HOW USEFUL WAS THIS POST? RATE, LEAVE A COMMENT REQUESTING CHANGES, AND WE’LL AMEND ACCORDINGLY.
From cybersecurity in the new space economy to Jamaica’s cannabis regulation, this edition of Risk Wrap highlights six developments shaping compliance, governance, and insurance exposure across high‑risk industries.
Commercial Space Operators: The Top Target for Cyberattacks
The EU’s Agency for Cybersecurity’s 2025 Space Threat Landscape report reviews key cybersecurity trends affecting operators in the space sector.
Data from the Space Attacks Open Database Project along with other publicly available reports show that, historically, most space-based cyberattacks have targeted commercial and government entities, followed by military, civilian sectors, and state-run media outlets.
The growing space economy appeals to a wide range of threat actors with different motivations and capabilities, including:
- State-nexus actors: Using government resources, their motivations are mostly espionage and disruption.
- Cybercrime actors and hacker-for-hire actors: These are usually motivated by financial gain and often target data or infrastructure using social engineering and engaging in theft and extortion. They may also monetize stolen information. Hackers-for-hire sometimes serve state-nexus actors, providing access to services like ransomware-as-a-service.
- Private Sector Offensive Actors: These individuals help other actors gain a competitive edge against their peers and may develop and sell cyberweapons.
- Hacktivists: With ideological motives, they typically extract and expose data or cause disruption.
- Hackers: This group contains many subsets of threat actors with different motivations, including cyberwarriors, cyber vandals, and Blackhat hackers.
- Insiders: Individuals that understand the organization and its systems, including employees (current or former), contractors, vendors, or customers. Poorly trained or negligent employees may inadvertently raise the risk.
Implications for brokers and their clients:
- Consider obtaining cyber liability insurance that specifically addresses jamming, hijacking, and computer network exploitation, and other key risks.
- Investigate crime insurance to protect against losses arising from insider misconduct, fraud, social engineering, and malicious actions by trusted third parties.
- Consider business interruption coverage that addresses the growing risk posed by state-linked actors, ransomware groups, and other sophisticated attackers targeting critical space infrastructure.
Source: European Union Agency for Cybersecurity (March 2025). Space Threat Landscape.
Lines of business mentioned: Cyber Liability Insurance, Crime Insurance, Business Interruption Insurance.
Rising Illicit Crypto Flows Intensify Risks for VASPs
Illicit crypto activity is at an all-time high, driven by scam networks, cybercrime groups, and sanctions evasion intermediaries. Providers include Chinese escrow and ML services, which support criminal activity at a large scale. In 2025 alone, these Chinese services received $103.2 billion.
The table below shows the key drivers of the increased illicit activity. Activity tied to sanctions surged by more than 400% compared to the previous year, while transactions involving blocklisted entities increased by 32% and hacked or stolen funds rose by 31%. Major enforcement actions and stronger identification of transactions connected to actors already under sanctions make this data available.
Implications for brokers and their clients:
- Consider dedicated crypto asset insurance that covers losses from fraud and ransomware demands.
- Consider strengthening D&O insurance, as rising scrutiny over sanctions compliance, AML controls, and cyber governance may lead to investigations or shareholder claims.
- Consider errors and emissions coverage to protect against claims arising from transaction errors, compliance failures, or inadequate controls.
Source: TRM Labs (January 28, 2026). 2026 Crypto Crime Report.
Emerging insurance industries mentioned: Digital Asset and Web3 Insurance.
Lines of business mentioned: Directors and Officers Liability Insurance, Errors and Omissions Insurance.
Is Regulatory Disruption on the Cards for NC Cannabis Market?
A state advisory panel is preparing the foundation for a potentially significant change to North Carolina’s cannabis policy, recommending that lawmakers approve marijuana for adult recreational use and establish a regulated market.
According to the North Carolina Advisory Council on Cannabis, legalization would help bring order to an industry that has expanded quickly while operating in a legal gray area to-date. They recommend establishing requirements for licensing, testing, and age restrictions.
Dispensaries typically operate under hemp laws, which enable them to sell certain THC products with less scrutiny than in other states. These companies would need to navigate new obstacles if the council’s recommendations are written into law. The council may release a more detailed roadmap later this year.
Implications for brokers and their clients:
- Review product liability and general liability insurance to prepare for stricter licensing, testing, and consumer protection requirements under a regulated market.
- Consider errors and omissions cover for claims arising from regulatory breaches, licensing disputes, or compliance failures.
- Investigate business interruption coverage, as regulatory changes may create temporary closures, operational delays, or supply chain disruption during market transition.
Source: WCNC Charlotte (April 17, 2026). NC cannabis council pushes legalization, signaling potential shake-up for dispensaries.
Lines of business mentioned: Product Liability Insurance, General Liability Insurance, Errors and Omissions Insurance, Business Interruption Insurance.
