergers and acquisitions,” DeLuca said.

In today's market, it's very hard to grow organically… so if you're going to grow, you've got to get into mergers and acquisitions.

Serial acquisitions can be a powerful way to turbocharge an agency's growth. It requires research, focus, and planning, but it can provide a big payoff when well-managed.

Accelerating P&C product and rate filing is critical to meet dynamic market demands and regulatory requirements. Traditional processes are constrained by manual handoffs, fragmented data, and slow approvals, resulting in delayed product launches and constrained profitability. This article explores how data, GenAI, and Agentic AI can transform rate filing—enabling parallel execution, automated testing, and intelligent workbenches for competitive analysis.

By adopting best practices in architecture, automation, and governance, insurers can compress cycle times, enhance pricing sophistication, and improve compliance. The approach outlined empowers carriers to respond swiftly to market shifts, optimize risk management, and gain a decisive edge.

Problem Statement: What?

Property and casualty (P&C) insurers in the United States face a complex and fragmented regulatory environment when filing new products or rates. The average time to approve rate filings has increased by 40% nationwide (for the period from 2018 to 2024 for homeowners' product). The result is delayed market response, constrained profitability, missed opportunities to reflect a changing risk posture (for example: In California, Proposition 103 limits insurers to base rates on historical losses rather than current and predictive/forward looking models).

While these regulatory complexities add to the delays of rate approvals, insurers also face internal challenges. These are magnified by fragmented data assets affecting rate development/indications, weak/limited integration of policy administration systems and rating engine, manual scenario generation & validations across rating workflows, too many handoffs, and manual state filing preparation.

Understanding Regulatory Complexity in State Filing

The regulatory complexity arises from several related factors:

1. State-Based Regulation and Legal Diversity:

Insurance regulation is primarily state-based, with each state legislature enacting its own rating laws, standards, and filing requirements. These laws may be based on NAIC model laws (e.g., prior approval, file-and-use, use-and-file, flex rating), but significant variation persists in definitions, processes, and compliance expectations across states. Insurers must navigate a patchwork of statutes, administrative rules, and case law, often requiring tailored filings for each jurisdiction.

2. Multiplicity of Filing Types and Entities:

Filings may pertain to rates, rating rules, policy forms, underwriting rules, or combinations thereof. Entities making filings include insurers, advisory organizations, and third-party filers, each subject to different rules and authorities depending on the state and product category.

3. Rigorous Data and Actuarial Standards:

Regulators require extensive supporting data for rate filings, including historical premium and loss data, actuarial analysis, and justification for rating factors. Standards mandate that rates must not be excessive, inadequate, or unfairly discriminatory, but interpretations and required methodologies (e.g., loss ratio vs. pure premium methods, credibility standards, catastrophe modeling) vary by state. Data quality, segregation, and rate adjustment protocols are scrutinized, and regulators may require multi-year data, trend analyses, and loss development triangles.

4. Procedural Complexity and Review Process:

The filing process involves multiple steps and stakeholders: filers must ensure completeness and compliance with state-specific requirements, often using tools like SERFF for electronic submissions. Reviewers conduct detailed checks for statutory and regulatory compliance, issue objection letters for deficiencies, and may require hearings or amendments. The process is iterative, and delays often result from incomplete filings or back-and-forth correspondence.

5. Policy Form Review and Public Policy Considerations:

Beyond rate filings, policy forms are subject to rigorous review for compliance with mandated provisions, prohibited clauses, readability standards, and consistency with pricing memoranda. States may require additional documentation, such as actuarial memoranda or advertising materials, and enforce unique requirements for specific lines of business.

Internal Challenges in Rate Change Management

Rate change management in P&C insurance is challenged by fragmented data sources and limited clarity/disjoint in data/business requirements for rate development & analysis. Insurers must reconcile information from underwriting, claims/loss history, reinsurance, and market trends, which demands extensive data wrangling and preparation. Latency in accessing third-party data and manual handoffs between product, actuarial, and IT teams further slow the process, leading to rework and misalignment.

The absence of integrated platforms for hypothesis development, rate workups, and filing results in inefficiencies and extended cycle times. Compliance steps are repeated for each state, and technical requirements for integration are often relayed indirectly, compounding delays. Manual testing and architectural gaps—such as non-stateless rating engines and scattered product management logic—impede data-driven decision-making and actuarial rigor.

