Cyber risk & insurance: adapting to the evolving threat landscape

 As cyber threats grow in scale and sophistication, insurers and businesses must rethink resilience strategies. With the rise of AI-driven attacks, state-sponsored threats, and evolving extortion tactics, reacting is no longer enough—proactive risk management is now essential. How can insurers stay ahead in this rapidly shifting landscape?

Cyber risk is evolving at an unprecedented pace pushing many organisations and insurers to rethink resilience strategies. As businesses increasingly rely on consolidated platforms and cloud-based services, cybercriminals are adapting, launching more efficient and devastating attacks. Keeping ahead of them is the key challenge and with ever more inventive threats including sophisticated extortion tactics, state-sponsored attacks, and AI-driven cyber warfare it’s an area of deep concern. 

Reacting to cyber incidents is no longer enough – anticipating and managing risks before they escalate is the only way to stay ahead of cyber criminals. 

As the cyber insurance market expands and adapts, leveraging innovative technologies and structured response strategies will be critical to ensuring sustainable protection against ever-growing cyber threats, as well as to insurers’ success and growth.

Ahead of Intelligent Insurer’s Cyber Risk & Insurance Innovation Europe 2025 conference with 250+ attendees and over 70 speakers, we spoke with Tim Brown, CISO, SolarWinds & Cytactic Advisory Board Member and Dr. Nimrod Kozlovski, Founder & CEO, Cytactic. They were part of a fire-side chat and held a real-time crisis live cyber show and workshop. This simulation explained how to manage a cyber attack in reality. Attendees of, ‘From chaos to control: the role of technology in cyber crisis resilience’ held in London on 4-5 February 2025, gained expert insight and learned new tools. 

Delegates:

• Gained insight into critical decision points—negotiating with hackers, managing stakeholder communication, and tackling regulatory challenges under pressure.
• Experienced advanced technology in action, seeing how innovative tools turned chaos into control and empowered crisis teams with actionable insights.
• Participated in reliving the intensity of a cyber-attack or navigating one for the first time.
• Left with practical tools, strategies, and a renewed sense of readiness to tackle future cyber crises.

Both speakers are leading experts in the field.

Tim Brown, CISO, SolarWinds & Cytactic Advisory Board Member

As CISO of SolarWinds, Brown, a former Dell Fellow and CTO oversees and deploys the strategy for internal IT and product security. With over 25 years of experience, Brown has considerable expertise and has previously advised and met with members of Congress and the Senate to the Situation Room in the White House. Following the SUNBURST attack in December 2020 he led the response and remediation efforts. Following collaboration and consultation with customers, Brown together with the SolarWinds CEO has designed the future state of security with their ‘secure by design’ philosophy – a template for the industry's response for future cyberattacks. He’s also an avid inventor and holds 18 issued patents on security-related topics.

Dr. Nimrod Kozlovski, Founder & CEO, Cytactic 

Kozlovski has advised governments on national cybersecurity strategies. With over 15 years’ experience including leading the tech and regulation department at Herzog and a background as a venture capitalist investor in cyber security at JVP cyber labs he comes with both technical, academic and legal expertise. He founded the Cyber security studies at Tel Aviv University business school and received his doctorate degree in law (J.S.D) from Yale Law School, conducted his Postdoctoral research in computer science on proactive security at the Yale School of Computer Sciences and researched at Oxford Internet Institute. He was an adjunct professor for Cyber Studies at New York Law School and Kellogg international MBA program. He clerked for the vice president of the Israeli supreme court.
Koslovski answered some questions ahead of the conference:

Q: The cybersecurity industry has seen a surge in large-scale incidents affecting major platforms. What are the underlying contributors to this?

Kozlovski: There’s a natural tendency towards platformisation, or over-dependency to complete reliance on a single or a handful of technologies and service providers, from cloud services to project management SaaS to open-source stacks. This makes these monoliths highly sought-after targets for hackers, statistically raising the probability of breaches being found in them. Once breached, their weaknesses become monolithic vulnerabilities, and they are the weakest links in the supply chain, posing a growing risk of a mega-event, as witnessed in the catastrophic 2024 Change Healthcare cyber-attack and CrowdStrike cyber-unrelated outage, whose combined damage exceeded $1 billion, and the 2021 Log4J vulnerability Log4Shell.

