AI isn’t just changing how businesses operate, it’s changing how cybercriminals attack. This summer’s coverage of PromptLock, a proof-of-concept from researchers at NYU, gave the world its first look at what AI-powered ransomware could do. It wasn’t a real criminal campaign, but it showed just how quickly ransomware can evolve: adapting targets, stealing data, and halting operations with unprecedented speed.

For small and midsize businesses, the signal is clear. The future of ransomware will be smarter and faster. That means leaders need strategies—both stronger cybersecurity practices and insurance programs—to stay resilient and keep growing with confidence.

The Rise of AI-Powered Cybercrime

Traditional ransomware followed a predictable script: breach the network, lock the data, and demand payment. Defenses were built to spot familiar patterns.

PromptLock showed how ransomware can use machine learning to adapt in real time—automating malicious code, tailoring ransom demands, and choosing the most lucrative targets. Instead of one static attack, each execution can look different, making detection harder and response more complex. According to the researchers, their prototype could:

• Identify and rank targets based on available data.
• Exfiltrate selected information before encryption, to get more money.
• Encrypt drives at scale, halting operations until a ransom was paid.

That flexibility makes detection more difficult. Every execution looks different, which undermines signature-based defenses and demands more advanced monitoring and response.

While PromptLock itself was only a proof-of-concept, the criminal use of AI is already real. Cybercriminals are leveraging AI to sharpen phishing and fraud campaigns. “Malicious groups can farm company details, scrape personal social media pages, and build up a comprehensive case study on an individual fairly easily,” says Aimee Simpson of cybersecurity firm Huntress. “This access allows them to more rapidly develop spear-phishing campaigns, increasing their success rates and making it far more common for employees to fall for fake emails or texts.”

For business leaders, the implication is serious: AI won’t just help your business move faster. It’s also helping attackers scale, which makes resilience strategies more essential than ever.

Why Businesses Are at Risk

It’s easy to assume attackers chase only large enterprises with deep pockets. The reality is different: small businesses account for 43% of all data breaches in recent years.

Small and medium sized businesses are attractive targets for four main reasons:

1. Limited resources: Few small businesses have a dedicated security operations team. IT responsibilities often fall to lean staff, leaving gaps attackers exploit.
2. High-value data: Even small companies manage sensitive customer, payment, or healthcare data.
3. Third-party dependence: Small businesses rely heavily on SaaS vendors, cloud platforms, and managed service providers. A single weak link in that chain can expose the business.
4. Operational pressure: Many small businesses can’t afford extended downtime. That urgency makes them more likely to pay ransoms quickly.

AI makes these vulnerabilities even more attractive to use, and even easier to exploit. According to IBM, generative AI reduces phishing email creation time by up to 99.5%. That speed and realism translate into more frequent, effective attacks.

“AI radically lowers the bar for entry into ransomware scamming,” says Simpson. “Instead of meticulously crafting a spear-phishing campaign, attackers can now generate one in seconds and send it out.”

Unlike large enterprises that typically have layered defenses and incident response playbooks, smaller companies often lack both. The combination—valuable data, limited defenses, and low tolerance for disruption—explains why small businsses are increasingly seen as soft targets in this new era of AI-driven crime.

The Role of Insurance in Mitigating Ransomware Risk

Even the best security controls aren’t foolproof. When defenses fail, insurance is the financial backstop and legal safety net that keeps businesses moving.

As a broker, Vouch works with you to identify exposures and craft insurance programs that combine the right policies and limits. For ransomware specifically, several coverages matter most:

Cyber Liability Insurance

Cyber Insurance is the frontline protection against ransomware fallout.

• First-party coverage can pay for forensic investigations, breach notifications, credit monitoring, data recovery, and business interruption losses. It may also cover ransom negotiations and payments where legally allowed.
• Third-party coverage defends the business if customers, partners, or regulators sue, alleging you failed to protect their information.

Crime Insurance

Ransomware often overlaps with fraud. Attackers exploit the chaos of an incident to launch business email compromise (BEC) or funds transfer fraud. Crime policies fill gaps where cyber coverage may exclude or limit protection.

Directors & Officers (D&O) Insurance

Cybersecurity isn’t just an IT concern, it’s a governance issue. After a breach, stakeholders may claim the board or leadership failed to exercise proper oversight. D&O coverage shields executives’ personal assets in cases of mismanagement or negligence tied to cyber risk.

Errors & Omissions (E&O) Insurance

For service-based companies, ransomware downtime can trigger client lawsuits. If a customer alleges that your service failure caused harm, E&O coverage can absorb the costs, including settlements, even when the root cause was an attack.

The financial stakes continue to escalate. In 2024, ransomware made up 58% of large claims, and ransom demands surged 500% to an average of $2 million. Very few businesses could absorb that blow alone. Insurance ensures they don’t have to and helps leaders keep their focus on growth, not survival.

Best Practices for Cyber Resilience

Insurance provides critical financial protection, but it’s most effective when paired with preventive security. Businesses reduce both the likelihood and impact of ransomware by investing in a few foundational practices:

• Identity & access management: Require multifactor authentication (MFA) across all accounts, especially for administrators and finance teams.
• Employee training: Regularly train staff to recognize phishing attempts. With AI making fraudulent emails and voice calls more convincing, awareness is more essential than ever.
• Backup strategy: Follow the 3-2-1 rule: three copies of data, two types of storage media, and one offsite or offline copy. Test restorations frequently.
• Vendor risk management: Vet third-party providers for their security posture. A weak vendor can become the attacker’s entry point.
• Incident response planning: Run tabletop exercises that simulate a ransomware attack. Define roles, escalation paths, and communications before a crisis hits.

Detection remains a challenge: 67% of companies only learn about breaches from attackers or third parties, not their own defenses. That delay drives up both cost and reputational damage.

Pairing sound practices with the right insurance ensures companies can withstand both the technical and financial impact of AI-powered threats.

The good news? You don’t have to face it alone. With Vouch, you gain a trusted partner to assess exposures, navigate policy complexities, and secure the right mix of cyber, crime, D&O, and E&O coverage. The result isn’t just protection—it’s the confidence to keep pursuing your ambitions in a world of smarter, faster threats.

Vouch Specialty Insurance Services, LLC (CA License #6004944) is a licensed insurance producer in states where it conducts business. A complete list of state licenses is available at vouch.us/legal/licenses. Insurance products are underwritten by various insurance carriers, not by Vouch. This material is for informational purposes only and does not create a binding contract or alter policy terms. Coverage availability, terms, and conditions vary by state and are subject to underwriting review and approval.