Dislocation analysis, a key actuarial process, is time-consuming due to sequential, repetitive workflows and limited automation. The challenge is to quickly identify segments with disrupted rates and adverse loss ratios, as variable-by-variable reviews are essential but time-consuming. Without robust analytical capabilities, targeted adjustments are delayed, increasing regulatory risk and reducing pricing effectiveness.

How to bridge the internal challenges?

To accelerate and improve product/rate filing for Personal Auto & Property, insurers must deploy targeted interventions across dimensions such as Planning & Communication, Platform/Architecture, Data Controls & Trust, Validation, and rate filing intelligence—ensuring each stage of the value chain is robust, data-driven, and responsive to market and regulatory demands.

• Planning & Communication: Product / Rate filing has a direct correlation to business or product strategy. Considering its significance and the complex nature of the regulatory, it requires well-architected planning and execution. More often the challenges or delays are due to siloed interactions, lack of integration, gaps in business & IT/data requirements, delayed communication etc. across teams (product management, IT, Data, Actuarial, State filing etc.). Creating a digitized & integrated master rate change plan (by state, LOB, change complexity, filing type, etc.), workflow assignments and tracking ensure timely communication, transparency in timelines, dependencies etc. and enables identifying the choke points to improve execution. For example, Shift left the production IT activities related to configuration and build (i.e., before DOI approval/state filing, pre deploy with future effective dates toggled off until approval). Use emergency change approvals for minor rate updates and enforce strict SLA/OLA for signoffs to cut internal wait times.

• Platform/Architecture: Significant data engineering and configuration effort spent during Dislocation analysis and Post approval implementation. Address duplicate efforts spent in dislocation analysis and implementation (post rate approvals) by choosing appropriate rating engines (e.g.: Akur8, Earnix) with integration accelerators and compatible with modern policy administration systems.

• Data Controls and Trust: Automated data pipeline to ingest information, third-party data from near real time sources (telematics, IoT) on loss characteristics, use of CAT models for rate filings to assess risks like wildfire in California (as part of sustainable insurance strategy) to aid rate factor selection and an Assumptions Data Hub to capture UW assumption, Pricing assumptions, loss data etc., helps to build agility. Similarly, replacing legacy /excel-based models for rate filings with python/modern platforms such as hx Renew for central, version-controlled environment helps to improve collaboration, simplification and drive accurate filings.

• Automated validation: Leverage pricing tools/platforms such as hx Renew to automate scenario analysis (what-if") scenario analysis, automate the assessment of the impact of model changes and changes to assumptions, automated validation rules. Also, pairing provisional rate implementation with automated regression and CI/CD, improves response time via elastic rating engines and enhances rate monitoring, compliance, and traceability.

• Rate filing intelligence – Build & leverage rate filing intelligence powered by insights from SNL insurance product filing datasets (from S&P Global Market Intelligence) to understand market strategies, industry trends, analyze filings/factor changes of peer insurers, insights wrt objections, approval/response timelines of DOI etc. Harnessing these insights provides a feedback loop wrt product strategy, planning & execution adaptation to market conditions and decision-making.

Potential Benefits

Adopting integrated interventions such as master rate change plans and disciplined workflows, modern rating engines and platforms, reducing/eliminating excel based rating models, third-party data integrations, CI/CD and automated regression, market aware rate filing intelligence and effective change management—can significantly increase throughput of rate changes, strengthen rating traceability, reduce refiling/rerating cycles, and leverage richer third-party data for more responsive pricing, improving conversion, loss ratio resilience, and agility to market shifts.

The Way forward

To accelerate rate filing and product launches, insurers should assess their implementation strategy across the dimension such as people, process, technology and data, to evaluate their performance and outcomes. By operationalizing some of the relevant interventions listed above, insurers can compress cycle times, respond swiftly to market shifts, and optimize risk management. Now is the time for industry leaders to champion these changes and drive better outcomes.

Ten years ago—has it been that long?—I was working with the largest insurer of churches and religious institutions in the US when we discovered they were incurring an average of $70 million in annual losses from frozen pipes.

