Cyber insurer Cowbell expects UK businesses to face a sharp rise in data theft, AI-driven scams and supply chain cyber incidents in 2026, alongside tighter insurance requirements and a shifting regulatory regime on ransom payments.
The company’s UK leadership team outlined its outlook across cyber crime, sector exposure, prevention practices and the insurance market, pointing to a continuation of trends that emerged over the past year.
Data theft focus
Cowbell predicts that cyber attackers will place less emphasis on encrypting systems and more on stealing sensitive data, including personal information, as they seek greater leverage over victims and longer-lasting payoffs.
“This year, we are still largely seeing the same types of attacks although threat actors tactics are evolving. We’ve continued to see a huge amount of ransomware, for example, although we’ve started seeing trends more towards data theft than full system encryption as threat actors recognise the value in PII – and expect this to continue into 2026,” said Claud Bilboa, RVP Underwriting & Distribution, Cowbell.
Bilboa said this shift increases the financial and operational impact of incidents.
“This pivot to data theft still carries a great deal of severity from a cost perspective and can also take years to conclude due to the time it typically takes to settle these matters with individuals and regulators. We are also seeing an increase in non malicious cyber events (system failure events).”
The firm expects system failures and supply chain-related incidents to grow in volume. It links this trend to rising digital dependency among small and mid-sized enterprises and wider use of outsourced IT infrastructure.
AI-enabled crime
Cowbell expects wider use of artificial intelligence by criminal groups in 2026, including generative AI tools that can personalise scams and automate social engineering.
“As AI becomes more accessible, the barriers to entry for attackers are falling, and we’re already seeing threat actors evolve their tactics as a result. Because of this, in 2026 I expect a clear rise in cyber crime and BEC, alongside more AI-driven activity as adversaries continue to grow in sophistication,” said Kirsten Maley, Director of Claims, UK, Cowbell.
Simon Hughes, SVP Global Distribution & GM UK at Cowbell, said the use of deepfakes and AI-generated content is already affecting fraud patterns.
“Deepfakes and generative AI have made phishing far more convincing and much easier to do. We’ve seen CFOs approve payments based on voice-cloned messages or synthetic emails. There are also early signs of quantum-aware encryption testing, as threat actors prepare for the post-quantum era,” said Hughes.
Cowbell expects attackers to explore encryption methods that anticipate a future in which quantum computing can break today’s widely used cryptography.
Sector pressure points
The firm identifies manufacturing, healthcare, public sector, retail and education as likely to remain priority targets next year. It links this to a mix of legacy technology, low cyber maturity and the high operational or privacy impact of breaches in those industries.
“For a number of reasons, some of these sectors suffer from underinvestment and also have legacy and out of date systems within their IT / OT estates. They are popular targets owing either to the operational impact a cyber incident has on their business operations, the manufacturing sector is a great example of this, or the fact that they hold lots of very sensitive information which is lucrative in the hands of threat actors. ” said Bilboa.
Hughes expects risk in the education sector and among outsourced IT providers to climb further.
“Alongside the usual targets, the education sector is becoming increasingly exposed due to outdated systems and low cyber maturity, as well as Security as a service vendors. As outsourced IT dependency grows, these tech firms have become a “gateway” into larger enterprises,” said Hughes.
Evolving prevention
Cowbell expects prevention measures inside organisations to change in parallel with attacker techniques, including more formal governance around the use of AI and new monitoring approaches for staff use of unsanctioned tools.
“Prevention is not a static topic, like many things in cyber it is constantly evolving. As such, my message to business leaders is ‘It’s not if but when’. Invest in key controls, policies and procedures so that when you are faced with a cyber attack you are in the very best position possible to navigate through it. Cyber insurance plays a pivotal role in this too. Assessing what cyber security tools you use along with further developing your policies and procedures is something that should be addressed at least annually,” said Bilboa.
He expects corporate governance of AI use to become a standard discussion item.
“In 2026 we may start to see a wider adoption of AI policies amongst businesses as they look to implement the use of AI within their own businesses. They too will need to consider the risks that this comes with, these could be privacy risks or the risk of shadow AI within their businesses,” said Bilboa.
Insurance response
Cowbell forecasts further rapid expansion of the cyber insurance market in 2026 as demand rises and insurers adjust underwriting requirements in response to more frequent and complex incidents.
“Insurers are evolving from pure risk transfer to risk partnership. At Cowbell, for example, we’re embedding continuous risk assessment, offering policyholders real-time visibility of their cyber posture through data-driven tools. The underwriting approach has become more dynamic: coverage, limits, and conditions reflect a company’s live cyber hygiene rather than a static questionnaire. We’re also seeing growth in incident response readiness services being bundled into policies, so the support starts before a breach ever happens,” said Hughes.
The company expects buyers to face tighter security expectations as a condition of cover, alongside greater emphasis on incident readiness services before a breach.
Regulation in flux
Cowbell’s outlook also highlights an uncertain regulatory environment in the UK around ransom payments and breach reporting, which it expects to become clearer over the next year.
“The UK is at a crossroads at the moment and we are likely to get far more clarification over 2026. Right now, the government is looking into a partial ban of ransom payments, which would apply to the Public Sectors and Critical National Infrastructure (CNI). In addition, they are also considering mandatory ransom reporting. But I suspect there may also be some developments around AI,” said Maley.
The company expects that any new rules on ransom payments and AI use will shape both incident response strategies and insurance arrangements through 2026.