Estimated reading time: 12 minutes
Attackers are not breaking in anymore. They are logging in. That single sentence, drawn from KELA’s State of Cybercrime 2026 report, reframes every assumption underwriters have made about perimeter controls, MFA attestation, and identity-based risk. KELA’s Cyber Intelligence Center tracked 2.86 billion compromised credentials across the cybercrime ecosystem in 2025. Ransomware victims surged 45% to 7,549. MacOS infostealer infections jumped 7,000% in a single year. And state-backed actors are now running 80 to 90% of cyberattack campaigns using autonomous AI agents with minimal human oversight. David Carmiel, CEO of KELA, frames the shift plainly: “Attackers no longer need to break in through a backdoor, they can quickly find the key and walk through the front using stolen credentials.” The report is one of the most data-dense annual cybercrime analyses available to the insurance market.
KELA shared an advance copy with Cyber Insurance News, along with exclusive Q&A responses from Carmiel addressing the underwriting implications directly. This is the third consecutive year we have covered KELA’s annual cybercrime analysis. The 2024 State of Cybercrime report documented the foundations of the credential epidemic, and the 2025 AI threats report tracked the early integration of AI into attack chains. The 2026 edition confirms that both trends have fully matured.
The Credential Epidemic Is Bigger Than The Headline Number
The 2.86 billion number includes stolen credentials from all sources: infostealer malware logs, breach databases, dark web markets, and combined credential lists. In 2025, KELA found about 3.9 million unique infected machines worldwide, which produced 347.5 million credentials just from infostealer malware. The larger 2.86 billion figure shows the total spread, including credentials that have been traded, repackaged, and reused across criminal networks.
Business cloud solutions made up 19.6% of all stolen credentials. CMS platforms were next at 18.7%, email services at 15.3%, user authentication services at 12.9%, and version control systems at 8.9%. These five groups together account for over 75% of all exposed credentials, and each one is a direct entry point into company systems. Lumma was responsible for 55% of infostealer infections, with Redline at 25% and Vidar at 10%.
The credential theft problem extends well beyond technology sector targets. Retail and wholesale exposed credentials have been documented as a growing exposure across consumer-facing sectors, and claims data from 2025 shows data theft and extortion increasingly driving loss severity across multiple verticals. The KELA data confirms what the claims trends have been signaling: identity is now the primary attack surface across every sector.
The macOS shift deserves its own sentence. MacOS infostealer infections rose from fewer than 1,000 in 2024 to over 70,000 in 2025. That is not a trend. That is a market correction. The assumption that Apple endpoints carry lower cyber risk is now a liability in underwriting decisions.
What Carmiel Told Us: The MFA Question
We put the credential and identity findings directly to David Carmiel. His response to MFA recalibration is the most underwriting-relevant answer in this piece.
We asked: Given that stolen session tokens and OAuth compromises are explicitly bypassing MFA, is standard MFA attestation now functionally obsolete as a risk signal?
David Carmiel, CEO of KELA: “Underwriters should recalibrate their validation frameworks by moving from static attestation (asking if a control exists) to dynamic observation (verifying if a control is failing in real-time). Standard MFA attestation is not obsolete, but its weight as a risk signal must be adjusted to account for token theft vulnerabilities.”
Carmiel says recalibrated frameworks should evaluate three dimensions. First, MFA phishing-resistance: whether the applicant uses FIDO2 or passkey-based authentication, which binds the session to the hardware and prevents remote token replay. Second, token lifetime and revocation: the presence of policies that limit session duration and enforce Continuous Access Evaluation to revoke tokens instantly upon suspicious activity. Third, external exposure monitoring: whether the applicant actively monitors the criminal underground for their specific employee credentials and active session cookies.
Carmiel’s bottom line: a yes on an MFA questionnaire is a baseline, but the absence of active leaked session tokens in the criminal underground is the superior risk signal for pricing identity-based peril. That framing should land directly in your next renewal questionnaire review. The broader question of what cyber insurance policy proof actually requires and whether attestation models are keeping pace with attacker capability is a conversation the market is having right now. Carmiel’s response gives underwriters a concrete framework for updating it.
Ransomware As Distraction: The Hidden Tail Risk
KELA recorded 7,549 ransomware victims in 2025, up 45% from 2024. This rise follows a trend seen in recent years, but the types of attacks have changed. Qilin had the most victims at 1,137, followed by Akira with 761 and Clop with 523 in two major attacks. Manufacturing and professional services were hit hardest, and more than half of all victims were in the US. The more important finding for cyber insurers is not the volume but the structure. A growing subset of attacks uses ransomware as one pillar of a hybrid model of encryption combined with data exfiltration, double extortion, and, in some cases, persistent access maintained long after decryption occurs. We asked Carmiel directly about the coverage implications.