It makes sense. Many houses of worship sit empty most of the time, and in the northern half of the country—where most of this carrier's book was concentrated—a power outage or failing furnace leads to frozen pipes, burst lines, and substantial water damage claims.

So we built an IoT service that monitored furnace activity and water pipe temperatures, complete with a call center to alert policyholders before problems escalated. It worked so well that it survives today: insureds receive annual premium discounts for enrolling, and frozen pipe claims have dropped over one-third.

That experience in continuous risk management sparked my fascination with the next frontier: continuous underwriting. In my view, there's no reason insurance premiums shouldn't fluctuate daily—like stock prices or utility bills—as new risk data emerges.

Frustratingly, there are exactly two reasons they don't: regulation and reinsurance.

Tesla Insurance: A Case Study in Market Inertia

Tesla Insurance launched in 2019 in California, leveraging real-time telematics data from connected vehicles to offer up to 30% lower premiums through a Safety Score algorithm that tracks behaviors like hard braking and collision warnings. The system performs real-time scoring—true continuous underwriting—and adjusts premiums monthly.

Today, Tesla Insurance operates in just 12 states. Twelve states in six years represent a glacial pace for a company built on speed, underscoring how state-by-state regulatory approvals and legal roadblocks stifle algorithmic pricing scalability. Elon Musk has joked that SpaceX will reach Mars before Tesla Insurance writes business in all 50 states—a sadly ironic quip, since the technology for continuous underwriting already exists.

Then there's reinsurance. Earlier this year, Tesla accelerated its pivot toward vertical integration by launching full in-house underwriting for California policies, marking a strategic departure from third-party partners like State National Insurance (a Markel subsidiary). This move gives Tesla direct control over risk assessment, pricing, and policy issuance—despite California's Proposition 103 restrictions on dynamic telematics pricing.

This operational autonomy does two critical things: it eliminates reinsurance constraints—such as conservative loss ratio caps that previously stifled Tesla FSD-linked innovations—and positions the company for national expansion, with pilots already running in Texas and Illinois. By year-end, in-house underwriting will cover 40% of Tesla's $1.2 billion premium base.

Cyber Insurance: A Case Study in Market Necessity

Cyber underwriting has traditionally relied on static annual assessments, but accelerating threat velocity—in the first half of '25, incidents grew by 49% YoY—demands a shift to continuous underwriting. Real-time data from AI-driven tools like open-source intelligence (OSINT) scanning and attack surface risk management (ASRM) enables dynamic risk evaluation and premium adjustments.

Cyber insurtechs such as Cowbell are transforming underwriting from a snapshot into a living process. They report a threefold reduction in claims through proactive remediation and adaptive policies tied to evolving security postures.

These cyber insurtechs focus almost exclusively on the SME segment—businesses with less than $1 billion in revenue, fewer than 1,000 employees, and, crucially, simpler IT environments than large enterprises. They're also proactive. Cowbell, for instance, actively monitors and underwrites risk for over 31 million SME entities using continuous external attack-surface scanning (their Cowbell Factors), often before a quote is even requested. This makes them one of the clearest real-world examples of continuous underwriting operating at scale in the small-and-mid-market commercial segment.

Regulation is actually helping here, pressuring carriers to verify real-time adherence to baseline security standards like multi-factor authentication through tools such as Endpoint Detection and Response (EDR) and Managed Detection and Response (MDR).

Reinsurance innovation is providing capacity. Leaders like Munich Re and Swiss Re are investing in advanced modeling and proportional treaties that favor data-rich, quota-share structures—lowering capital needs while supporting AI-enhanced risk portfolios.

Continuous underwriting unlocks growth. Projected global cyber premiums are expected to more than double from $14 billion in 2023 to $29 billion by 2027.

The "Big" Fight to Scale

In this corner, the champ: Big Insurance and Big Legal (has anyone not heard of Morgan & Morgan?). They'll spend upwards of $200 million this year lobbying Washington to preserve the McCarran-Ferguson Act of 1945, keeping arcane insurance regulations frozen in place.

In that corner, the challenger: Big Tech. As continuous underwriting—by definition, fully automated—consumes AI data center capacity, the AI hyperscalers are throwing untold millions into the fray.

The majority of insurance consumers—per recent surveys—are rooting for the challenger.

