Cyber market ‘has not yet built the infrastructure’ to operate sustainably at scale

The cyber insurance market should not “wait for the perfect frameworks”, but “help build them” collaboratively to address evolving threats.

This was the central view shared by Tracy-Lee Kus, chief executive at Aon’s Global Broking Centre, during her keynote speech at Zywave’s Cyber Risk Insights conference in London on 22 April 2026.

Kus admitted to the conference hall that “the cyber insurance market has not yet built the infrastructure” to handle systemic and catastrophic cyber events, but she believes that the industry is “on the verge” of “changing and starting to build” what is needed.

She said recent initiatives will “start to unblock billions in capacity”, including a mutual fund backed by major IT service providers to cover large-scale systemic cyber events.

Further, she referred to the work of the Cyber Monitoring Centre (CMC), launched in February 2025, which provides a standardised way to define and monitor major cyber incidents impacting UK organisations.

Kus urged underwriters and executives to engage with such initiatives, saying that their ”participation determines whether this succeeds or fails”.

She added: “Don’t wait for perfect frameworks, help to build them. Look at the initiatives that are coming in and think differently about the exposure. For brokers, invest in understanding how this infrastructure works [as] your clients will need you to really understand it and help them to navigate this transition.

“Risk managers, demand from your carriers that you really want to be able to cover the systemic risk and the systemic exposures that you have in front of you. And regulators, support these innovation techniques – think differently about how you come together to find these solutions.”

‘New way forward’

With cross-industry initiative, Kus believes that a “mature market with three distinct layers” will be the “new way forward”.

These layers will involve IT service providers “covering systemic large scale events”, the ILS and cat bond market “providing additional catastrophic capacity” and traditional insurance “covering operational cyber risks”.

Kus stressed that winning carriers will “build the capability to join the infrastructure” and deploy artificial intelligence (AI) “updates continuously” to monitor exposure in real-time without waiting for annual proposal forms.

She continued: “The reality is clear – we have 36 months to build the market we need.

“Not because everything breaks at month 27 – it doesn’t. But, because the threat is accelerating, the concentration is getting even narrower. And, the gap between our capabilities and the risk is starting to widen every day. Jaguar Land Rover taught us that £1.9bn is [the cost] when we wait too long. But initiatives like the CMC show us what can happen when we act together.

“The choice isn’t whether cyber risk will evolve, AI guarantees that it definitely will – the choice is whether we build infrastructure fast enough to transfer this risk effectively.”