Cyber insurance was built around the annual penetration test. AI is quietly making that snapshot obsolete - as a security control and as an insurance artefact.
In the summer of 2022, an electronics manufacturer in Decatur, Illinois discovered the difference between having a cyber insurance policy and having coverage. International Control Services had been hit by ransomware. It had a policy from Travelers. It also had a problem: when it applied for that policy, it had attested that multi-factor authentication protected all administrative and privileged access. Forensic investigators found that the attack had begun on a server where MFA was not, in fact, enforced.
Travelers did not dispute the loss. It disputed the policy. It asked a federal court to rescind the contract on the grounds of material misrepresentation, and within weeks the court entered judgment in its favour. The policy was treated as if it had never existed. ICS absorbed the recovery costs itself.
The case is worth dwelling on, because the lesson most people take from it is the wrong one. The lesson is not “remember to switch on MFA everywhere.” The lesson is that a cyber insurance policy is not a record of how secure you are. It is a record of what you told your insurer, frozen at the moment of application. Coverage holds only so long as those two things - the attestation and the environment - do not diverge. ICS did not lose its coverage because of one unprotected server. It lost coverage because reality had drifted from the snapshot, and nobody noticed until an attacker did.
How testing actually enters the policy
It is tempting to imagine a clause somewhere that reads “the insured shall conduct annual penetration testing.” For the most part, there isn’t one. The requirement arrives through two quieter routes. The first is the application: above roughly five million in limit, testing and a security audit are now conditions of being quoted at all, while below that the requirement appears as an attestation - a yes-or-no question asking whether the organisation tests at least annually and after material change. Either way the answer is a representation, priced against and, as ICS discovered, rescindable over. The second route runs through the compliance frameworks a policy leans on. PCI DSS requires internal and external testing at least annually and after any significant change; the HIPAA Security Rule has long been read the same way, with proposed updates making annual testing and semi-annual scanning explicit for covered entities and their business associates. Where a policy references these regimes, the cadence comes in through the back door whether or not the word “annual” appears in the wording.
Today that cadence sits at a single internal and external test a year as the floor, with six-monthly or quarterly testing expected for higher-value targets and high-severity findings remediated inside a 30-to-60-day window. The market has reason to be exacting. Roughly a fifth of cyber claims were denied or partially denied last year, up from around 15% two years earlier, and the most common cause was not exotic - it was a gap between the controls an organisation had attested to and the controls it actually maintained. Two in five applications are now declined on first submission. After a breach, insurers no longer check the box on the form; they check the environment.
What matters more than where the cadence sits is the direction it was already travelling, and why it had stalled there. Even before AI entered the conversation, underwriters were pushing frequency upward and leaning harder on the “after material change” trigger - both attempts to close the same gap, the unmonitored interval between one annual snapshot and the next. But the trigger was largely aspirational and the cadence had a ceiling. Annual, or quarterly for the crown jewels, was never chosen because it was sufficient. It was simply the most frequent testing a manual, expert-led process could realistically deliver at a price an insured would pay and a turnaround an insurer could rely on. “After material change” sat in policies as an intention rather than an enforceable obligation, because nobody could cheaply define a material change, detect it as it happened, and test against it before an attacker did. The requirement was pinned not at the level of the ideal but at the level of the affordable.
That ceiling is the thing AI removes. Automated penetration testing collapses both halves of the old constraint at once - the cost of a test and the time to return it. Assessment that was viable once or twice a year becomes viable continuously, or on demand. And it makes the “material change” trigger tractable for the first time: a change to the estate can be detected and its security implications tested as it lands, rather than gestured at in a clause and revisited at the next annual window. The vague becomes measurable; the aspirational becomes enforceable.
The reasonable expectation, then, is that policy language follows the economics. The attestation that today reads “we test at least annually and after material change” is the language of a market that could not yet ask for more. As continuous validation moves from impractical to routine - and, just as importantly, becomes evidence an underwriter can verify rather than take on trust - the floor will rise to meet it. Expect the next generation of wordings to require demonstrable, continuous testing and verified assessment on material change, because for the first time that is a requirement an insured can actually meet and an insurer can actually check. The annual test will not disappear from the policy. It will stop being enough to satisfy it.
Why the requirement will harden
Feasibility alone does not move an insurance market; pressure does. The annual test survived as long as it did because it was a fair enough proxy - posture did not change faster than a yearly snapshot could capture it, and an adversary could rarely find and weaponise a flaw before the next test came round. AI breaks that proxy from the attacker’s side as decisively as it lifts the ceiling on the defender’s. Rating agencies now say so plainly: the disruptive quality of AI here is that vulnerability analysis was historically slow, skilled, low-reward work, and automation fills precisely that gap at scale and speed - lowering the barrier for attackers and, in the near term, surfacing vulnerabilities faster than they can be patched. Reinsurers describe agentic systems that plan multi-stage operations, exploit weaknesses, and learn from a defender’s responses with little human input, and expect the first-order effect to fall on the frequency of attacks rather than their severity. More attacks, found faster, against more targets - driving straight through the unmonitored interval the annual snapshot leaves open.
The market is repricing in two directions at once. The first is exclusionary: several major carriers have moved to carve AI-related damages out of standard liability cover, and regulators have largely let them. The second is structural, and it points the same way as the testing requirements. Underwriting is shifting from an asset-based question - do you own these controls - to a behavioural and governance-based one - how are your systems designed, governed, and monitored over time. That is a question a once-a-year snapshot cannot answer and continuous validation can, which is why carriers increasingly distinguish between point-in-time testing and ongoing validation, and reserve their best terms for the latter.
The snapshot and the artefact
So the annual penetration test is being weakened twice over, by the same force. As a security control, it leaves a widening gap that machine-speed adversaries are increasingly equipped to exploit. As an insurance artefact, it is a snapshot whose half-life is shrinking - an attestation that was true on the day it was made and is quietly becoming less true every day after.
None of this argues against testing. It argues against treating an annual event as proof of a continuous condition. The same automation that is compressing the attacker’s timeline can compress the defender’s: the technologies surfacing vulnerabilities at scale can be turned to surfacing them on your own estate, continuously, in something closer to the rhythm at which your posture actually changes. The organisations that come through the next few renewal cycles in good standing will be the ones whose evidence of security is as live as the threats it answers to - the ones, in other words, for whom the gap between the attestation and the environment has been engineered down to nothing.
ICS lost on a single server and a single year-old form. The next version of that story will not need either. It will only need the gap.