Industry Insights

Investing In Cyber Resilience: Protecting The Future Of Insurance Brokerages

Insurance brokers have long positioned themselves as trusted advisors, helping clients identify, mitigate, and transfer risk. But as cybercrime accelerates across every industry, are brokers doing enough to protect themselves?

Cybercriminals increasingly view insurance brokerage firms as prime targets because they sit at the center of a web of sensitive data, client relationships, and financial transactions. A single brokerage may hold decades of personally identifiable information across thousands of individuals and organizations.

For attackers, that concentration of data represents opportunity. Yet many brokerage firms continue to view cybersecurity as a lesser priority. MarshBerry’s 2026 Technology & Governance report shows that while a majority of insurance brokerage firms are confident in their cybersecurity posture, many have only basic or limited protections. The question for brokerage leadership now is whether current investments reflect the true size of the risk.

Naturally, the increase in AI adoption and digital experience has led to a surge in AI-based incidents. Attacks rose sharply through 2023, driven by ransomware, data exfiltration, and social engineering. 2024–2025 saw the trend sustain at that higher level. Brokerages increasingly feature in these events due to third-party and supply-chain exposure, which accounted for 59% of insurance-sector breaches.6  While defenses have improved, attack frequency remains high, particularly impacting brokerages as key intermediaries. The chart below illustrates this upward trend using indexed industry data.

Keep in mind, this chart is not a raw incident count, but instead shows trend‑based data, as most industry reporting relies on indexed trends from insurers and cybersecurity rating agencies.

What investing more in cybersecurity really means

No brokerage firm can fully prevent cyberattacks. The firms that experience the least disruption due to cyberattacks are those that have an “incident response plan” in place. Those are the firms that already know whose job it is to make decisions during a breach, how clients are notified, and how operations are restored under pressure. A simple incident response plan, including specific scenarios, helps ensure leadership is not improvising during a crisis. Cybersecurity has become a business-continuity issue – one that directly affects client trust, regulatory exposure, and long-term firm value.

First, meaningful investment starts with leadership. Cyber risk cannot sit solely with IT or outsourced providers. Firms that manage cyber risk effectively treat it as part of enterprise risk management, with clear executive accountability and regular visibility into exposure. When leadership owns the risk, cybersecurity decisions align more naturally with business priorities rather than being reactive or compliance-driven.

Beyond leadership, firms must invest in people, not just platforms. Most broker cyber incidents begin with phishing emails, exposed credentials, or human error, not system failures. Regular employee training, phishing awareness tied to broker workflows, and a culture that encourages early reporting dramatically reduces both incident frequency and severity. In many cases, modest investments in education deliver greater risk reduction than expensive technology. This includes addressing third-party exposure, like vendors or platforms that store sensitive data. Understanding which relationships introduce cyber risk, and setting reasonable expectations around security and breach notification, reduces blind spots that attackers increasingly exploit.

For insurance brokerage firms, “investing more” in cybersecurity is often misunderstood as purchasing additional software or upgrading IT infrastructure. In practice, the most meaningful investments are far less about tools and far more about resilience, accountability, and preparedness.

How brokers can prepare clients to be more cybersecure

Brokers and agents are at the center of a critical shift. No longer just intermediaries, brokers are uniquely positioned to influence how clients understand and manage cyber risk. Their role now extends beyond policy placement to shaping behavior, expectations, and resilience. The most effective brokers move clients from a passive mindset of “we have cyber insurance” to an active posture of “we understand and manage cyber risk”—with a particular focus on what policies do not cover.

As AI risk accelerates, exclusions—not coverage—have become the defining issue in cyber insurance. As carriers introduce explicit exclusions for generative AI outputs, brokers must interpret gaps, educate clients on their implications, and, where possible, negotiate carve-backs or recommend standalone AI coverage. These exclusions are often buried in endorsements or nuanced language, making them easy for insureds to overlook. The presence of AI exclusions means that having cyber insurance no longer guarantees protection against some of the fastest-growing sources of loss. AI-related incidents may fall outside standard coverage, leaving organizations financially exposed unless they proactively address these gaps. Additionally, increased scrutiny of third-party AI usage means organizations are now accountable not just for their own systems, but for risks introduced by vendors and partners.

Brokers play a pivotal role in preparing clients before incidents occur—guiding them toward right-sized cybersecurity practices, employee training, communication protocols, and incident response plans that align with both insurer expectations and business reality. Not every organization requires enterprise-grade controls, but every client must demonstrate intentional risk management. Brokers who can translate complex exclusions into actionable risk strategies will be best positioned to navigate a market where the greatest vulnerability is not the attack itself, but the assumption that it was insured.

Cyber risk is no longer an abstract, technical issue. For insurance brokerage firms, it is a direct test of operational resilience and professional responsibility. Investing more in cybersecurity is not about chasing the latest tools, it is about protecting clients, preserving trust, and ensuring the firm can continue to operate when/if an incident occurs. In a threat environment where attacks are inevitable, the broker who helps clients plan before the crisis becomes indispensable during it. In 2026, cyberattacks will continue to evolve across technological, geopolitical, and economic dimensions—so cyber strategies should evolve as well. 

Contributions to this article by: Brian Refici, Vice President, MarshBerry.