Estimated reading time: 8 minutes
A new report opens with a number built to alarm. Almost every large organization running AI agents has already had one cause disruption. The figure is 98%. The research comes from Economist Enterprise, supported by Rubrik. It surveyed 804 senior technical executives across nine countries. Every respondent runs AI agents in live systems. The headline lands hard. The deeper finding matters more for insurers. Most of these organizations cannot see what their agents are doing.
The report is titled Power without control: Rethinking cybersecurity for the age of agentic AI. Its core claim is blunt. Disruption is no longer a risk to prevent. It is now a reality to manage. Nine in ten respondents expect more incidents, regardless of the safeguards they add. That shift changes the question for cyber insurance. The job moves from stopping the loss to proving how it happened.
The Threat Moved Inside The Building
Old cyber defense guarded the perimeter. It kept outside attackers out. Agents break that model. They act from within. They make decisions, move across systems, and call other agents. Survey respondents worry as much about agents acting out of scope as about external attack. The report calls this the threat from within. An agent with broad permissions can delete a database by accident. It can also open a door for a real intruder.
The risk grows with the permissions. Agents need wide access to be useful. That access is the exposure. Andrew Cooke, chief legal officer at Perk, sees the trap clearly. The risk, he said, “comes from creating an agent given wide permissions just to make it ‘work’.” Sastry Durvasula, chief operating, information, and digital officer at TIAA, is blunter still. “I don’t think the traditional infosec toolbox will cut it for the agentic world,” he said. This is the same exposure we examined in shadow AI and agent liability. The agent inherits a human’s access. The blast radius follows.
The scale of the unknown grows when agents talk to each other. James Swanson, chief information officer at Johnson & Johnson, flagged the gap. “When you link agents together, they can lose context,” he said. Current security tools were not built to watch that traffic.
The Illusion Of Preparedness
Awareness is high. Readiness is not. Two-thirds of organizations lack full visibility into their agents. Only 37% keep a complete, current inventory of agents and their permitted actions. That gap is the heart of the problem. A team cannot contain what it cannot see. It cannot reverse what it never logged. Harry Borovick, general counsel at Luminance, points to the hidden layer. “One of the biggest risks is shadow AI usage,” he said, citing free tools on personal devices.
The recovery picture is just as thin. Most organizations have recovery time targets. Nearly half of those targets are informal or loosely defined. Only 30% report robust, fully tested rollback. Rollback means undoing an agent’s harmful actions. Without it, a fast mistake becomes a lasting one. Andrea Abell, chief information security officer at Eli Lilly, reframes the goal. “Resilience is the real measure of cyber success,” she said. The point is not to stop every incident. It is to recover from the ones that land.
The boardroom sits in the dark, too. Only one in four organizations reports cyber recovery performance to senior leaders. So boards approve AI spending without knowing if the company can recover. The report also finds a confidence gap by rank. C-suite leaders sound more optimistic than the vice presidents who run the systems. That gap is a warning sign on its own.
The Regulated Sectors Move More Carefully
Not every sector runs at the same speed. Finance and healthcare lead on testing and recovery. Strict rules force the discipline. Daniel Kendzior, global digital and AI transformation leader at Accenture, sees the difference firsthand. In finance, he said, “there is a much more methodical exploration of [defining] what robust testing is.” The stakes shape the caution.
Thomas Fuchs, chief AI officer at Eli Lilly, drew the sharpest line. “Everything that touches patients is regulated,” he said. He contrasted that with a consumer app where downtime barely matters. In a hospital or a drug plant, a failed agent is not a minor outage. That gap in consequence should shape how underwriters price different books.
Retail tells a quieter story. Sandra Stanley, chief data science officer at dunnhumby, part of Tesco Group, found low customer uptake. Only a small share of shoppers use agentic tools to buy groceries. So retailers keep agents inside their own workflows for now. The exposure there is operational, not customer-facing.
Money Still Flows To The Wrong Place
Spending has not caught up with the threat. Organizations still put most of their cyber budget into prevention. The split is 55% prevention to 45% recovery. Leaders expect that balance to hold until 2030. The report argues this is backward for the agentic era. If incidents are inevitable, the response deserves more. The wall matters less when the threat already lives inside.