AI Accountability Crackdown Raises Stakes for Buyers and Vendors
Gartner forecast that by mid-2026, new categories of unlawful AI-informed decision-making would lead to more than $10 billion in remediation costs globally, across both AI vendors and organizations using their systems.
Regulators are already signaling that accountability can’t simply be outsourced to vendors. For example, the UK’s Financial Reporting Council (FRC) recently issued guidance on adopting AI, reinforcing that responsibility remains with the user. In the words of FRC Executive Director Mark Babington, “You can’t blame it on the box. If you use this technology, you are still accountable for it.”
This issue is becoming especially important in contracts, where buyers are increasingly looking to shift liability onto suppliers. Legal specialists report that contracts now commonly include clauses stating that AI systems have been tested for bias, that those tests will be regularly updated, and that models will be recalibrated over time. However, providers may still resist taking responsibility where bias results from how prompts were designed or phrased by the customer.
A growing area of focus is the concept of defensible AI. Lydia Clougherty Jones, Gartner VP Analyst, defines defensible AI as decision-making processes that can “reliably and repeatedly withstand scrutiny, questioning and examination.” She also warned that “Organizations that fail to immediately adopt defensible AI, make AI-ready data ‘AI-decision-making ready’ and extensively overhaul ML model explainability are at risk of significant loss of investment, government investigations, civil penalties and, in some cases, criminal liability.”
Implications for brokers and their clients:
- Companies developing AI tools should review tech E&O insurance policies to ensure they address claims arising from biased outputs, faulty recommendations, or unlawful automated decision-making.
- Users of third-party systems should consider strengthening errors and omissions policies in case of data misuse, privacy breaches, and contractual disputes over system performance or accountability.
- Review D&O liability insurance in case AI governance failures lead to regulatory investigations or shareholder actions.
Source: The Register (April 5, 2026). If an AI agent screws up while running your business, there’s nobody to sue.
Lines of business mentioned: Tech E&O Insurance, Directors and Officers Liability Insurance, Errors and Omissions Insurance.
Board Exposure Rises as Cyber and AI Claims Escalate
Boards are encountering growing risks as AI and cybersecurity threats continue to expand. Both the scale and complexity of director exposure have increased significantly.
Speakers and the Professional Liability Underwriting Society’s D&O Symposium in New York noted that cyber incidents are increasingly leading to directors’ and officers’ claims, as data breaches and ransomware events trigger shareholder lawsuits and attract regulatory attention.
In addition, the adoption of AI is creating new governance and litigation challenges for companies whose boards have not yet incorporated AI oversight into their broader risk management and compliance structures.
Litigation patterns are evolving in response. Securities class action filings declined modestly in 2025, but the nature of those claims has changed, with cybersecurity events and technology failures driving higher average settlement values.
Implications for brokers and their clients:
- Consider obtaining robust cyber liability insurance designed to respond to the exposures facing modern systems.
- Review D&O liability insurance limits and wording to ensure adequate protection against shareholder claims and regulatory investigations stemming from cyber or AI governance failures.
- Consider working with insurers whose products are founded on expertise in AI regulation across jurisdictions.
Source: Governance Intelligence (March 30, 2026). Directors and officers liability: How cyber security and AI are shaping board insurance policies.
Lines of business mentioned: Cyber Liability Insurance, Directors and Officers Liability Insurance.
Jamaica’s Cannabis Reform Set to Create New Opportunities and Risks
Farrah Blake, CEO of Jamaica’s Cannabis Licensing Authority (CLA), says newly updated regulations for the country’s medicinal cannabis sector are expected to improve opportunities for small-scale farmers and strengthen Jamaica’s position in the international market.
According to Blake, one of the key changes is the creation of new permit categories designed to make it easier for small-scale and traditional cultivators to join the legal industry. She highlighted the new special community permit, which enables farmers to work together collectively and eliminates application fees. “This permit allows small-scale farmers to enter the regulated space with a view to fully transition within two years. It allows two years to build capacity and the transition to be at least a tier-one cultivator.”
Blake also pointed to the standardization of license tenure at three years, measures allowing businesses to continue operating while renewals are being processed, and more flexible payment arrangements for applicants.
In addition, the revised rules update operational standards, including making fencing requirements consistent, and authorizing licensed retailers to deliver cannabis products directly to clients and caregivers.
Implications for brokers and their clients:
- Investigate dedicated cannabis insurance designed to respond to the sector’s unique operational and regulatory risks.
- Consider strengthening product liability insurance as regulatory oversight and consumer expectations increase within the medicinal cannabis market.
- Retailers distributing directly to clients should assess liability for goods in transit.
Source: Jamaica Observer (April 18, 2026). New cannabis rules remove barriers for small farmers, says CLA head.
Emerging insurance industries mentioned: Cannabis Insurance.
Lines of business mentioned: Product Liability Insurance.
