70% recovery in three days. Below 30% past two weeks. Those two numbers, drawn from At-Bay's 2026 InsurSec Report on more than 100,000 policy years of cyber claims, describe the recovery curve for stolen funds when a financial fraud incident is reported to the carrier. They also describe, with uncomfortable precision, the operating envelope of every AI control a carrier runs in production.
The dataset is the largest published claims-based view of cyber loss in 2025. It puts a dollar figure on detection latency in a way the AI governance literature usually does not. Average financial fraud theft rose 16% to $285,000, with a single loss of $9.65 million sitting at the top of the distribution.1 Financial fraud accounted for roughly 30% of all claims for the third consecutive year. Average ransomware severity climbed 16% to $508,000, and one ransomware crew, Akira, drove more than 40% of all ransomware claims on At-Bay's books.2
Cyber underwriters will read those numbers as a portfolio story. Anyone running production AI inside an insurance carrier should read them as something closer to a benchmark for their own supervision infrastructure.
What the Dataset Reveals About AI Controls in Practice
Most carrier AI investment in 2024 and 2025 went into models that move money or trigger downstream financial action: fraud scoring, claims triage, payment authorization, sanctions screening, vendor onboarding. Each of those models sits inside a workflow with the same recovery curve as a wire fraud: the longer the gap between an incorrect decision and human notice, the smaller the recovery percentage.
The At-Bay numbers make the curve concrete. A financial fraud incident reported within three days recovers about 70% of stolen funds. Reported between four and fourteen days, recovery drops to 53%. Past fourteen days, it falls below 30%.1
That curve is shaped by how the financial system clears wires, how foreign banks freeze accounts, and how quickly funds are layered through mules. The shape itself, though, generalizes. Claim leakage from a miscalibrated severity model behaves the same way: caught in the same week, it is reversible through reserve adjustment and reissued reserves; caught a quarter later, it is paid losses and a triangulation problem. A bias incident in an underwriting model caught in the first ten declined applications is a configuration fix; caught after a thousand, it is a market conduct exam.
At-Bay's recovery teams brought back $56 million in stolen funds in 2025 specifically because reporting was fast enough to outrun the layering process.3 The mechanism is detection latency, and it is the same mechanism that determines whether an AI control failure is an incident or a financial restatement.
The third-party liability segment in the same dataset compounds the point. Severity rose 70% year over year in that segment, the largest jump of any tracked claim type, with 34% of the cases now classified as CIPA matters (a category that was 7% of the segment as recently as 2023).1 Most of those CIPA cases involve marketing pixels and tracking technology, exactly the class of automated decisions that AI compliance models are now being deployed to evaluate. A drift in the model that approves which trackers ship to production has the same recovery curve as a stolen-wire incident: catchable cheaply in the first week, irreversible by the time the demand letter arrives.
The Akira Lesson Is About Concentration
The headline statistic from the report is the Akira concentration. One ransomware affiliate drove more than 40% of ransomware claims on At-Bay's books in 2025. Average Akira ransom demands ran $1.2 million, roughly 50% above the rest of the field, and 86% of Akira intrusions involved a SonicWall VPN appliance.2 At-Bay's CISO for Customers, Adam Tyra, framed the dynamic this way: "The single biggest determinant of your ransomware risk last year wasn't your industry, your size, or even your security budget. It was whether you operated a specific type of network appliance."3
That sentence translates directly into AI governance language. Replace "network appliance" with "foundation model provider," "embedding service," or "agent orchestration framework" and the implication is the same. Single-vendor concentration in the AI tooling stack is a correlated risk that does not show up on a vendor risk questionnaire because the risk is not in any one vendor's failure rate. It is in the population-level effect when many carriers depend on the same upstream behavior.
A model provider that ships a silent inference change on a Tuesday evening can shift loss-cost predictions across hundreds of insurance customers simultaneously. A retrieval-augmented generation system pointed at the same third-party policy database can propagate a stale exclusion language change across every adjuster who consults it. The 60% of Akira victims who had EDR tools deployed and were breached anyway are a useful cautionary parallel.2 Tooling presence is not the same as protection. The questions that should follow the At-Bay report inside an AI governance committee are unfamiliar but answerable: which upstream AI dependencies, if they shipped a behavior change tonight, would touch more than 25% of our automated decision volume by Monday? What is the carrier's equivalent of a 24/7 MDR for that scenario?