I'm not here to scare anyone by saying, "Tech will replace all insurance professionals." That line is boring now.

What I want to talk about is something else: Tech may not replace your job immediately, but it is slowly replacing your worth in the system.

We are entering a phase where some changes in insurance are no longer a choice. They are inevitable. I call this "inevitablism" in insurance.

What Is Inevitablism?

Inevitablism in insurance refers to the mindset that certain industry shifts — such as automation, AI adoption, data-driven decision-making, and modernization of legacy systems — are not optional but unavoidable.

It's the belief that these changes will happen regardless of current comfort, resistance, or preparedness, and that insurers must adapt rather than delay, because the future will arrive with to without them.

Tech vs Talent: The Usage Gap

There is no shortage of talent in insurance. The real problem is how that talent is being used.

Across the industry, many bright professionals spend their day on low-value tasks:

• Moving data between systems
• Updating spreadsheets
• Chasing documents
• Sitting in the same recurring meeting.

They are capable of designing better products, rethinking portfolios, and solving complex risk problems. But because technology inside many insurers is underused or outdated, people become the "glue" holding legacy processes together.

And let's be honest — we all know insurance adopts technology at a speed of 0.1× compared with the rest of the world. When the world is moving toward no-code workflows, instant software creation, and autonomous systems, insurers are only now preparing to give GenAI controlled access to production environments.

The gap is not just between tech and customers; it is between tech and talent.

Instead of using technology to free people for higher-value work, we often use people to compensate for the lack of technology. That's where the fear of AI comes from. It's not just, "Will AI replace my work?" It's also, "Have we allowed our roles to become so basic that any decent system could replace them?"

The Age of Innovation

We are already in a world shaped by Web 3.0, emerging platforms and decentralized technologies. Bitcoin's rise is just one signal of how digital value and infrastructure are shifting. On top of this, AI is accelerating innovation at a speed the industry has never seen before.

In this environment, insurers do not have the option to "wait and watch". They will be forced to adopt technology and create products that match how people actually live, work and transact today.

Innovation will not grow linearly; it will grow exponentially with the help of AI.

Automation will not be a luxury; it will be a necessity.

With open-source AI tools, startups can build, iterate and launch at a fraction of the cost and time. This new tech wave can easily create the next 10 major insurance players for the world—born digital, data-native and globally connected from day one.

In the future, most people will have their own AI agent helping them choose the right policies from hundreds of options. Most interactions—advice, onboarding, even parts of claims—could happen through VR or AR environments, especially for complex or high-value risks.

Behind the scenes, risk and portfolio decisions will rely on far more computing power than today, with advanced simulation and optimization. At the same time, connections between insurance and reinsurance will become more streamlined, with better data-sharing, real-time insights, and smarter capital allocation.

Leadership Choices in a Legacy World

Some leaders still believe that sticking to legacy systems and old processes is the safest path. They focus on short-term stability, minimal change and being answerable upwards, rather than looking ahead.

And this creates another silent problem — there is no real plan to make the transition easier for the next generation of leaders. Very few leaders think 10 years ahead. They avoid solving foundational issues like unstructured data, fragmented systems, or outdated architecture. But if today's leaders don't streamline data, modernize infrastructure, and clean the technical debt, how will the next leader build, innovate, or scale?

Without this groundwork, every new initiative becomes a retrofit, every improvement becomes a patch.

On top of that, most organizations don't have a clear plan to upskill employees before introducing new technology. Instead of preparing talent for next-level work, new tools get dropped in suddenly. This creates anxiety, resistance, and the fear of being replaced. A thoughtful, long-term upskilling roadmap not only protects employees — it empowers them to drive the transition and elevate the organization to its next stage.

Others think long term. They understand that the next generation of executives will not just "manage operations" but will be expected to embrace innovation, work with AI and data fluently, and redesign how insurance is delivered.

The organizations that win will be the ones where leaders:

• Invest in modern platforms instead of patching legacy systems forever
• Empower teams to experiment, automate and simplify
• Build long-term upskilling plans so employees grow with the technology
• Prepare future executives to operate in a world where AI, Web 3.0 and virtual interactions are normal, not experimental

The choice is simple: either leadership shapes the transition, or the transition happens to them.

A Future No One Wants to Miss

If we get this right, the future of insurance is not something to fear—it's a future no one will want to miss.

