Can Cyber Insurance Protect Your Business from Smarter AI-Powered Criminals?

Technological advancements are occurring so fast nowadays that it can be hard to keep up. Businesses are exposed to risks in the digital realm we could only have imagined before. One of the newest threats is associated with artificial intelligence (AI) and cybersecurity. In fact, up to 85% of new cyber attacks have been ai-powered, according to security experts.

As AI evolves, so do cyber threats, and insurance companies must adapt to provide comprehensive cyber insurance to cover the damages that could be caused by these cyber incidents more efficiently. Let’s explore how the cyber insurance industry navigates this complex landscape, outline the role of cyber insurance in minimising AI-induced risks, and present strategies for businesses to secure themselves against AI-powered criminals.

How is AI Redefining Cybersecurity Threats?

AI is changing the risk landscape, as it not only amplifies potential opportunities for businesses but also creates new vulnerabilities. Cyber criminals are leveraging AI tools for nefarious activities, and they could cause severe damage. Advances in machine learning and generative AI are empowering hackers to launch sophisticated cyberattacks with an unprecedented level of precision and scale.

A notable example is the 2020 Twitter hack, where high-profile accounts were compromised to solicit Bitcoin fraudulently. This incident underscores not just the vulnerability of digital platforms to AI-powered attacks but also the ingenious ways in which cybercriminals exploit AI to manipulate social media algorithms and engineer phishing schemes. Such sophisticated attacks show the urgent need for businesses to reassess and fortify their cybersecurity defences against the increasingly intelligent threats posed by AI advancements.

What is the Nature of Cyber Crimes Powered by AI?

AI-based attacks, particularly those driven by generative AI, alter the nature of cyber threats. They could facilitate the creation of personalised phishing attacks, manipulate information for malicious reputational damage or financial gain, or generate fake social media profiles for elaborate social engineering scams. Understanding the evolving nature of cyber threats driven by AI is essential for risk management.

There are a few primary strategies employed by criminals using readily available AI tools like ChatGPT, Dall-E and Midjourney: automated phishing tactics, impersonation techniques, social engineering schemes, and the deployment of counterfeit customer support chatbots are among the listed methods:

1. Automated Phishing Attacks

Spear phishing attacks are automated phishing attacks, where AI, particularly ChatGPT, is harnessed to construct emails with impeccable grammar and detail, eliminating traditional red flags. This method has contributed to a substantial 1,265% surge in malicious phishing emails according to the SlashNext State of Phishing Report 2023, with the rise largely attributed to AI-driven business email compromises.

AI-driven software has been exploited to craft highly personalised phishing emails, which mimic legitimate communication so closely that they deceive even the most vigilant individuals. In one alarming case, AI was used to mimic the voice of a UAE-based businessman, leading to a fraudulent transfer of $35 million. This shocking level of effectiveness of AI in crafting emails that bypass conventional spam filters and trick recipients into compromising their personal information poses significant risk to businesses.

2. Impersonation Attacks

The incidence of impersonation attacks is increasing. In these attacks, cybercriminals leverage tools like ChatGPT to imitate real individuals and organisations. In one incident, scammers used this tactic by impersonating a distressed grandson, almost succeeding in convincing an elderly couple to withdraw R100,000 under false pretences. This form of cyber extortion powered by artificial intelligence is becoming more and more common.

3. Social Engineering Attacks

Social engineering attacks are being executed with the assistance of AI chatbots. Social engineering attacks take advantage of AI chatbots to create chaos through voice cloning and deepfake technology. One case involved a hacker using ChatGPT to generate a deepfake video during Chicago’s mayoral election, attracting thousands of views with fabricated statements attributed to candidate Paul Vallas.

4. Fake Customer Support Chatbots

Fraudulent customer support chatbots do exist, though widespread adoption is expected to take another year or two. Cybercriminals are expected to employ AI to create deceptive customer service chatbots on fraudulent bank sites. These chatbots, designed to appear human, will likely be used to manipulate unsuspecting victims into divulging sensitive personal and account information.

5. Sale of AI Tool Login Credentials

Cybercriminals often employ information theft software to extract login details and sensitive information from vulnerable devices. Login credentials for ChatGPT are now in high demand on the dark web, similar to the sale of passwords for various online services. The digital black market is witnessing a surge in the sale of AI tool login credentials, making it a lucrative target for cybercriminals.

This not only exposes businesses to direct financial losses but also puts their proprietary data at risk of being manipulated or stolen. As AI tools become more integral to business operations, the impact of such a security breach expands, affecting everything from customer trust to competitive edge.

6. Misuse of Open-Source AI Tools

Despite ChatGPT being designed to prevent illicit use, certain AI tools operate without such constraints, leading to potential misuse. BlueVoyant’s threat intelligence detected the development of a variant of WormGPT, accessible through subscription on the dark web, capable of malicious use. WormGPT serves as a tool for aiding phishing campaigns, enabling attackers to craft convincing messages with sophisticated language, complicating the detection of fraudulent emails.

Does Generative AI Pose a New Risk to Cyber Insurance?

