AI Is Driving a New Wave of Cybersecurity—and Insurance Premiums Are Following

Artificial intelligence is no longer just a buzzword in cybersecurity. It is reshaping the industry’s business models, talent strategies, and even how companies pay for risk coverage. According to the latest RSAC Cybersecurity Insights & Futures report, more than half of all application security startups will be AI-driven by 2026, while cyber insurance premiums, which are already up more than 140 percent since 2020, are expected to climb again.

The report, compiled from extensive RSAC conference data and research, paints a picture of an industry at an inflection point. AI is being woven into everything from secure coding pipelines to threat detection systems. At the same time, insurers are recalibrating premiums as ransomware payouts are projected to surge past $1.3 billion in 2025.

“CISOs cannot afford to be complacent about leadership and risk management,” said Laura Koetzle, Head of Community Research at RSAC. “Investments in talent development and better preparation for regulatory pressure are going to separate the winners from the rest.”

Talent and Leadership Challenges

The cybersecurity talent crunch is far from resolved. RSAC researchers expect a temporary easing in 2026 due to a softer job market and AI-enabled automation, which will make recruiting easier. But this dip could mask long-term retention risks. The report predicts that executives who underinvest in workforce development will face “costly team departures” by 2027, forcing companies to scramble and spend more in 2028 to rebuild expertise.

This cyclical challenge is compounded by the growing complexity of global regulations like the EU’s Digital Operational Resilience Act (DORA). Enforcement actions under DORA are expected to ramp up by April 2026, putting financial services CISOs in the crosshairs of European regulators and cloud providers.

The Cloud Matures, and Supply Chain Risks Return

While cloud security remains critical, fewer startups are focusing on it as a standalone niche. Only 7 percent of RSAC Innovation Sandbox entrants in 2025 were cloud-only players, a number projected to fall further in 2026. Instead, founders are targeting AI agents, application security, and the software supply chain.

Supply chain security, both hardware and software, is making a comeback as a top-10 community priority, driven in part by upcoming EU Cyber Resilience Act enforcement deadlines and the explosion of large language model-generated code.

Insurance Costs Will Keep Climbing

Cyber insurance premiums, which soared 80 percent in 2021 and another 41 percent in 2022, are projected to rise again by 1 percent in 2026. It’s a modest uptick on paper, but Koetzle points out that it comes on top of years of compound increases.

The advice from RSAC is blunt: lock in early renewals in Q1 2026 to avoid paying more. “A one percent increase doesn’t sound like much until you realize it’s layered over a 143 percent increase since 2020,” said Chris Gates, RSAC’s Director of Research.

AI-Driven Security Is Here to Stay

Perhaps the most striking trend is the dominance of AI in the startup landscape. Application security has consistently been one of the largest categories at RSAC’s Innovation Sandbox competition, and by 2026, more than half of those companies will be AI-driven. This reflects the growing reliance on generative AI tools in software development, where more than 63 percent of developers already use AI to write code.

The same tools that speed up development cycles, RSAC warns, can also introduce new vulnerabilities. Security teams will need to implement strict guardrails and adopt AI-powered testing platforms to keep up.

For CISOs and security leaders, the message is clear: AI is no longer optional. It is the foundation for defending applications, navigating regulatory minefields, and managing spiraling risk transfer costs. Those who fail to adapt may soon find themselves paying a premium in more ways than one.