Insurance will work much more globally than it does today. Risks will not only be priced and held locally; they can be pooled globally, with capital, data and exposure flowing more smoothly across borders.

With the help of Web 3.0 and digital identity, we may see unique decentralized IDs created for individuals, businesses and even digital assets. These IDs can carry verified risk information, claims history, behavior patterns and coverage details in a secure, portable way. That means faster underwriting, smarter risk selection and better pricing for those who manage risk well.

For customers, protection becomes something that quietly works in the background—across countries, platforms and channels—instead of a one-time, paperwork-heavy transaction.

At the same time, insurers may rely on an entire army of AI agents to handle day-to-day tasks: answering queries, comparing products, monitoring exposures, flagging anomalies, and triggering workflows. These agents will effectively act on behalf of both the insurer and the customer.

That raises a new question for the industry: we won't just be insuring people and organizations — we will also need to think about how to insure the agents and the risks created by their decisions, errors, or failures.

As more processes are automated and more intelligence is built into systems, something important happens on the human side: we actually get more time and space to think.

More time to:

• Discover what risks and needs are emerging
• Innovate types of coverage and services
• Design better experiences for both physical and virtual worlds

AI, automation and advanced computing handle the volume and speed. Humans handle the nuance and direction.

Final Thoughts

The future will not argue with any of us.

We can continue to debate whether Al will really reach certain capabilities, whether regulators will permit specific models, or whether customers will fully trust automated decisions. Many of these discussions are valid and necessary.

But some trends do not wait for our full intellectual comfort. They advance quietly through small projects, pilot programs and incremental upgrades.

The future does not require large numbers of people to keep legacy processes alive. It requires fewer people doing higher-value work, supported by smarter tools and more connected systems.

Farmers have been managing the risks to productivity throughout human history, for example by selecting the most appropriate choice of crop to plant according to state of soil moisture at the time. This is efficient, dynamic risk management the old-fashioned way.

From the late 19th century, the traditional way of protecting against the risks of perils, including hail, drought, flood, frost, heatwave and windstorm, has been indemnity insurance.

But just as farming techniques have evolved, farmers today benefit from new sources of data and technology, combined with alternative risk transfer options, to better protect their interests. What's more, these alternative solutions can allow farming supply chain partners, from processors, manufacturers and retailers, to protect their particular interest in the primary inputs into global food and beverage industries.

What obstacles do farmers face with traditional insurance?

Traditional crop insurances rely on accurate measurements taken at field or farm level. However, visiting farms and fields, often in remote locations, can prove time-consuming and may not give farmers the payouts they need to recover from losses when they need them.

Also, if a loss event is widespread, affecting many growers at the same time, there may not be enough experienced individuals to carry out the necessary loss evaluation work fast enough.

That's when alternative insurance arrangements, such as parametric solutions, can benefit both farmers and their supply chain partners.

What benefits do parametric solutions offer farmers?

Parametric solutions differ from more traditional, indemnity-based insurance contracts. They don't rely on on-the-ground loss adjustment because there is no need to prove loss, as in indemnity insurance. Instead, the insurance contract provides a payment based on a threshold being met on a pre-agreed scale or index. Such an index may be quite simple, for example the millimeters of rainfall recorded during the growing season or a critical part of it. Indices can also be temperature based: how many hot (or cold) days at prescribed temperatures are recorded.

Parametric insurance also differs from traditional insurance because payments are made automatically when contract terms have been met, without any need to 'claim' in the conventional sense. While the index will have been calibrated to reflect conditions that are likely to have caused a crop loss, the actual condition of the crop and resulting harvest are not considered when the payment is calculated.

Parametric solutions can be applied in varying forms and to address distinct risks that affect the supply chain, including cropping (both annual and perennial) and also livestock, aquaculture and forestry.

How can satellite technology and parametric insurance protect farming supply chains?

The routine availability of remotely observed data from satellite sources removes the need for insurers to visit the location of the insured assets for either risk or loss assessment. Such data sources let insurers measure vegetation health and evidence of burning remotely.

Such data, when combined with parametric insurance arrangements, enables interested parties up and down the food chain to protect their interests. If your business relies, for example, on the successful harvest of coffee in Brazil but you're not the grower of that coffee crop, you can still protect your interest with an appropriately designed parametric contract.