Yes, generative AI poses complex risks that present coverage challenges for the cyber insurance market. The sheer potential scale of AI-powered cyber crime exposes insurance companies to unprecedented liability. Insurers will need to revise underwriting procedures and reassess how they calculate premiums to effectively cover generation AI-induced threats.

The Role of Cyber Insurance Cover in Minimizing AI-Induced Cyber Risks

• Can Cyber Insurance Effectively Cover Damages from AI-Powered Data Breaches?

Managing the exposure to AI-powered crimes requires a comprehensive cyber insurance policy that addresses a broad range of cyber risks. Effective coverage should compensate losses from data breaches, including resources used for damage control, legal expenses, and reinforcing security measures. However, existing cyber policies may not fully cover all AI-enabled threats, highlighting the need for continuous policy adaptations by the insurance business.

• How Corporate Insurance Buyers Can Assess Their Risk Profiles?

Insurance buyers should use AI risk management strategies to assess their exposure and determine suitable coverage. For example, the use of AI in customer service chatbots presents a vector for impersonation attacks, necessitating a review of security measures surrounding these technologies. By closely examining these aspects, businesses can tailor cyber insurance policies that accurately reflect their unique AI-related vulnerabilities.

• Why is Resilience Against AI Cyber Risks Crucial for Insurance Policyholders?

Cyber resilience through robust information security systems is critical for businesses to withstand these new threats. A business’s resilience also influences the underwriting process, with stronger defences potentially leading to lower premiums. Therefore, policyholders should invest in cybersecurity insurance and mechanisms such as encryption, secure back-ups, and intrusion detection to enhance their resilience.

How is AI Impacting the Underwriting Process of Cyber Insurers?

AI automation can streamline the underwriting process, allowing for optimised risk assessment and tailored policy premiums. AI systems can analyse large volumes of data to spot patterns and predict cyber risks, giving cyber insurers valuable insights to calibrate their coverage offerings effectively.

• What Challenges Could AI Pose to Cyber Insurance Underwriters?

Despite AI’s benefits, its rapid evolution poses considerable challenges to underwriters. Unpredictable AI-powered cyberattacks could lead to vast across-the-board losses for insurance companies, potentially destabilising the insurance market. There is, thus, a need for comprehensive risk management and adaptability within the insurance industry.

• What are the Trends in Premiums Because of the Shift in the Cyber Risk Landscape?

As AI changes the cybersecurity landscape, it also influences insurance premiums. Unknown variables in AI-associated cyber threats could lead to higher premiums. Insurers and companies may need to leverage AI in risk assessment and underwriting procedures to balance coverage and cost.

What’s Covered by Business Cyber Insurance in South Africa?

Traditional risks like a privacy breach, ransomware attacks, and cyber events that are known and listed in your policy are usually covered by service providers. But new AI-powered risks to cyber security may not be. Coverage differs depending on your provider, but here are some commonalities:

1. Common Inclusions and Exclusions in Cyber Insurance

Common inclusions in cyber liability insurance often cover legal costs, public relations efforts, and digital forensics in the aftermath of a cyber breach. However, companies must be aware of common exclusions, such as losses from unencrypted devices, outdated software, and physical theft. Coverage against AI threats varies significantly amongst insurers and policies must be diligently scrutinized to bridge any gaps in coverage.

2. How Variations in the Use of AI Could Impact What is Covered

Variations in the use of AI by cyber criminals could significantly impact what is covered by cyber insurance. Innovative and evolving attacks might not fall within the purview of traditional insurance policies, requiring carriers to continually innovate and adapt their products to the ever-changing variance of AI-induced threats.

Can AI Help Secure Your Business Against New Cyber Threats?

To combat AI-powered cyber threats, businesses must integrate AI into their cybersecurity defences. Investing in AI-driven security technologies not only enhances a business’s defensive posture but also demonstrates to insurers a commitment to mitigating risk, potentially influencing the terms and cost of cyber insurance coverage.

Use AI in Cybersecurity

AI can also be used in countering cyber threats. Machine learning algorithms can predict and detect anomalous behaviour in network activity, thereby identifying potential threats before they cause significant damage. Cyber risk management should involve strategically leveraging AI to counter cyber threats, boosting the business’s resilience, and potentially reducing insurance costs.

Using AI for real-time threat detection and analysis enables companies to identify and mitigate sophisticated attacks before they cause harm. For instance, AI can analyse patterns of network traffic to pinpoint anomalies indicative of a cybersecurity threat, providing an essential layer of defence against the dynamic tactics employed by AI-augmented cybercriminals.

Corporate cybersecurity Against Malware, Phishing, and Social Engineering

Businesses need to adopt the best practices in corporate cybersecurity to stand against AI threats. This includes employee training to recognise phishing attempts, robust measures against malware, regular security audits, and investment in AI-powered solutions to harden defences against sophisticated cyber attacks.

As we look toward 2024, we anticipate AI-enabled crimes will continue to evolve, presenting new challenges for the cyber insurance industry. However, opportunities for AI to aid in risk prediction, underwriting, and loss control also await. Companies that invest in AI risk management, robust security measures, and comprehensive cyber insurance will be better prepared to navigate this evolving landscape.