Cyber insurance in Brazil is the fastest-growing niche in Seguros e Danos (P&C), and at the same time the hardest line to price. According to reinsurance broker Guy Carpenter, cyber premiums rose from R$21.4 million in 2019 to R$237.5 million in 2024, an eleven-fold increase off a tiny base, with R$66.3 million accumulated in the first quarter of 2025. Demand is driven by the threat environment, but the underwriting machinery that should price it consistently is still immature. The reason is structural. A breach, a ransomware event, or an LGPD liability claim is non-stationary, correlated across the whole portfolio, and informed mostly by data that lives outside the insurer's core. A single shared cloud provider or a common software supply chain can trigger many claims at once, so portfolio-level scoring matters as much as the individual risk. The signals that actually price a cyber submission, exposed attack surface, security posture, sector, breach history, and CNPJ context, were never something a policy core was built to ingest or structure. That is the gap this article works through, and it is the most acute version of the unstructured-data problem the rest of this collection documents. It is also the clearest case for an external AI intelligence layer that reads cyber submissions, enriches them with outside signals, and scores risk against the carrier's own appetite, without touching the core system underneath.
State of the P&C insurance market
The Brazilian insurance market collected R$751.3 billion in premiums in 2024, up 12% year over year, with claims (indenizacoes) above R$504 billion, a rise of 7.8%, according to CNseg figures reported by Valor Economico and Revista Apolice. Against that whole, cyber is still a rounding error in absolute reais and the standout on growth rate. Two source families agree on the trajectory and differ on the base year, so each is cited on its own terms rather than blended. Guy Carpenter puts cyber premiums at R$237.5 million for full-year 2024, an eleven-fold rise since 2019. CNseg, via Revista de Seguros, reports a different cut: growth of 880% over five years, from R$20.7 million in 2019 to R$203.3 million in 2023, with a year-over-year increase of 17.1% from 2022 to 2023. The market structure tells the more important story. Per the Guy Carpenter study, AIG, Zurich, and Tokio Marine together held about 81% of issued cyber policies in 2024, and roughly 72.5% of the insured risk was ceded to reinsurers. That cession rate is the clearest signal that domestic carriers do not yet hold the data or the modeling confidence to retain cyber risk on their own books. For global anchoring, Munich Re sized the worldwide cyber market at about US$15.3 billion in premiums in 2024, so Brazil remains an early-stage fraction of a still-young global line.
What is pressuring underwriting
Demand is pulled by a rising and quantifiable threat surface. Check Point's Global Ransomware Report placed Brazil seventh globally in 2024 with 123 reported ransomware attacks, while Kaspersky measured Brazilian ransomware victims climbing from 39 in 2022 to 62 in 2023 to 105 in 2024. The exact ranking moves by methodology, so the honest read is a clear, accelerating attack trend rather than a single fixed position. Three structural forces then make this line hard to underwrite, and they are specific to cyber. First, the loss distribution is non-stationary and correlated, because it shifts with each new exploit and a shared vulnerability can hit many policies together, which makes accumulation and silent-cyber exposure a portfolio-level concern, not just an individual-risk one. Second, the decisive data lives outside the core. Pricing a cyber risk depends on external signals the insurer's policy system was never designed to ingest, the same external-enrichment problem the rest of this collection covers, in its sharpest form. Third, LGPD turns a data breach into a quantifiable third-party and regulatory liability, which expands what the policy must cover, while specialized cyber underwriting talent is scarce, so capacity does not scale with double-digit demand. Brokers compound the pressure, since more than 60% choose an insurer by response speed, a Capgemini figure, and a manual cyber submission process cannot deliver that speed. The result is a line where appetite, data, and turnaround are all under strain at once.
Risk, fraud, and the AI shift
Because cyber risk is data-driven and external, it is the line where AI and Machine Learning have the clearest underwriting role, and where black-box scoring is least acceptable. The shift underway in Brazilian carriers is concrete. It covers automated reading of cyber submissions and security questionnaires at intake, external-signal enrichment to score attack surface and posture, multi-factor ML risk scoring calibrated to the carrier's appetite and underwriting manual, fraud and misrepresentation flags raised at quotation rather than after a loss, and dynamic, risk-adjusted pricing that routes clean risks automatically and escalates complex ones to a human. The governance constraint is the gate. Under LGPD and SUSEP supervision, an automated cyber underwriting decision has to be explainable and auditable, with documented logic and a full trail, or it will not survive a regulatory or internal review. So explainability is a baseline requirement for cyber, not a differentiator. Valor Economico's June 2025 coverage framed the same double edge, that AI sharpens underwriting while generative AI also widens the attack surface insurers must price. There is also a quieter operational cost behind all of this. Underwriters spend about 40% of their time on administrative tasks, a Deloitte figure, and corporate teams lose 20% to 30% of their time organizing unstructured data, per Gartner. For most Brazilian carriers, the practical path is an external AI layer that integrates with the existing core and adds submission reading, enrichment, and appetite-calibrated scoring, rather than a multi-year core rebuild.