Traditional contracts of insurance are typically regulated so the policyholder must have an 'insurable interest' and, in the event of a claim against the policy, to show a 'proof of loss.' Parametric contracts can operate outside traditional constraints. This flexibility enables partners across supply chains to achieve a broader range of risk management objectives.

How can farmers take the first step toward parametric insurance?

Parametric insurance may sound complicated and sophisticated, but, in practice, almost the reverse may be true. While it may take the careful input of highly skilled experts to construct such products and to ensure they are fit for purpose, for the end user they should be easy to understand with payments, when due, being swiftly settled.

If you're a farmer or would like to explore protecting an agricultural supply chain partner with parametric insurance, your first step would be to assess your supply chains and their vulnerabilities. Geospatial analytical tools, for example, can help you quantify the likelihood and severity of multiple perils across global supply chains.

The insurance industry has spent years talking about modernization. Strategies drafted, budgets allocated, and pilot programs launched. But after early progress, momentum is slowing—and for many carriers, stalling altogether. The result is an industry caught between ambition and execution, where the cost of standing still grows with each passing quarter.

Recent data from West Monroe's survey of 300 insurance executives reveals a distinct pattern: while nearly every carrier has modernization plans in motion, few are making meaningful progress. 20% have defined strategies but haven't advanced execution. Another 12% remain in early planning stages. The most jarring: two-thirds of insurers expect it will take another three to seven years just to move core systems to the cloud, with 14% having no timeline at all.

This goes beyond technology. It's a business risk that's compounding with each passing quarter.

The Legacy Tax Is Draining Innovation Capacity

The clearest evidence of stalled momentum shows up in budget allocation. More than half of insurers now spend 51-75% of their IT budgets simply keeping existing systems operational. This "legacy tax" creates a self-reinforcing cycle: aging systems require more maintenance, leaving less capital for transformation, which in turn allows those systems to age further.

The impact is measurable. In the past 12 months alone, 52% of organizations delayed or canceled two to three strategic technology programs due to budget constraints. These programs include data governance improvements, AI capabilities, and customer experience enhancements that would position carriers for future competition.

Many insurers are still running core operations on COBOL, a language older than most of their customers. More than half report between six and 15 mission-critical COBOL modules still in production, revealing how deeply legacy code runs through their systems. This dependency exposes a major contradiction: organizations may have modern customer-facing experiences, yet their back-end processes remain anchored to aging infrastructure that limits scalability, agility, and speed.

Closing that gap requires more than new tools—it takes a clear modernization strategy that balances innovation with operational stability.

Speed Matters, And It's Slipping

The operational consequences of stalled modernization are impossible to ignore. 41% of executives say their critical data is only available when needed, not in real time. That lag translates directly into competitive disadvantage.

Consider the pace of basic operations: 48% report it takes 16 to 30 days to complete a rate indication assessment. Nearly half say it takes nine to 16 weeks to launch even a minor product endorsement. In a market where competitors can respond to emerging risks in days, not months, this kind of delay erodes competitive positioning.

In a market defined by speed, the ability to act in real time is becoming a key differentiator—separating those who capture growth from those still optimizing for stability.

The AI Paradox: Investing in Tools Without Foundations

Perhaps nowhere is the momentum problem more evident than in artificial intelligence adoption. Nearly 60% of insurers report being past the pilot stage with generative AI, yet most deployments remain small-scale and fragmented. Claims leads slightly with 30% actively piloting tools, while underwriting shows 27% still in proof-of-concept.

The stall is structural, not technical. Organizations that haven't invested in platform and data modernization face mounting costs and complexity. Large-scale transformations of policy administration, billing, and claims systems are creating more tech debt, pushing carriers further behind.

When asked about barriers to AI adoption, respondents pointed overwhelmingly to human factors: 24% cited resistance to change, 23% struggled with unclear value propositions, and 20% pointed to poor user experience. Only 13% identified technical issues as the primary obstacle.

This reveals the core challenge: insurers are trying to scale AI on foundations that weren't built for it. Without modern data governance, unified platforms, and streamlined processes, even sophisticated AI tools remain trapped in pilots instead of powering real underwriting and claims improvements.

