AI and automation are revolutionizing the insurance industry, enabling insurers and independent agents to streamline operations, increase efficiency, and reduce costs. However, as brokers know, this technological leap also introduces new risks. While automation offers significant benefits, it also creates vulnerabilities that cybercriminals are quick to exploit. As businesses increasingly depend on automated systems for everything from customer service to marketing, cyberattackers have more opportunities to scale their efforts.
Xing Xin (pictured), CEO and co-founder of Upfort, explained that AI enhances attackers' ability to conduct in-depth reconnaissance. "A lot of attackers are doing deep research into companies, analyzing executives' statements or public-facing information." AI’s capacity to process vast amounts of data quickly enables cybercriminals to craft highly targeted and convincing attacks. This makes it harder to distinguish between legitimate and malicious activity. As a result, the insurance industry now faces a more complex threat landscape, where attacks are more tailored and deceptive.
Insurance is built on assessing and managing risk, and cybercriminals adopt a similar approach. Weak internal IT systems, outdated software, and the absence of multi-factor authentication can make clients prime targets for data theft. Just as insurers assess risk factors to determine coverage, cybercriminals evaluate vulnerabilities to identify potential victims.
Tips to help clients stay cyber safe:
For these tips to be effective, they must be paired with the right cyber insurance coverage. While Xin acknowledged that larger enterprises typically have “meaningful cyber adoption”, small and medium-sized businesses are still slow to embrace cyber insurance. Many underestimate their risks, treating cyber insurance as a mere checkbox rather than understanding the serious consequences of a breach.
"When it comes to the 99% of businesses out there, there's a significant cyber protection gap. Many are opting for minimal coverage, often just $25,000 or $50,000, without a clear understanding of potential claims scenarios, legal implications, and what the business truly needs in the event of an incident,” shared Xin. “Many don't realize that this coverage is often insufficient to fully protect them."
Another issue Xin highlighted is the complexity of cybersecurity tools. Many are designed as enterprise point solutions, each serving a single function, which can create problems for businesses. “When your company's data is spread across multiple products, vendors, and systems, sometimes they don’t have visibility into each other,” said Xin.
This fragmented approach is problematic because cyberattacks rarely target a single point of entry. “They usually get in somewhere and then traverse your network, going across different areas.” Having a consolidated solution allows businesses to maintain access to all cybersecurity data, making it easier to detect anomalies and prevent further damage.
For clients hesitant to make significant investments in cybersecurity, brokers can highlight the value of adopting more integrated solutions. This approach not only strengthens protection but also streamlines costs, eliminating the need to manage multiple, disparate products.
"Many cyber claims stem from easily preventable issues, like misconfigured remote access, unpatched software vulnerabilities, or insufficient employee training. By addressing these basic security measures, companies can significantly reduce their risk—and be well on their way to strengthening their defenses," shared Xin.