On Monday, January 19 we reported that cyber has topped the global risk rankings again according to The Allianz Risk Barometer, with AI close behind. Most executives read that as confirmation that digital risk is rising everywhere, for everyone, all at once. That interpretation is comfortable. It is also wrong.

What is actually happening is more asymmetric and more dangerous. Large enterprises are buying their way into resilience, while small and mid-sized businesses are converging on the same technology stacks, the same vendors, and the same minimum controls. At the same time, AI is collapsing the cost and time required to exploit those shared systems. The result is not just more cyber loss, but a structural shift in how loss accumulates across portfolios.

This matters because SMB cyber is still priced and underwritten as if it were diversified retail risk. In practice, it is starting to behave like concentrated exposure to a handful of platforms, configurations, and failure modes. When attacks scale, they will not arrive policy by policy. They will arrive in clusters.

This article examines why cyber defense is bifurcating, how standardization has quietly synchronized SMB risk, how AI changes the economics of attacking that segment, and why insurers and reinsurers are already signaling stress through pricing, limits, and capacity. The core question is simple and uncomfortable: if SMB cyber no longer diversifies the way the market assumes, what exactly are carriers underwriting today?

logo

Continue reading by upgrading your subscription to P&C Insurance Executive Intelligence.

Upgrade to get access to this post and other subscriber-only content.

Upgrade

A paid subscription will give you access to:

  • The full edition of In Force, our flagship weekly signal brief - what happened, why it matters, and implications.
  • Competitive intelligence on carriers, brokers, insurtech, AI disruptors, and other players.
  • Weekly in-depth analysis of breaking developments and emerging industry trends, examining their implications, risks, and strategic considerations for P&C insurance leaders.

Keep Reading