We asked: Ransomware deployed alongside covert data exfiltration creates a scenario where the visible loss trigger is encryption, but the actual loss may be far larger. Are insurers adequately pricing that tail risk?
David Carmiel: “Insurers are currently struggling to price this tail risk because the loss is often non-linear. While a ransom payment is a fixed cost, the long-term devaluation of a company’s competitive advantage and the compounding cost of total infrastructure replacement are rarely captured in current actuarial models.”
Carmiel uses NotPetya as a key example. Maersk first estimated its losses at $23 million, but the final cost was over $350 million. The long-term impact included months of lost business as customers went elsewhere, which is hard for insurers to measure right away. Carmiel notes that if investigations end when systems are restored, hidden access through web shells or compromised accounts can remain. This means the same attacker could come back later, leading to more than one insurance claim from a single event.
Get The Cyber Insurance New Upload Delivered
Subscribe to our newsletter!
The SaaS Supply Chain And Accumulation Risk
The Salesloft/Drift/Salesforce cascade in 2025 is the clearest accumulation scenario the market has seen since CDK. A single OAuth token compromise at Salesloft enabled pivot access into the Salesforce environments of Cloudflare, Palo Alto Networks, CyberArk, Tenable, and Zscaler simultaneously. The zero-day threat to American infrastructure documented earlier this year showed how single points of failure in shared infrastructure create correlated loss scenarios across hundreds of organizations. The SaaS supply chain version of that problem is structurally identical and arguably harder to model because the dependencies are less visible. We asked Carmiel whether the industry has visibility into correlated SaaS dependency exposure at a level that cat modelers can actually use.
David Carmiel’s answer was direct:
“Short answer: yes.”
Carmiel says KELA maps digital footprints by listing all exposed assets like domains, subdomains, and IP addresses, then adds details about hosting and infrastructure. The platform links these assets back to their main organization, creating a full map from asset to vendor to company. It also shows which vendors bring specific risks. For modelers looking at shared SaaS risks, this relationship mapping is the data they need.
MacOS Endpoints: The Underwriting Assumption That Needs Updating
The 7,000% jump in macOS infections is a major shift, not a minor detail. This rise comes from a growing malware-as-a-service market focused on Apple devices. Atomic Stealer, the first commercial macOS infostealer, appeared in 2023. By 2025, it had led to a full underground market with subscriptions, updates, and support. We asked Carmiel what underwriters should ask applicants about keeping endpoint protection equal across systems.
David Carmiel: “Underwriters should be asking for the percentage splits of endpoint operating systems to gain a better picture of the risks they are being exposed to. With this increase in macOS infostealers, it is clear that this level of granularity should be mandated in questionnaires.”
On whether claims data already maps to the macOS shift, Carmiel notes that KELA does not have access to claims data, but predicts that forensic analysis capturing device OS detail will show an upward trend from 2026 onwards. Underwriters should get ahead of that trend now rather than wait for loss experience to force the question.
State Actors, War Exclusions, And The Attribution Problem
The report documents Chinese state-backed actors running autonomous AI-assisted espionage campaigns, including a specific incident involving Anthropic’s Claude tool, in which the system autonomously executed approximately 80 to 90% of the campaign. State-backed actors are also using ransomware instrumentally, blurring the line between criminal RaaS operations and state-directed activity. That line is precisely where war exclusion language activates. We asked Carmiel at what point in a campaign attribution confidence is sufficient to distinguish a criminal operation from a state-directed one.
David Carmiel: “The timeline for definitive attribution is typically slow, often requiring deep forensic analysis that occurs long after the initial incident. This creates an ‘attribution nightmare’ for insurers.”
Carmiel identifies three markers that signal state direction rather than criminal opportunism. First, a financial facade with an ideological core: groups like Pay2Key offer higher affiliate profit shares specifically for targeting US and Israeli organizations, an ideological incentive structure that transforms a financial model into a state-directed force multiplier. Second, propaganda and disruption are the primary objectives rather than monetization. Third, technical evidence fused with victimology that aligns directly with a state’s geopolitical agenda.
The OFAC dimension sharpens the stakes. A ransom payment to what appears to be a criminal RaaS group can expose both the insured and the insurer to OFAC sanctions if investigators later attribute the group to a sanctioned state-aligned actor. Real-time coverage determinations cannot wait for definitive attribution that takes months.
