Sponsored by Aon Risk Solutions. Independently conducted by the Ponemon Institute. Published May 2026.
The 2026 Intangible versus Tangible Risks Comparison Report is based on insights from 2,487 risk, cyber and finance
professionals across regions, industries and organization sizes worldwide. The research confirms that information
assets – data, IP, models and digital infrastructure – now slightly exceed the value of traditional
physical assets
on corporate balance sheets, and that the financial impact of a major information asset loss is, on average, higher
than that of a comparable physical asset loss.
“Data is the foundation, and AI sits below that, feeding off the data foundation. Next is analytics: analyzers that
are forward looking, benchmarks that help clients compare themselves to others, and diagnostics that help isolate
problems and recommend how to improve results.”
– Mindy Simon, COO, Aon
Yet insurance strategies have not kept pace with how AI is reshaping risk. On average, organizations report
information asset values of approximately $1.49 billion – marginally higher than the $1.40 billion average for
PP&E – but continue to rely heavily on self insurance for digital risk. Only about 20 percent of
information
asset exposure is covered by insurance and roughly 60 percent is self insured, compared to 55 percent insurance
coverage and 34 percent self insurance for PP&E. At the same time, the estimated likelihood of a 100 percent PML
loss to information assets has risen from 3.1 percent in 2024 to 4.9 percent in 2026, underscoring how fast these
exposures are growing.
AI adoption is now nearly universal among study participants: 68 percent already use AI tools and a further 18
percent expect to do so within 12 months. However, as AI is embedded into underwriting, trading, clinical decision
making, customer screening and industrial operations, AI related exclusions and sub limits are proliferating across
many traditional policies – from cyber and E&O to general liability and IP. Only a minority of current AI
related claims fall cleanly into standalone cyber cover; many instead test the boundaries of E&O, media
liability, D&O, EPL and other lines, turning “what actually responds when an AI system causes harm?”
into a
board level question.1
The study also underscores the escalating frequency and cost of cyber and AI enabled incidents. Sixty three percent
of organizations experienced at least one material security exploit or data breach in the past two years, with each
incident costing an average of $5.75 million. Against this backdrop, risk managers are increasingly seeking
affirmative, clearly drafted cover for generative AI risks, and more than two thirds of buyers would pay higher
premiums for explicit AI extensions rather than rely on silent or ambiguous wording.2
As organizations navigate an extended period of AI driven transformation, this growing misalignment between where
enterprise value resides (intangible and information assets) and where insurance capital is deployed (tangible
assets and legacy cover structures) widens the protection gap. The 2026 report challenges boards, risk leaders and
insurers to treat AI, cyber and information assets as a single, integrated enterprise exposure – using better
data,
clearer policy design and, where appropriate, alternative risk transfer to better align insurance programs with
modern balance sheets and the real world volatility of AI driven, IP and data related losses.
Leave a comment