Addressing the insurance protection gap in the age of AI

By David Molony
Published: Mon 27 Jan 2025

Commentary

David Molony, head of EMEA cyber solutions at Aon, on how the emergence of AI can help address the challenge of underinsurance.

AI (Artificial Intelligence) letters are placed on computer motherboard in this illustration taken, June 23, 2023. REUTERS/Dado Ruvic/Illustration/File Photo
AI (Artificial Intelligence) letters are placed on computer motherboard in this illustration taken, June 23, 2023. REUTERS/Dado Ruvic/Illustration/File Photo

The global threat of significant cyber incidents is greater than ever. More than 600 million cyber attacks are occurring daily, driven by nation-state actors (a government or state entity that is involved in cyber attack) and cybercriminals, according to the Microsoft Digital Defense Report 2024.

This evolving threat is made worse by geopolitical tensions such as the conflicts in Ukraine and the Middle East, which influence the scale and nature of cyber attacks, from direct disruptions to disinformation campaigns and electoral tampering. This threat has only been amplified by the rapid emergence of available AI, as threat actors experiment with the art of the possible through their exploitation, manipulation and control of large language models, which is likely to increase both the volume and effectiveness of malicious incidents.

Furthermore, recent incidents, such as the CrowdStrike outage, have underscored the fragility of global supply chains and highlighted the need for robust digital resilience.

From an insurance perspective, this raises pressing questions. How prepared are organisations to withstand systemic risks and to mitigate the cascading impacts of disruptive cyber incidents?

The growing insurance protection gap and its implications

In the modern technological landscape, intangible assets (non-monetary assets that lack physical substance) are the biggest part of asset portfolios, with the average total value of intangible assets now higher than tangible assets. Yet they remain significantly underinsured. With 54 percent of organisations reporting that they have experienced a material event in the last two years, it is stark that only 17 percent of intangible assets are covered, compared to 60 percent coverage for tangible assets such as property and equipment, according to Aon’s 2024 Intangible versus Tangible Risks Comparison Report.

Cyber attacks pose a growing financial threat, with three-quarters of completed attacks leading to financial losses. Despite this, the report found that only 60 percent of firms currently intend to purchase cyber insurance. This highlights two key challenges:

1. The need for the insurance market to enhance its appeal and to close knowledge gaps around cyber risks.

2. The disconnect between organisations’ evolving risk profiles and their current insurance coverage, leaving them exposed.

Addressing this gap will require heightened innovation, education and tailored solutions to meet the scale of the challenge. The introduction of generative AI further accentuates this.

Insurers’ response and the evolution of the market

Cyber insurance should not be viewed as a substitute for robust IT and information security controls but as a vital complement in the risk management toolkit. Even so, uptake currently remains limited due to perceived complexity, coverage challenges and pricing concerns.

What also stands out is that only half of the managers surveyed in Munich Re’s Global Cyber Risk and Insurance Survey 2024 stated that their company had been offered cyber insurance to date. So clearly there is more for the insurance sector to do in order to reach these customers and help demonstrate how effective insurance provides operational continuity, regulatory compliance and critical financial protection.

Pre- and post-incident services also remain central to cyber insurance value. Network security and system backups are essential preventative measures, while data restoration and 24-hour response hotlines are invaluable following an attack.

What is clear from this is that most companies are not buying enough effective cover, with reasons including unclear coverage and price. This lack of coverage is ultimately driving unnecessary financial loss.

The future of cyber insurance

The cyber insurance market is projected to grow to $29bn by 2027, according to Munich Re, driven by increasing reliance on technology and emerging exposures such as generative AI.

For this growth to be sustainable, the insurance sector must continue to improve how it communicates and sells products, while clients need to improve how they quantify risk to match coverage with their actual needs. Insurance profiles must adjust with the pace of asset portfolio change to ensure organisational resilience and protection.

Secondly, advancements in accumulation modelling and innovative coverage design will enable insurers to offer more customised and differentiated products.

Additionally, reinsurers will play a pivotal role in evolving strategies to manage portfolio risk and support insurers in expanding their capacity confidently.

By bridging this gap between understanding, innovation and practical solutions, the industry will build a stronger, more resilient ecosystem for navigating today’s ever-escalating cyber risks.

Cyber
Technology
Aon