Now, instead of wasting resources launching attacks on multiple businesses, attackers can maximise their ROI with the pyramid approach - targeting a single monolith to compromise its numerous, hopefully significant customers. This could snowball into a cascading attack, potentially collapsing entire chains.

The critical challenge is to strike a balance between efficiency and resilience, ensuring that businesses diversify their security approaches while maintaining seamless operations, and take third party vendors’ security into account. This includes making sure the vendors are protected, prepared, insured, and willing to be fully transparent and share information regarding potential and actual vulnerabilities and attacks.

We are also seeing a shift in target selection. While large enterprises remain the most attractive targets, cybercriminals are increasingly attacking small and medium businesses, as well as industries that were previously overlooked, such as healthcare, education, and bricks-and-mortar retail. These sectors often lack the same level of preparedness as financial institutions or critical infrastructure, making them easy prey for attackers.

Q: Companies’ cyber security budgets seem to be growing all the time. Is there a way to reduce this expense?

Kozlovski: Just as nations maintain military readiness during peacetime, organisations must maintain cyber readiness at all times. The cost of preparation may seem high, but the price of being unprepared is invariably higher. Organisations who fail to adapt to this new normal risk becoming the next headline in what promises to be a year of unprecedented cyber challenges.”

Q: Tim Brown, who as SolarWinds’ CISO managed the massive SUNBURST attack, recently joined your advisory board. What does his experience tell us about contemporary cyber crises?

Kozlovski: SolarWinds' story is the story of many organisations in recent years, which due to the scale of the phenomenon, don't always even get a casual mention in the media or on the internet. The cyber-attacks of yore look like a video game compared to today's attacks - more sophisticated, more dangerous, and more ubiquitous, to which organisations of all sizes and fields are vulnerable, from a family real estate office to a global tech corporation. In such an environment, managing cyber crises - the assemblage of challenges and threats that ensue a hacker attack - becomes a more complex and challenging task than ever before.

Q: And what should we take away from this?

Kozlovski: The main lesson is that the transition from managing crises using playbooks to employing advanced digital platforms is indispensable. It’s not just a technological change - it signifies a fundamental conceptual change, a paradigm shift in the field, if you will. Cyber crises are a multi-disciplinary management problem that require experts from different disciplines to work in parallel and collaboration, and to adapt dynamically as threats evolve. Digital platforms for managing cyber crises offer the flexibility, efficiency, and tools needed to deal with the complex and fast-changing threats of the modern cyber world. Organisations adopting this approach will find themselves better prepared, more responsive, and equipped to successfully cope with the cyber challenges of the 21st century.

The urgent need for this transition is highlighted by five central challenges in managing cyber crises, which show how an online, dynamic, and updated platform can comprehensively address these challenges, owing to real-time information, coordination and collaboration, flexibility, and access to databases and advanced decision-making tools. This way, chaos can be turned into order, and an organisation's ability to cope with cyber crises can be significantly improved.

Q: What can insurers do to improve their clients’ cyber resilience?

Kozlovski: On the one hand, the volume and size of cyber claims increases payouts and financial exposure for insurance providers, a strategic pain for the industry. On the other hand, the cyber insurance sector is projected to grow from $15B in ‘24 to nearly $50B by 2030 according to Howden, a global insurance group, underscoring the potential for insurers who can up their value proposition. Our groundbreaking partnership with them addresses both: the insureds get access to Cytactic’s cutting-edge crisis readiness and management platform, improving their readiness and crisis management capabilities and mitigating risk and damages; and the insurer is embedded into the cyber crisis management process, minimising the crisis costs, and strengthening its relationship with clients.

Tim Brown answered questions ahead of the session:

Q: What’s the contemporary cyber threat landscape like?

Brown: The 2024 threat landscape depicts a cyber ecosystem under siege by increasingly sophisticated and diverse threats. 2024 had a record-breaking number of incidents, as highlighted by reports such as Verizon's annual threat analysis, which recorded over 35,000 security incidents and more than 10,000 confirmed breaches spanning 94 countries. This highlights the rapid evolution of malicious tactics, driven by organised crime and nation-state-sponsored attackers. The growing sophistication of cyber attacks is aptly shown in the average time to execute ransomware attacks, which dropped from 60 days in 2019 to just four days in 2024, according to Allianz. Businesses have named cyber risks a top concern in the consecutive 2023-2024 Allianz Risk Barometer reports, with cyber crises topping the threat charts across all company sizes, 59% naming data breaches as their top exposure and 50% naming cyber incidents as the leading cause of business interruption.