Vibe Hacking And The AI Kill Chain
KELA coins the term vibe hacking to describe a shift from explicit jailbreaking toward contextual manipulation of autonomous AI systems. Rather than bypassing safety constraints directly, attackers provide AI agents with high-level objectives and benign contextual narratives that lead the system to misinterpret malicious tasks as legitimate workflows. Over 80% of sophisticated campaigns now require minimal human oversight. AI-driven malware strains, including PromptFlux, PromptSteal, and VoidLink, were documented in active deployment during 2025. The AI threat trajectory KELA documented in 2025 has accelerated precisely as predicted. Autonomous agentic attack models are no longer a forecast; they are the current operational reality.
For underwriters, AI governance is now a real issue. Companies that deploy AI tools and APIs without strict data isolation, least-privilege access controls, and content ingestion limits open attack surfaces that standard questionnaires fail to capture.
The Bottom Line For Underwriters And Brokers
The KELA State of Cybercrime 2026 report is the most relevant annual analysis for underwriters this year. The credential theft findings change how identity controls should be assessed. The macOS endpoint issue means questionnaires need updating now. Carmiel’s insights on SaaS accumulation fill a gap modelers have struggled with for years. The report also clearly explains the challenge of deciding war exclusions in state-linked attacks.
FAQ — Credential Theft And Identity Controls
Credential theft cyber insurance addresses losses caused by attackers using stolen credentials to access corporate systems. KELA tracked 2.86 billion compromised credentials in 2025. Attackers now log in using valid credentials rather than exploiting technical vulnerabilities, bypassing traditional perimeter controls entirely and making identity the primary attack surface organizations must defend.
According to David Carmiel of KELA, standard MFA attestation remains a baseline but is no longer sufficient alone. Stolen session tokens and OAuth compromises bypass MFA without triggering authentication failures. Underwriters should now assess MFA phishing-resistance using FIDO2 or passkey authentication, token lifetime and revocation policies, and whether applicants actively monitor the criminal underground for leaked employee session cookies. The absence of active leaked session tokens in the criminal underground is now the superior risk signal for pricing identity-based peril.
Carmiel recommends that underwriters ask applicants for the percentage split of endpoint operating systems across their environment. MacOS infostealer infections jumped from under 1,000 to over 70,000 in 2025. Endpoint protection parity across operating systems should now be a mandatory questionnaire item rather than an assumed default.
A single compromised OAuth token at one SaaS vendor can cascade into simultaneous access across dozens of downstream organizations. The Salesloft/Drift/Salesforce cascade compromised Cloudflare, Palo Alto, CyberArk, Tenable, and Zscaler from a single access point. KELA maps asset-to-vendor-to-organization relationships at a granularity that modelers can use to assess correlated loss scenarios.
FAQ — Ransomware, State Actors, And Coverage
Definitive attribution typically requires deep forensic analysis taking months — long after coverage decisions must be made. Carmiel identifies three markers signaling state direction: an ideological incentive structure behind what appears to be a financial model, disruption as a primary objective rather than monetization, and victimology aligned directly with a state’s geopolitical agenda. Real-time coverage determinations need real-time threat intelligence, not post-incident attribution.
Vibe hacking is KELA’s term for contextual manipulation of autonomous AI systems — leading agents to misinterpret malicious tasks as legitimate workflows without triggering alerts. Over 80% of sophisticated AI-assisted campaigns now run with minimal human oversight. Companies deploying AI tools without strict data isolation and least-privilege controls open attack surfaces that standard questionnaires fail to capture.
A ransom payment to what appears to be a criminal RaaS operation can expose both the insured and insurer to OFAC sanctions if the group is later attributed to a sanctioned state-aligned actor. Carmiel notes some groups use a financial facade to conceal state direction, offering higher affiliate profit shares for targeting specific geopolitical adversaries. Real-time threat intelligence on group attribution is essential before authorizing any payment.
Related Cyber Insurance Posts
- Cyber Warfare Escalates Worldwide As AI Turns Digital Conflict Into Constant Pressure
- Cyber Insurance in 2025: Costs, Claims, and a New(ish) Playbook
- Cyber Insurance Blind Spots: Why 85% Of Cyber Attacks Never Make The News And What That Means For Your Coverage
- Cyber Insurance Glossary
- Cyber Resilience Under Fire: New Data Exposes a Global Confidence Gap