Business and IT Misalignment Multiplies the Problem

Momentum stalls when priorities diverge. While 40% of organizations report "some alignment" between business and IT, that qualification signals trouble. Critical disconnects remain, and those gaps slow decision-making, blur accountability, and fragment modernization efforts across competing initiatives.

The data shows this misalignment in action. When asked about primary modernization objectives, 36% said improving customer experience, yet when budget allocation was examined, customer digital experience ranked last in funding priority. Meanwhile, 30% are betting on GenAI and advanced analytics, but 28% acknowledge their data layer and governance must mature first.

This represents an execution gap. Without shared ownership between business and IT, modernization risks solving for technology instead of solving for customers. The organizations breaking through are those that have hard-wired collaboration into their operating model, ensuring priorities and budgets move in lockstep.

Breaking the Stall Requires Strategic Focus

Momentum doesn't return through incremental adjustments. It requires strategic recalibration. Carriers gaining ground have stopped treating modernization as a technology initiative and started treating it as a business imperative tied to measurable outcomes.

That means rebalancing spend away from maintenance toward platforms that reduce future technical debt. It means building data governance that enables speed, not just compliance. And it means aligning business and IT not just in planning sessions, but in budget cycles, decision rights, and accountability structures.

Most critically, it requires accepting that modernization timelines measured in half-decades are no longer viable. When asked what would happen if modernization efforts froze for 24 months, 45% predicted significant competitive disadvantage. Yet nearly one in five believed a freeze would have minimal effect, a perception gap that signals how far some organizations still are from connecting technology strategy to business outcomes.

Those Who Move First Will Define What's Next

Momentum can't be restarted by chance—it has to be rebuilt with intent. The carriers regaining speed are the ones tackling legacy debt, modernizing data foundations, and aligning business and IT around a shared vision. With these foundations in place, AI and emerging technologies can do more than pilot—they can accelerate real performance and growth. For insurers, restoring momentum isn't just about catching up; it's about setting the pace for what comes next.

As we enter 2026, the insurance industry faces one of the most significant technology shifts in decades. After years of patchwork upgrades, costly integrations, and cautious experimentation with artificial intelligence (AI), the pressure to modernize has become urgent. Economic, regulatory, and technological forces are converging to make modernization a business imperative. Several forces will define insurance technology in 2026:

• Modernization will continue to drive profitability through tax incentives, operational efficiency, and cloud adoption.
• Regulators will further enable responsible innovation while maintaining accountability.
• AI adoption will reward readiness — carriers with modern infrastructure and unified, real-time data will gain further speed, insight, and competitive advantage.
• U.S. software will regain global leadership as domestic platforms expand adoption in Europe and the U.K.

Carriers that act decisively know they will reduce costs, accelerate innovation, and improve competitiveness — and they're already moving ahead with modernization projects. Those that delay will struggle with systems that cannot support growth or meet rising customer expectations. The next 12 months will be critical. The gap between modernized and legacy-bound carriers will widen as AI, regulation, and economics all reward readiness.

The Cost of Legacy

For decades, insurers have been burdened by legacy systems built for a different era before application programming interfaces (APIs), cloud infrastructure, and real-time analytics became standards. These systems are fragmented, expensive to maintain, and slow to adapt. Every innovation, from digital onboarding to predictive analytics, has been required to work around outdated technology rather than work with it. Maintaining these systems consumes resources that could fund other growth initiatives, accelerate claims processing, and improve the overall customer experience. Operational inefficiency has become a serious liability.

Economic and Regulatory Drivers

Recent U.S. tax legislation, known as OB3, makes modernization more financially attractive. It allows accelerated or immediate write-offs for software, digital infrastructure, and R&D investments, reducing near-term taxable income and freeing capital for technology reinvestment — an advantage for insurers competing in a capital-intensive market. This makes upgrading legacy systems and adopting modern, cloud-native platforms a strategic and financially sound choice.

Regulators are now more apt to remove obstacles for innovation and modernization. They are shifting from purely enforcing compliance to actively enabling insurers to adopt new technologies responsibly. This change in oversight encourages innovation that improves transparency, accuracy, and consumer outcomes. This environment allows carriers to deploy automation, predictive tools, and digital distribution with fewer delays while remaining compliant. These updated oversight practices and flexible frameworks align strategic and regulatory incentives for modernization.

