AI use is changing how much companies pay for cyber insurance
March 12, 2026 – Published on CSO Online
In July 2025, McDonald’s had an unexpected problem on the menu, one involving McHire, its AI-powered platform used to recruit and screen job applicants. The system, developed by Paradox.ai, featured a rookie-level security flaw: the backend for restaurant operators accepted “123456” as both username and password, and lacked multi-factor authentication. As a result, the personal data of around 64 million applicants was in danger. Luckily, the flaw was uncovered by security researchers, who notified the company.
With organizations rushing to deploy AI tools without fully auditing them, incidents like this are not uncommon. AI adoption is moving faster than AI security and governance, according to a recent report. And insurers know that. Many have tightened policy language, raised premiums, and carved out explicit exclusions for certain AI-related incidents, an effort that aims to limit exposure to risks that are poorly understood.
Yet the picture is not entirely one-sided. Insurers are also rewarding stronger defenses: 86% of organizations say they have received premium discounts or credits for using AI-based security tools that bolster their security posture.
“AI is both a risk and an opportunity,” says Nate Spurrier, vice president of insurance and counsel strategy at GuidePoint Security.
Read More HERE.