The heightened 2024 cyber threat landscape accelerated awareness of cyber risk, the need for proper insurance, and the requirement of smart readiness, training, and management tools. Looking ahead to 2025, the complexity and volume of attacks are expected to surge. 2025 will bring more challenges - more supply chain attacks, more sophisticated AI-driven threats, and more state-sponsored attacks.”

Q: What are the solutions to these problems and pains?

Brown: The speed and precision of modern cyber threats demand proactive defence strategies and continuous monitoring and risk assessments, as well as threat intelligence knowledge sharing to stay ahead. Organisations must shift from reactive security models to anticipatory defences that leverage AI-driven threat detection and automated response mechanisms.

Q: With global regulations tightening and increasing emphasis on transparency, what key regulatory trends do you think organisations should prepare for? How can companies balance compliance with operational efficiency?

Brown: We’re seeing a clear trend toward stricter reporting requirements, greater accountability across supply chains, and increased enforcement of data protection laws. Companies should prepare for real-time incident disclosure mandates and more rigorous operational resilience standards. The challenge is balancing compliance with agility - organisations need to embed security and compliance by design, leveraging automation and continuous monitoring to streamline processes while maintaining regulatory adherence.

You’re a CISO, a title that in recent years has become more important than ever, with considerable corporate and legal responsibilities. What changed in the CISO’s job?

Brown: In this volatile environment, the CISO's role becomes more critical than ever. Beyond securing organisational assets, CISOs must anticipate evolving threats, foster resilience, and lead dynamic response strategies. They are tasked with unifying cross-functional teams to manage crises, building trust across the supply chain, and adopting predictive analytics to stay ahead of attackers.

Q: What are the best lessons from SUNBURST that you can share with businesses?

Brown: During Sunburst, we were missing automation and tools to reduce our heavy reliance on people making decisions under extreme stress. When I joined Cytactic's advisory board, it was clear the platform filled this critical gap in crisis management. Cytactic offers automation, predefined plans, and advanced tools, which reduce that dependency on human improvisation during crises. The platform's ability to predefine plans and automate tasks is a game-changer for preparedness and response. It allows teams to focus on managing the crisis rather than improvising, which is essential in high-stakes situations.

Both cyber crisis preparedness and management are critical. Preparedness ensures teams practice managing minor incidents, which builds muscle memory for major crises. Effective preparedness leads to better responses, which in turn minimises recovery time and impact. The key is to practice, prepare, plan, and use these practices for both minor and major incidents. Resilience is about trying to prevent incidents, but recovery is about responding when they inevitably occur. A well-prepared response builds trust with customers and stakeholders and ensures the organisation moves forward stronger. This integrated approach is what resilience truly means - being ready for the unexpected and capable of recovering quickly.

Any lessons regarding insurers?

Brown: In the first stages of managing a crisis, it’s so important that you have the right partners involved - to get you ready, to be able to go through the right steps, to be able to have the right information, to be able to communicate clearly. If you have really good help from a legal partner or a cyber coach, they collect information and they can provide help if you need it. In some ways, the insurer was one of those. 

The insurer must work closely with clients to assess their risk and recommend ways to mitigate it. Encouraging proactive cybersecurity measures, like regular assessments and incident response plans, should also be a key component of policies.

Q: Looking ahead, what do you predict will be the most significant cybersecurity challenges in 2025? How can organisations build a more adaptive and proactive security strategy to stay ahead of evolving threats?

Brown: Threat actors are becoming more sophisticated, leveraging AI for attack automation, deepfake-based social engineering, and supply chain infiltration. Organisations must shift from reactive security postures to proactive threat anticipation. This requires continuous risk assessment, intelligence-driven decision-making, and collaboration across industries. Investing in zero-trust architectures, attack surface reduction, and advanced threat-hunting capabilities will be key to staying resilient.

For more information about the Cyber Risk & Insurance Innovation Europe annual event, visit https://www.cyber-insurance-innovation-eu.com/

Did you get value from this story?  Sign up to our free daily newsletters and get stories like this sent straight to your inbox.