Cyber Insurance: AI and Dynamic Risk Assessment
The business insurance industry integrates insurtech to reshape how risk is assessed, policies are underwritten and claims are managed.
Artificial intelligence (AI) and machine learning are playing a central role, allowing insurers to analyse vast datasets, such as those from IoT devices and satellite imagery, to create more precise risk profiles.
With global cyber insurance premiums projected to reach US$20.6 billion by 2025, according to Munich Re, insurers are racing to adapt their underwriting models and policy structures to address emerging risks.
James Harrison, Global Head of Insurance at Dun & Bradstreet says: "Technology is allowing insurers to expand offerings as well as dramatically enhancing the speed and accuracy of underwriting and claims processing in business insurance. The rise of new technology trends such a IoT, big data, AI and smart technologies all present opportunities. Machine learning algorithms are now able to analyse vast amounts of data in real-time, allowing insurers to assess risk more precisely and offer more tailored policies."
This technological revolution is particularly evident in the realm of AI-powered attack vectors, which have fundamentally altered the cyber risk equation. A report by Signicat and Consult Hyperion show deepfakes now represent 6.5% of total fraud attempts, while consumer-focused deepfake fraud attempts jumped 3,000% year-on-year between 2022 and 2023, according to Onfido.
Machine learning algorithms are now being deployed to analyse vast troves of claims data and identify subtle patterns that human underwriters might miss – Allstate Insurance achieved a 40% reduction in claims processing time and a 25% improvement in underwriting accuracy through the use of predictive analytics, while JPMorgan Chase implemented AI-driven analytics tools, leading to a 30% reduction in fraud-related losses and a 20% increase in customer satisfaction.
James adds: "AI-powered tools can automate claims processing, reducing manual tasks and speeding up response times. This not only improves efficiency but also enhances customer satisfaction by enabling quicker pay-outs and more accurate policy pricing. Additionally, predictive analytics help insurers anticipate future claims trends, further refining the underwriting process."
Quantifying the unquantifiable: The challenge of systemic risks
One of the most significant challenges facing cyber underwriters is accurately quantifying potential losses from systemic events and aggregation risks. The interconnected nature of modern IT systems means that a single vulnerability could potentially impact thousands of policyholders simultaneously.
To address this, insurance firms are moving away from simplistic questionnaire-based underwriting towards continuous, API-driven risk assessment. Advanced models can now ingest real-time telemetry data from clients' networks, allowing insurers to dynamically adjust premiums based on their actual security posture.
Si West, Cyber Advisory Lead and Director of Customer Engagement at Resilience, says: "Cyber risk solutions like Resilience are fundamentally reshaping the cyber insurance landscape by utilising advanced data analytics and AI to enhance the underwriting process. This allows insurers to assess risks more effectively and tailor policies to individual business needs."
This shift towards dynamic pricing and continuous underwriting is being facilitated by the emergence of specialised insurtech firms. These companies are leveraging cutting-edge technologies to provide more nuanced and responsive coverage options.
Policy wording in the age of AI: Granularity and modularisation
As the threat landscape evolves, so too must policy wordings. Insurers are grappling with how to define and cover emerging risks like AI-generated disinformation campaigns or autonomous vehicle hacks. The industry is seeing a trend towards more granular, modular policy structures, moving away from broad cyber catch-all policies towards tailored coverage options that allow for more precise risk transfer.
This modularisation is particularly evident in the realm of business interruption (BI) coverage. With the average cost of downtime now exceeding US$5,600 per minute for enterprise-level organisations, according to Gartner, insurers are introducing more nuanced BI triggers and sublimits.
James emphasises the importance of comprehensive coverage, especially for small and medium-sized enterprises (SMEs): "Often, businesses overlook and underestimate cyber risk in their coverage. Many underestimate their exposure to data breaches and ransomware attacks, assuming these are issues only for large corporations. Another common gap is in business interruption insurance. Many policies cover physical damage, but fewer businesses ensure they are covered for disruptions due to direct and extended supply chain issues, which have become more frequent."
….“Increasing scrutiny isn’t prohibitory”
As cyber risks become increasingly intertwined with geopolitical tensions, regulators are casting a keener eye over the cyber insurance market. The European Insurance and Occupational Pensions Authority (EIOPA) recently issued guidelines on cyber underwriting and risk management, emphasising the need for insurers to enhance their technical expertise and data collection capabilities.
In the United States, the National Association of Insurance Commissioners (NAIC) has established a Cybersecurity Working Group to develop model laws and best practices for cyber risk assessment. These regulatory initiatives are likely to accelerate the adoption of advanced analytics and AI-driven underwriting tools across the industry.
Si notes: "With the new SEC guidelines, the NIS2 directive and the coming UK Cyber Security & Resilience Bill, this is a must-have, not a nice to have."
Regulatory scrutiny is intensifying, particularly around silent cyber exposures. The industry is seeing a push towards affirmative cyber coverage and clearer policy language to eliminate ambiguity around cyber-related losses in traditional property and casualty policies.
James adds: "With added cyber risk comes more focus on regulation and compliance, not least because of the interest in AI across industries. However, there is a lack of global standardisation across regulation, so policies should take account of this changing landscape. New regulations require a dedicated approach from businesses to reflect these changes in policies."
Howden's 2024 Cyber Report:
Ransomware continues to be the dominant cyber threat, with an increase in attacks involving data theft for extortion purposes.
Around 90% of cyber attacks recorded from April 2023 to March 2024 were politically motivated, highlighting geopolitical instability.
The rise of generative AI is expected to increase both the severity and frequency of cyber insurance claims.
Gen AI accelerates the democratization of hacking, providing novice hackers access to advanced tools and intelligence.
Cyber insurance market premiums could potentially exceed US$50 billion by 2030, reflecting the sector's significant growth potential.
The role of data in personalisation and scalability
As the cyber insurance market matures, insurers face the challenge of balancing personalisation with scalability across diverse business sectors.
James explains the approach: "For the insurance companies themselves, it's all about thoroughly understanding the needs of the businesses they are providing service to. This can be achieved by building out risk profiles using first and third party data, and applying analytics to help tailor policies more effectively, adapting them to the size, sector, risk and growth stage of the businesses."
He continues: "Leveraging data-driven insights not only helps personalise coverage but also ensures that these policies can be scaled efficiently as the business evolves. This approach allows insurance companies to meet diverse business needs while maintaining operational efficiency. Ultimately, the more accurate and complete data an insurer has on its prospects and clients, the more accurate and 'right-size' their pricing and policies can be, which in turn should reduce claims."
The future of cyber insurance is collaborative
As the cyber insurance market continues to mature, collaboration between insurers, technology providers, and policyholders will be crucial. The rapid pace of technological change means that static, annual policy renewals may soon become obsolete, replaced by dynamic, data-driven risk transfer solutions that adapt in real-time to a shifting threat landscape.
Si adds: "As well as underwriting, Resilience is able to leverage technology to provide a cyber risk quantification (CRQ) solution that allows businesses to manage their cyber risk holistically. The CRQ helps businesses translate security profile information into financial values and determine value at risk."
For SMEs navigating this complex landscape, Si offers practical advice: "SMEs should adopt a proactive approach by regularly evaluating their risk exposure and understanding evolving threats. Engaging with an insurer to transfer some residual risk can be a wise choice in the event of a serious cyber incident. Insurance is much more than just a policy that pays out; with the right insurance provider it can be a tool to conduct comprehensive risk assessments, considering industry-specific risks and having a panel of incident management experts such as the Resilience in-house 24/7 claims hotline, privacy lawyers, digital forensics and crisis communications, to name a few."
As we look to the future, it's clear that the convergence of AI, machine learning and advanced data analytics will continue to reshape the cyber insurance landscape. Insurers that can effectively harness these technologies to provide dynamic, personalised coverage while navigating the complex regulatory environment.
The implementation of these advanced data analytics techniques has yielded tangible results for insurers. A recent study by McKinsey & Company found that insurers leveraging advanced analytics in underwriting and claims processing saw a 2-5% increase in profit margins and a 3-5% reduction in combined ratios.
As regulatory frameworks evolve to keep pace with technological advancements, insurers must navigate a complex landscape of compliance requirements. Simon notes: "There is a lack of global standardisation across regulation, so policies should take account of this changing landscape. New regulations require a dedicated approach from businesses to reflect these changes in policies."
The future of business insurance lies in the integration of advanced technologies with human expertise. As AI and machine learning continue to refine risk assessment and claims processing, the industry is poised for unprecedented levels of efficiency and personalisation. The challenge for insurers will be to harness these technological capabilities while maintaining the trust and understanding that underpins the insurer-client relationship.
To read the full story in the magazine click HERE
Make sure you check out the latest industry news and insights at InsurTech and also sign up to our global conference series - Tech & AI LIVE 2024 and InsurTech LIVE 2025
InsurTech is a BizClik brand
- Allianz: Insurers Focus on Growth Despite Compliance HurdlesDigital Strategy
- Insurers Face Legacy System Exodus as Climate Risk GrowsTechnology & AI
- Study: Cyber Breach Recovery Times Exceed Insurance CoverageTechnology & AI
- Capgemini: Insurers Struggle to Extract Value From CloudDigital Strategy