Where WIR fits
WIR Innovation is the AI layer for insurance, an external intelligence platform that sits on top of the systems an insurer already runs, never in their place. For cyber, that vantage point is the relevant one, because the line is held back less by the core and more by the reading, enrichment, and scoring around it. WIR is 100% external, with no load on the insurer's IT and no core migration, and its Machine Learning is calibrated to the insurer's risk appetite and underwriting manual rather than a generic model. The platform runs the journey in sequence. It takes multichannel intake with automatic validation in the format the insurer already uses, reads submissions to extract fields with high precision, enriches each case with external context such as CNPJ, broker history, and exposure, then scores it through a multi-factor risk and fraud engine, calculates a risk-adjusted premium, and returns a decision, a quote, an automatic decline, or escalation to a human. Two products carry this. Underwriter Intelligence automates the quotation journey per the insurer's risk policy so underwriters analyze risk and focus on business development, and Smart Sales maps the portfolio and scores next-best-action across channels. Every decision is explainable and returns a full audit trail, and data is LGPD compliant and encrypted at every step, which is exactly what cyber governance demands. WIR was built with Mahway, a Venture Builder in California, and Avante, a Venture Studio in Brazil, and was founded in 2025. Its one public traction point is a POC in execution with a global insurer in the Transport line.
Outlook
Brazilian cyber insurance is maturing from a boutique line into a structured market, but it remains capacity-constrained and reinsurance-dependent, with roughly 72.5% of the insured risk ceded per Guy Carpenter. The next phase of growth depends less on demand, which the threat environment keeps high, and more on whether carriers can underwrite cyber faster, more consistently, and more cheaply per submission. That favors external intelligence layers that turn cyber submission and external-signal data into explainable, auditable, appetite-calibrated decisions on top of the core. It is a structural fit rather than a promise. WIR is positioned exactly there, as the AI layer of insurance, an external layer that automates the quotation and underwriting journey per the insurer's own risk policy and returns a full audit trail, without replacing the core. None of this should be read as a forecast of returns or an assured improvement in any metric. The honest framing is analytical. A line whose pricing depends on external, unstructured data is the line where appetite-calibrated, auditable AI has the most to contribute, provided the carrier keeps the decision logic explainable and under its own underwriting policy. For an insurer or broker weighing how to bring speed and consistency to cyber risk underwriting, the practical first step is a read of where reading, enrichment, and scoring sit today, and where an external AI layer can add the most without disturbing the systems already in production.
Frequently asked questions
Why is cyber insurance hard to underwrite?
Cyber is hard to underwrite because the loss is non-stationary and correlated across the whole book. The distribution shifts with each new exploit, and one shared cloud provider or software supply chain can trigger many claims at once, so accumulation and silent-cyber exposure become portfolio-level problems. The decisive pricing signals, attack surface, security posture, sector, and breach history, also live outside the insurer's core. LGPD liability and scarce specialized talent add further pressure on capacity and turnaround.
What data informs cyber risk scoring?
Cyber risk scoring draws mostly on signals outside the policy core. These include the exposed attack surface, the applicant's security posture, sector and size, breach and claim history, and CNPJ context, alongside the cyber submission and security questionnaire themselves. Broker context, conversion history, and exposure round out the picture. Because most of this data is external and unstructured, the practical challenge is reading and enriching it consistently, then scoring it against the carrier's own risk appetite and underwriting manual rather than a generic model.
How does AI accelerate cyber insurance submission analysis?
AI accelerates analysis by reading the cyber submission and security questionnaire at intake and extracting fields automatically, instead of an underwriter keying them by hand. It then enriches each case with external signals to score attack surface and posture, runs multi-factor Machine Learning scoring calibrated to appetite, flags fraud or misrepresentation at quotation, and produces a risk-adjusted price. Clean risks route automatically and complex ones escalate to a human. This is exactly what WIR's Underwriter Intelligence does as an external layer, with a full audit trail on every decision.
Are cyber underwriting decisions auditable?
They have to be. Under LGPD and SUSEP supervision, an automated cyber underwriting decision must be explainable and auditable, with documented logic and a complete trail, or it will not survive a regulatory or internal review. For cyber, explainability is a baseline requirement rather than a differentiator. WIR is built to that standard. Every decision is explainable and returns a full audit trail, data is LGPD compliant and encrypted at every step, and the Machine Learning is calibrated to the insurer's own risk-acceptance policy, never a black box.
Does WIR replace the core to underwrite cyber risk?
No. WIR is an external AI intelligence layer that sits on top of the systems the insurer already runs, never in their place. It is 100% external, with no load on the insurer's IT and no core migration. WIR is not an insurer, broker, or MGA, and does not carry risk. It automates the quotation and underwriting journey per the insurer's own risk-acceptance policy, then writes the decision back to the policy core and returns the audit trail. The core stays exactly where it is.