The 100% of Akira victims who avoided full encryption used 24/7 managed detection and response, not periodic review.1 That figure is the strongest control comparator in the report. It is also the figure that translates most directly into AI governance vocabulary: continuous supervision is the only configuration that produced complete protection in the breached population, and the absence of it (even with sophisticated point tools deployed) was the marker of victims who lost their data.
How Supervision Tightens the Detection Window
Detection windows are an operational property of the supervision layer wrapped around a model, not a property of the model itself. A fraud model running with daily batch evaluation has a minimum detection window of one day. A claims triage agent monitored only through monthly performance reviews has a thirty-day floor on incident detection, before any time spent diagnosing root cause.
Three components of the supervision layer move the window:
Continuous evaluation against ground truth. The slow-moving carrier pattern is to sample a few hundred decisions per quarter, score them by hand, and report aggregate accuracy. That pattern produces a thirty-to-ninety-day detection window for any drift that does not declare itself with a complete failure. Continuous evaluation runs every production decision through a parallel scoring path, comparing predicted outcomes to confirmed outcomes as the confirmations arrive. For a fraud model, the ground truth signal is the chargeback or recovered-funds confirmation, which often arrives within 7 to 14 days. For a claims triage agent, ground truth is the realized severity of the claim once it closes, which can take 60 to 180 days. The detection floor is set by how fast the slowest ground-truth signal arrives, but everything faster than that is observable in real time.
Population-level drift monitoring. Single-decision monitoring will miss the kind of failure At-Bay calls out in the third-party liability segment, where claim severity rose 70% year over year and CIPA cases jumped from 7% of that segment in 2023 to 34% in 2025.1 No single claim looks anomalous in that pattern. The shift only appears in the distribution. AI supervision needs the same instrument: a portfolio-level view of the model's decision distribution, segmented by geography, line of business, and claim type, with statistical alerts when the distribution shifts from baseline.
Programmatic escalation triggers. When evaluation surfaces a candidate incident, the response time depends on whether escalation is automatic or queued for the next monitoring meeting. The carriers At-Bay's data shows recovering 70% of fraud losses are not the carriers with the best post-mortem process. They are the carriers whose detection-to-notification path takes hours rather than days. The same is true for an AI control failure: the difference between catching a miscalibrated rate within one underwriting cycle and catching it within one quarter is whether the supervision layer triggers automatic notification when defined thresholds breach, or whether the breach waits to be noticed in a slide deck.
These three together are what we mean when we describe a supervision layer as an operational system rather than a reporting system. The output of supervision is a shorter detection window, measured in the same units as At-Bay's recovery curve.
The Number Behind the Numbers
There is one statistic in the report worth holding alongside the consumer acceptance data we covered in our analysis of the Insurity 2026 study. Smaller businesses, those under $25 million in revenue, saw ransomware frequency rise 21% and severity rise 40% to $422,000.2 The same population segment is the one most likely to be served by carrier AI in the next two years, because automated underwriting and automated claims handling are how mid-market insurance scales economically. The cyber loss curve and the AI deployment curve are converging on the same book of business.
A carrier that automates the front end of a small commercial book without deploying supervision instrumented to a multi-day detection window is making an implicit bet: that the Akira-style concentration risks of its own AI stack are smaller than the Akira-style concentration risk in its insureds' VPN choices. The At-Bay data does not support that bet.
The recovery curve is the part of the report that translates most cleanly. 70% in three days. Below 30% past two weeks. The AI controls running inside a carrier today produce decisions that flow into the same financial system, on the same clearing schedule, with the same friction once funds or reserves leave the building. Treat the supervision layer as the equivalent of the 24/7 MDR that turned out to be the only meaningful difference between Akira victims who lost their data and Akira victims who did not. The detection window is the product, and right now most carriers are buying it in days when the loss curve is priced in hours.
