Cybercriminals are sharpening their tools because companies are cleaning up their online habits. Johnson says this change shows a maturing threat landscape, where bad actors use artificial intelligence to make attacks quieter and far more believable.

Take phishing: Emails that used to scream scam with typos and odd graphics are now polished notes typed by generative AI. Theyre beautiful, unfortunately, Johnson said. And its way harder for employees to spot them as fakes.

Sophie Law (see photo below), a senior cyber underwriter at Arch Insurance, shared the worry, saying ransomware is still huge but now hitting whole systems at once.

Recent headline hacks against UK retailers proved that one breach can quickly toss supply chains, payments and customer trust into the same storm. Laws voice is clear: those systemic hits are the next front for cyber insurance.

As a marketplace, we now grasp systemic risk far better, Law said. CrowdStrike sounded the alarm early, and the industry dodged the worst. Yet were all conscious of the traps that still loom.