NEW YORK — The emerging risks and exposures associated with the onset of artificial intelligence was a major theme in sessions and discussions at the Professional Liability Underwriting Society’s Cyber Symposium in New York last week.
Even as they turned their attention to the future, however, most participants noted that ransomware remains a bane of the cyber liability insurance sector.
“AI amplifies the current exposures that we’re seeing right now within cyber and tech,” said Mike Colford, Berkeley Heights, New Jersey-based senior vice president, cyber product leader with Westfield Specialty.
The technology is intensifying existing risks, he said.
Breaches will become more sophisticated due to the use of AI, said Elizabeth Napoli, Chicago-based vice president, U.S. corporate insurance, for Trisura Insurance, during a joint cyber and directors and officers liability session at the conference.
One way AI is being used is to attack businesses at scale, said John Keebler, Chicago-based U.S. cyber development lead for CFC Underwriting.
“Threat actors are using it. It’s elevating, and in a certain sense democratizing the strategies and technologies required to perpetrate attacks,” he said.
Cyber criminals have incorporated automation into their attacks to make them as broad as possible, said John Menefee, Cleveland-based enterprise cyber lead at Travelers Bond and Specialty Insurance, a Travelers unit.
Maintaining current controls such as multifactor authentication can help protect against many attacks, given that many cyber criminals target “low-hanging fruit” and will move on if the process becomes too challenging or time-consuming.
“Don’t forget to do the basics,” Mr. Menefee said.
Faced with the growing use of AI by cyber criminals, cyber insurance policyholders are seeking more clarity on how their coverage will respond to such threats, said Kara Higginbotham, New York-based head of professional liability and cyber at Zurich North America.
“There’s a debate over clarity. A lot of our customers want to see it, because there’s so much new use of AI technology,” Ms. Higginbotham said.
The insurance industry should use the opportunity to more fully define the risks and coverages, said Maria Long, New York-based chief underwriting officer at cyber insurer Resilience.
“It is our opportunity to sharpen our pencil and be very deliberate about how we intend to affirmatively cover this risk,” she said. “Definitions matter very much. What the industry has to do is create and separate definitions.”
Ransomware, meanwhile, continues to vex insurers and policyholders, sources said.
“There’s no question that, from a pure loss perspective, ransomware is still number one,” said Westfield’s Mr. Colford. “We’re trying to predict the future a little bit with AI and where it’s going and where that could lead to gaps in coverage or potential claims, but ransomware hasn’t gone anywhere.”
Ransomware attacks are now also more frequently followed by litigation, which further increases costs, said Zurich’s Ms. Higginbotham.
“We are seeing a large uptick in litigation — data breach litigation, class action litigation — following a ransomware event, which is not what we used to see. Ransomware events were primarily first-party coverage-driven events, but now you’re almost always seeing litigation,” leading to claims taking longer to resolve and costing more, Ms. Higginbotham said.
