Organizations can now secure cyber insurance that includes coverage for incidents involving deepfakes, according to Coalition, a cybersecurity insurer. This marks a significant step as synthetic media, such as AI-generated audio and video, is increasingly used by criminals to deceive businesses and individuals. Coalition’s policies will include not only coverage for reputational harm from deepfake incidents but also response services like forensic analysis and legal support for content removal. Michael Phillips, head of Coalition’s cyber portfolio underwriting, noted that while deepfake-related claims currently represent a small fraction of their total claims, the company has expanded its coverage to address the evolving threat landscape. As deepfake technology becomes more accessible, experts predict that small and medium-sized businesses may soon face increased risks from such sophisticated attacks, especially as they become more affordable for cybercriminals.
Why do we care?
Insurers are now covering deepfakes, and that’s a huge clue about where the risk is shifting. This isn’t about patching systems or locking down endpoints. This is about people getting tricked by something that looks and sounds real enough to fool them. And insurers are stepping into a space they honestly can’t control.
Think about it: how do you underwrite human trust? There’s no scan for that. No dashboard. No compliance checkbox that stops someone from approving a wire based on a synthetic voicemail. So yes, they’re offering coverage now — but this feels like the early ransomware days all over again. Claims will go up, pricing will be wrong, and we’re going to see exclusions and sublimits appear the moment the losses start rolling in. And once insurers start demanding controls, MSPs will be the ones responsible for implementing them — whether clients understand the risk or not.
For MSPs, this means you’re going to get pulled into a different kind of security conversation. Not “is the antivirus updated?” but “how do we know the person asking for this approval is actually the person?” That’s governance, workflow, and identity — and it’s where your value is going to shift whether you planned for it or not.
So the move here isn’t to trust the insurance. It’s to tighten processes now: build verification policies, train teams on what synthetic media looks like, and get ahead of what insurers are going to demand next. Because once claims spike, the rules will change fast.