Intersection of AI and Cyber Insurance

While AI is sure to benefit society when wielded properly, cyber carriers remain conscious that AI’s proliferation is a double-edged sword.


Exhibitioners at the Century of Progress International Exposition held in Chicago from 1933-1934 touted washing machines and air conditioners as capable of bringing vast changes to our everyday lives. This optimism for future generations is inherent within the human psyche. As such, we often speak of artificial intelligence (“AI”) as a lofty, almost dream-like reality that awaits us in the not-so-distant future. 

But AI proliferates today and extends beyond the entertainment-based efficiencies embedded within Netflix and TikTok that we read about; attorneys apply AI to document review projects; vehicle manufacturers use AI to control a vehicle’s acceleration, speed and steering; hospitals and doctors are using AI to triage and diagnose patients; and biotech companies increasingly rely on AI to model the potential success of newly developed therapies and vaccines. 

Insurance carriers remain optimistic about the efficiencies to be gained by implementing AI-based applications into their workflows. The same is true for cyber insurance carriers, who over the last eight to 10 years entered the market to meet the needs of customers who seek protection from potential financial and operational ruin due to the rise of ransomware and other malicious activity perpetrated by cyber criminals. And, while AI is sure to benefit society when wielded properly, cyber carriers remain conscious that AI’s proliferation is a double-edged sword. Thus, cyber insurance will have an even greater role to play in an AI-dominated world.

The reasons are twofold:

First, harm from cyber attacks will be more widespread because of the threat posed by more sophisticated AI-based attacks. By using an AI-based attack, malicious actors will be able to operate in ways that are both highly efficient and highly scalable. For example, rather than disguising malware as an email attachment in a message from “your boss,” or hawking magic pills, a sophisticated AI-based attack may be capable of personalizing, instantaneously, the malicious email (or other vehicle) received by each target victim. 

Second, increasingly intelligent cyber attacks are likely to bring greater cost and consequences. Cyber-attacks today inflict financial harm and disrupt the productivity of the victim but generally do not alter people’s livelihood or society at large. We will see that blast radius grow exponentially in the future when malicious actors deploy cyber attacks against those AI-based systems that society increasingly relies on for day-to-day operations.

Look at the recent attack on the Colonial Pipeline and what it's done to gasoline prices in the eastern U.S. Citizens’ freedom of movement may be jeopardized when a future cyber attack against a vehicle manufacturer not only disrupts assembly line production but also paralyzes entire fleets of autonomous vehicles operating on the vehicle manufacturer’s software. Or, in a more dire situation, if there is malicious disruption of the AI-based systems at the core of a vehicle’s control system. Disrupted AI-based hiring systems could also result in significantly slower access to available low-wage jobs. And patients may suffer or die when a hospital loses its ability to intelligently triage and provide treatment. In sum, the outcomes from a cyber attack could be devastating.

See also: Surging Costs of Cyber Claims

But the future is not entirely bleak. Cybersecurity firms and professionals continue to improve on threat detection and elimination tools by harnessing AI. These types of tools and software are capable of intelligently digesting data points gathered from both past and current attacks across a massive scale. Decreasing response time via the real-time adjustment of threat detection applications is among the myriad ways AI is changing the cybersecurity landscape. 

The adoption of AI by the insurance industry is also bringing about a paradigm shift. The most prominent example is Lemonade, a property and casualty insurer that makes decisions about policy underwriting and claims processing based entirely on AI. Lemonade went public via IPO in summer 2020; it raised $319 million in a single day. Opportunities for innovation abound.

As society absorbs AI into the framework of industry and people’s lives it should expect to reap enormous benefits but also protect those benefits by preparing for and managing attendant risks.

Ben Branda

Profile picture for user BenBranda

Ben Branda

Ben Branda joined Beazley September 2019 as a cyber and tech claims manager. He has significant experience in data privacy cybersecurity matters, including managing class action litigation and regulatory investigations arising out of privacy breaches.

Read More