Speed is the reason recovery now matters so much. Agentic AI incidents move at machine pace. The report cites a striking test. A security team simulated a full ransomware attack using agentic AI. From break-in to data theft took 25 minutes. That is roughly 100 times faster than a traditional attack. A response measured in hours will not hold. The window to contain is now minutes.
Why This Lands On Underwriting Desks
The report names four business areas most at risk. They are regulatory fines, supply chain disruption, revenue loss, and reputational damage. Each is a familiar line on a cyber claim. Agentic risk is a business problem, not just a technology one. That is the point insurers should take from it.
The harder question is coverage. An agent can now cause a loss with no attacker involved. Who pays for that? We put a version of that question to a panel at the Scout InsurTech conference, captured in our reporting on agentic AI and cyber insurance. The claims view was steadying. Rich Gatz, Head of Cyber Claims at Arch Insurance, noted that a standard cyber policy turns on two triggers. One is a network security breach. The other is a data privacy breach. An AI-driven breach often falls under those already. From a claims seat, the cause of the breach often does not change the payout.
The pricing seat is less settled. Jeremy Epstein, CEO of Mayflower Specialty, called for more dedicated risk capital and better broker education. Some carriers now exclude AI. Others sell specific AI cover. A few have arranged special reinsurance for AI liability. We tracked that boundary fight in our reporting on coverage gaps flagged by Willis. The market has not agreed on where agent loss belongs.
Identity Is The Control That Decides The Risk
Identity sits at the center of the problem. Agents need identities to act. Traditional identity systems were built for humans. One analyst firm rates agent identities as a very high mass-attack risk. The concern is speed and privileged access. We examined that underwriting angle in agent identity as an underwriting question and in non-human identities and cyber resilience. An unaccountable agent identity is a claim waiting to happen.
The control that works is a clear boundary on what an agent may do. Tristan Morris, CEO of SplitSecure, framed it on our panel as keeping a human able to intercept sensitive actions. Julia Garcia-Trombley, who leads the US and Canada for CertX, pushed for agreed definitions and a risk assessment before deployment. Both point in the same direction. Limit the agent’s reach. Prove the limit holds.
The Logging Gap Decides The Claim
Here is where the report meets the claims file. Investigators rebuild events after an incident. They need logs to do it. Two-thirds of organizations lack the visibility to provide them. Imogen Philp, product director at Likezero, sees the deeper muddle. “The security questions are broader, and the language is still evolving,” she said. Terms like agentic and predictive are not yet defined in the same way across the market.
That uncertainty cuts two ways. It slows claims handling, since insurers need facts to assess the cause. It also widens legal exposure, since the company cannot show what its controls did. Visibility is now an insurable control. So is the tested rollback. An organization that can show both presents a cleaner risk. One that cannot leave the carrier guessing. In the agentic era, the ability to prove what happened may matter as much as the ability to prevent it.
FAQ – Agentic AI And Cyber Insurance
It found that 98% of organizations running AI agents have already had a disruptive incident. Nine in ten expect more. Most lack full visibility into what their agents do. The report calls disruption a reality to manage, not a risk to prevent.
Investigators need logs to assess a claim. Only 37% of organizations keep a complete agent inventory. Without that record, claims handling slows, and legal exposure grows. Visibility is becoming an insurable control.
It is contested. An agent can cause a loss with no attacker involved. Some carriers are adding AI exclusions or pushing losses toward errors and omissions policies. The coverage language is still forming.
Rollback is the ability to undo an agent’s harmful actions. Only 30% of organizations have a robust, tested rollback. Agent incidents move in minutes, so fast reversal limits the loss. Insurers may soon expect it as a control.
Related Cyber Insurance Posts
- Black Kite 2026: Europe’s Ransomware Surge Now Runs Through Your Suppliers
- Artificial Intelligence Report: Only 44% Ready to Support Secure AI, Delinea Finds(Opens in a new browser tab)
- Does Cyber Insurance Cover Scams? It Depends(Opens in a new browser tab)
- Agents Recognize Cyber Risks—Clients Remain Skeptical About Personal Cyber Insurance(Opens in a new browser tab)
- Zywave Details Agentic AI Plan For Insurance Sales Workflows(Opens in a new browser tab)