AI Opportunity and Caution

AI promises to accelerate decision-making, improve risk pricing, and enhance the customer experience, but insurers cannot realize these benefits without the right infrastructure. AI is already transforming risk assessment, underwriting, claims triage, fraud detection, and customer engagement. Generative AI assists with policy drafting, marketing, and document automation. However, many carriers are unprepared to deploy these tools effectively. Legacy systems, siloed data, and fragmented architectures limit integration and data accessibility and the ability to scale AI effectively.

Many AI systems rely on shared or external models that continuously learn from the data they receive. Without careful governance, insurers could inadvertently share proprietary information with platforms that also serve competitors. Cloud-native architectures, unified data strategies, open APIs, and robust data governance are prerequisites for effective AI deployment.

Forward-looking carriers treat AI as a multiplier of modernization rather than a cure-all. Unified platforms enable real-time data across underwriting, claims, and customer service. On this foundation, AI accelerates decision-making, improves risk pricing, and enhances customer experience.

2026 Marks The Year Modernization Becomes A Business Imperative

Modern, seamless technology is available and proven. Fiscal incentives are clear. Regulatory flexibility is aligned. 2026 is the year modernization will define who will flourish and who will flounder. Carriers with iconic leaders will make decisions that will catapult them ahead of complacent competitors who will be reduced to the scrap heap of black and white televisions and legacy software providers.

Carriers that modernize core systems, unify data, and make informed AI decisions will build the foundation for long-term competitiveness, achieving operational efficiency, sharper insights, better risk pricing, and faster time to market. AI will amplify the benefits for those who are prepared and expose inefficiencies for those who are not.

The pursuit of excellence is a curse that only innovation can cure. There is no cure for the complacent and the abyss awaits.

As someone who has spent the last two decades in insurance, I've witnessed the perennial struggle faced by carriers and agencies alike: you have enormous volumes of data, legacy systems built on silos, and you're making many of your strategic decisions based on reports that are weeks, sometimes even months, old. The issue isn't access to data. It's the inability to analyze and operationalize that data in real time.

In the world of insurance, the ability to access and act on insights as events unfold is fast becoming the new "power center" of leadership. Why? Three key reasons: agility, precision, and control.

Agility

The pace of change in this industry is accelerating, especially since Covid-19 forced companies to take a hard look at their digital strategy. Shifting consumer expectations, compressed margins, evolving incentive structures, and new distribution models require leaders to respond quickly. Yet most still rely on batch reports pulled manually from core systems.

According to one recent insight, many insurers remain hamstrung by systems that cannot deliver analysis in real time, forcing backward-looking decisions. Real-time analytics can eliminate that delay. Instead of waiting for month-end or quarter-end reporting cycles, leaders can monitor performance as it happens, whether it's agent productivity, product mix shifts, lead conversion trends, or persistency drops.

Precision 

In today's world, precision is required to understand patterns like:

• Which products are driving the highest lifetime value?
• Which agents are trending toward lower persistence?
• Where are revenue leaks occurring?
• Where is there early evidence of chargebacks or clawbacks that will erode revenue?

These are some core questions that leaders grapple with daily, and they can't be answered with static spreadsheets. When analytics are available to them in real time, leaders can spot early signals before they turn into financial problems.

Control

For decades, core systems for commissions, reporting, policy administration, and field performance have been disconnected. The result: fractured visibility and slow response times. With real-time analytics unifying these workflows, leaders can intervene earlier, forecast more accurately and coach more effectively. Imagine giving agents visibility into their own earnings trajectory and book of business health or regional leaders having live dashboards highlighting where risks are emerging or products are outperforming.

The implication for leadership is profound. If you don't make real-time analytics a core capability, you're ceding strategic advantage.

Picture a distribution network where you don't wait for quarterly performance reviews or manual data pulls. Instead, you see live indicators of channel performance, emerging lapse risks, commission anomalies, and revenue movement. You can intervene the moment an issue surfaces, not weeks later.

This is the shift: from reacting to yesterday's insights to orchestrating today's outcomes.

Real-time analytics are no longer a "nice to have." For insurance distribution leaders, they define who will operate reactively and who will lead.