Four senior figures spoke to Insurance Business UK at AIRMIC 2026 in Birmingham about the risk proving hardest to get ahead of. Their perspectives differed, but they reached the same conclusion: artificial intelligence is not like other risks, and the industry's existing frameworks for identifying, preparing for and responding to emerging threats may not be adequate for what is already happening.
Artificial intelligence does not behave like a conventional risk. It changes an organisation's risk profile, business model and security environment simultaneously, while the technology itself continues to evolve.
Nina Arquint, CEO of UK Corporate Solutions at Swiss Re, put it plainly.
"AI constantly changes the risk profile of a business," she said. "It can even change entire business models. Because it often operates in an open-ended environment, the whole way you deal with operational risk or cyber security controls keeps evolving."
That idea, that AI is not a static risk to be assessed but a force that continually reshapes the environment around it, ran through conversations across this year's conference. The challenge is no longer simply understanding AI itself. It is understanding how AI changes every other risk around it.
Arquint's broader concern is not AI in isolation but what happens when it intersects with climate volatility, geopolitical instability and supply chain disruption.
"The biggest disconnect is around interconnected risk and accumulation," she said. "Many organisations still discuss each of these risk factors in isolation, whereas it is really important to start understanding much better how they interconnect and how they can play out in combination."
In her view, organisations that gain the greatest advantage are those that move beyond compliance-led risk management and use risk insight to inform business decisions.
"Those that treat it purely as a compliance exercise just focus on having risk registers and the right reports in place," she said. "Those that turn risk management into a competitive advantage are the companies that leverage it to drive business decisions."
For AI, that means understanding not only what the technology does to an organisation, but how it changes the behaviour of customers, competitors and those seeking to attack it.
David Warr has spent 14 years in cyber insurance and currently manages QBE's UK cyber portfolio. His concern is that criminal organisations are already exploiting AI faster than many businesses can respond.
"Organisations underestimate how criminal groups weaponise AI and digital technologies against businesses," he said.
The tactics now extend well beyond phishing emails. Criminal groups are using AI to analyse building floor plans, identify weaknesses in access controls, monitor staff movements using drones and replicate security badges and photographic IDs. Social engineering has also become more sophisticated as AI reduces the cost and effort of deploying attacks at scale.
"Keeping pace with technology has become the primary challenge for risk leaders," Warr said. "AI proliferation enables malicious actors to penetrate businesses and IT systems faster than most internal security teams can handle."
Cyber consistently ranks among organisations' top risks, yet many still lack formal response plans. For Warr, that gap between awareness and preparedness is becoming increasingly difficult to ignore.
For Beverley Adams, Managing Director and Head of Client Engagement at Marsh, the challenge begins long before an incident occurs.
"It is a bit like walking along looking down or walking along looking up," she said. "For me it is all about that look up."
AI consistently emerges as the leading concern during her horizon scanning sessions, but rarely in a fully formed way. Organisations are still trying to understand both the opportunities it creates and the risks it introduces.
"I have had to get comfortable being uncomfortable," she said. "You can sense check all the time. But you can't always expect things to be things you're already aware of."
For Adams, uncertainty itself is an important warning sign. The greatest risks are often the ones organisations have not yet learned how to describe.
Matt Terry has spent 13 years at Marsh, most recently developing the firm's carbon credits insurance offering. His perspective is shaped less by AI itself than by how organisations communicate increasingly complex risks.
"A lot of the industry has failed in our ability to translate effectively," he said. "And I would say that becomes even more critical now we are in the AI world."
His argument is that as AI becomes better at generating analysis and recommendations, the value of human judgement increases rather than diminishes.
"If we embrace every positive that the AI revolution brings and manage the risks of it," Terry said, "I still think the most important piece of the equation is going to be the person that the client trusts to interpret what is coming out of the AI machines and translate this complex topic into their reality."
Together, the picture that emerged from AIRMIC 2026 was of an industry that understands AI is significant, is beginning to understand why it is different, and is still adapting to what that means in practice. The technology is advancing quickly. The technology is advancing quickly. The bigger question is whether organisations can adapt the way they identify, understand and respond to risk quickly enough to keep pace.