Top cybersecurity concerns for insurers in 2024

Insurance carriers are battling old cyber threats at the same time that 'adversarial AI' deepens the risk, Datos Insights reports.

A persistent cybersecurity challenge for insurance companies is structural: Executives often lack clarity around who owns the cybersecurity function, according to Datos Insights. (Credit: Created on Dall-E 3, an AI art generator, by Cassandre Coyer/ALM)

Many of today’s insurance carriers are rushing headfirst toward process improvements using generative artificial intelligence (GenAI) without fully anticipating potential regulatory and cybersecurity vulnerabilities.

This was one of the observations to emerge from “Cyber at a Crossroads: Risk and Rewards for Insurers,” a recent webinar hosted by the technology consultancy Datos Insights.

“There’s no much hype” around artificial intelligence right now, said Cybersecurity Practice Director John Horn, “but we’re really not seeing the efficacy yet… It’s early days.”

Among other issues, insurance and financial services organizations may be overly focused on the efficiencies afforded by artificial intelligence tools to recognize the threat of “adversarial AI,” or AI tools that can be used against them, Horn said. “We expect underwriters to include an adversarial AI coverage, but most institutions wouldn’t be able to detect an AI or GenAI attack if their lives depended upon it.”

Why? Because it’s nearly impossible to observe an AI cyberattack as it unfolds. As a result, information security officers and other C-Suite executives are reacting to the hype around AI but lack the operational experience or performance metrics necessary to create up-to-date cybersecurity guideposts.

This is not to say the industry isn’t worried about the unknown. Datos Insights recently surveyed roughly two dozen chief information security officers (CISOs) at insurance and financial services companies about their top concerns related to the use of GenAI:

Insurers and their CISOs have cause for concern, given 2023’s cybersecurity track record. The year saw 2,365 breaches worldwide that victimized more than 343 million individuals, Datos Insights reports.

Horn recommended a structured approach to AI adoption that involves partnering with corporate counsel to explore the governance issues related to business AI usage; identifying top “enterprise vulnerabilities” from a potential AI-enabled cyberattack; measuring the value versus the threat of AI tools; and fostering AI-enabled cyber defenses alongside business process automation.

He also emphasized that insurance organizations can go a long way by strategizing around the cybersecurity risks about which they’re already aware — many of which are not new but have become more pronounced thanks to adversarial AI.

Datos reports that the top cyber risks facing today’s financial services enterprises (including insurers) are:

  1. Phishing attacks against workforce (including system admins);
  2. Supply chain attacks from third parties;
  3. Ransomware attacks;
  4. Human operational error;
  5. Insider attacks; and
  6. Business email compromise.

“These are some of the top problems… even without AI,” Horn said. “CISOs are dealing with real [cybersecurity] problems they haven’t closed yet.”

See also: