Data centre insurance risk has crossed into territory that the US property/casualty industry is not equipped to map. In a June 2026 special report, AM Best warned that the AI-fuelled build-out of US data infrastructure is generating fire, equipment-breakdown, cooling-interdependency, and supply-chain exposures that, taken together, exceed what the traditional property/casualty industry has previously experienced. The gaps are operational and systemic — and no reinsurance cat capacity can close them.
To understand the scale of the build-out: five companies alone — Amazon, Alphabet, Microsoft, Meta, and Oracle — have announced plans for $700 billion in capital expenditures for 2026, largely for AI-related projects. US data-centre construction spending already reached $41 billion in 2025, up 32% year-on-year and more than 100% over two years. As of May 2026, there were 4,287 data centres in the US, with Virginia (14.1% of the US total) and Texas (10.7%) together accounting for nearly a quarter of all facilities. What this concentration means for accumulation risk is only beginning to register on underwriting desks.
Storm and catastrophe exposure at these facilities is covered in our earlier analysis — US Data Centres: Storm Risk and the Insurance Capacity Gap. This article focuses on the operational and systemic dimensions that cat capacity cannot address.
Business Interruption at AI Scale: The Risk Underwriters Cannot Yet Price
AM Best is direct: business interruption coverage may be the most consequential for data centre owners, given the potentially massive scale of AI operations and the resulting elevated probability of highly complex power outages. The power dimension alone reframes risk appetite. A modern AI data centre can use as much power as approximately 100,000 homes. Multiply that by the pipeline — 565 operating facilities and 571 in the pipeline as of December 2025 — and the aggregate BI exposure acquires a shape no historical loss table can inform.
Market pricing is already testing underwriter resolve. Requests for $1 billion to $2 billion in business income coverage for single large AI campuses are now appearing, and underwriters themselves acknowledge that “no one has fully determined what the true downside scenario looks like at that scale.” That admission is unusual in a segment accustomed to actuarial discipline. The honest answer is that the loss-event template does not yet exist.
Supply-Chain BI: Transformer Lead Times Turn Component Risk into a Systemic Threat
Among the operational exposures AM Best flags, supply-chain business interruption stands out for its duration risk. Aon’s data-centre lifecycle research identifies the defining constraint: obtaining a new transformer can take 9 to 12 months. In a world where revenue loss from a single AI campus can run to hundreds of millions of dollars per day, a transformer failure does not produce a short-tail property claim — it triggers a delay-in-startup exposure that can outlast most BI waiting periods by a wide margin.
This is exactly the kind of non-weather loss characteristic AM Best is signalling: not a hurricane that arrives and departs in 72 hours, but an equipment failure whose resolution timeline is set by global semiconductor and electrical-equipment supply chains. Single project Total Replacement Values at leading facilities now range from $10 billion to $50 billion — and Aon’s analysts are explicit that the global reinsurance and insurance markets cannot deliver limits anywhere near these values. The DSU exposure is a specific and acute illustration of a broader capacity mismatch.
Cooling Interdependency, Silent Cyber, and the Systemic Coverage Gaps AM Best Catalogues
The AM Best report catalogues a set of coverage areas that fall outside standard P&C form language: general liability, off-premises power failure, delay-in-startup, advance loss of profits, pollution liability, and “silent cyber.” Each of these gaps reflects an architectural reality that traditional property underwriting was not designed to handle.
Cooling interdependency is a prime example. Swiss Re’s head of tech risk, Jimmy Keime, captures the engineering logic: data centres are “highly integrated systems where you have power, cooling, hardware, and software that all depend on each other.” A cooling failure is not a standalone loss — it cascades into thermal runaway in lithium battery arrays, equipment damage, and a BI event that can be triggered by something as indirect as a grid anomaly miles away. The heat-stress dimension is compounding: as Allianz Research has documented, rising ambient temperatures are extending peak-load cooling demand, increasing the frequency of thermal threshold breach events at facilities that were engineered for a cooler baseline.
Silent cyber — where a cyber event triggers property damage or BI under a policy that does not explicitly exclude cyber — is the coverage gap that keeps legal teams busiest. AM Best’s inclusion of it in the operational risk catalogue is a signal that the industry needs explicit sublimits and affirmative language, not reliance on exclusions that litigation will test.
Concentration and Accumulation: What Virginia and Texas Tell Underwriters
Concentration risk is where the operational and the systemic converge. Virginia alone holds 14.1% of the US data-centre count, Texas 10.7% — together nearly a quarter of all facilities as of May 2026. A shared grid event, a regional cooling-water shortage, or a single large fire event in either state would produce correlated losses across operators, tenants, and supply chains that no individual risk model would capture.
The power demand trajectory amplifies this. Data centres could represent up to 12% of all US electricity consumption by 2028 — a share large enough to make data-centre BI a macro-economic event if it correlates with grid stress. Swiss Re estimates that building costs for a single data-centre site can already exceed $20 billion, and that a natural catastrophe loss at one location could approach $10 billion. When that figure is set against global data-centre insurance premiums expected to reach $24.2 billion by 2030 (from an estimated $10.6 billion currently), the premium-to-exposure ratio becomes difficult to defend without structural changes in how the industry underwrites accumulation.
Aon’s early-2026 expansion of its Data Center Lifecycle Insurance Program — adding construction, cyber and third-party liability cover within a single multi-line facility — is a meaningful step, but it also illustrates the gap: even an enhanced broker facility is dwarfed by assets that individually breach $20 billion in replacement value.
What P&C Insurers Must Do Now
AM Best’s June 2026 report is not a market warning about an emerging risk — it is a diagnosis of a coverage structure that has already been outpaced by the assets it is meant to protect. David Blades of AM Best states plainly that the required coverage is currently beyond what the traditional P&C industry has previously experienced.
The practical priorities for carriers are clear. First, BI policy language must evolve to address off-premises power failure, cascading cooling loss, and supply-chain DSU with explicit sub-limits and waiting periods calibrated to transformer and critical-component lead times — not the 72-hour triggers designed for wind events. Second, silent cyber exclusions must be affirmative and unambiguous, not inherited form language. Third, accumulation monitoring must extend beyond per-risk PMLs to model correlated grid and infrastructure events across Virginia, Texas, and the other concentration zones. Fourth, and most fundamentally, the industry needs loss-experience data that does not yet exist — which means the discipline of scenario modelling, stress-testing, and proactive engagement with hyperscale operators must substitute for actuarial history until that history accumulates.
The AI data-centre boom is a coverage frontier. AM Best’s message is that treating it as a scaled-up version of existing property risk is not a strategy — it is an exposure.
