Some industry stakeholders are concerned that cyberattacks could be evolving too fast for insurance coverages to keep up. Artificial intelligence (AI), they say, has supercharged these attacks and put SMEs at greater risk.
“Cybercrime was already a significant challenge for the SMB insurance industry, however, this latest AI-powered wave of it has kicked this trend into overdrive,” said Skye Theodorou (pictured), CEO of the insurtech upcover.
Theodorou said the April hacks against the country’s big superannuation funds put a greater focus on cyber insurance. However, these headline grabbing cybercrimes, she said, can obscure the fact that SMEs – the majority of clients of many brokers – can be just as attractive to these criminals.
“In some ways, assaulting smaller businesses can be more profitable for cyber criminals,” said Theodorou.
One reason is that attacking an SME can be easy. Comparatively few have adequate cyber defences or insurance covers. The Insurance Council of Australia (ICA) has said that under 20% of these businesses have cyber insurance.
“AI is making cyber more ubiquitous and increasing the number of businesses at risk,” said Theodorou.
Despite a softening market, reports suggest premiums for some customers are still rising steeply after peak increases across the market of about 50% in 2023.
Another reason for ongoing premiums hikes include the cost of ransomware attacks. A Sophos report found that the average cost of ransom payouts in 2024 increased to US$2 million from US$400,000 the year before.
She suggested that many SMEs don’t fully understand that the impact of these attacks can be “crippling”.
“They [cyberattackers] can directly steal funds from companies or their leaders, or alternatively use ransomware to limit and prevent access to computers, systems and tools seeking payment that they know businesses’ can afford and would be willing to pay,” said Theodorou.
“Thanks to AI, we’re seeing these attacks occur at a greater rate each day,” she said. “I think this is a really challenging area of insurance for business.”
Other industry stakeholders agree.
“It’s no secret that cyber threats have forced insurers to rethink how they assess and price risk, but growing access to generative AI tools is turbocharging the complexity and ambiguity of those threats,” said Niek Dekker, vice president of marketing for fintech firm Eftsure.
Sydney-based Dekker said cyber tactics are now more personalised and sophisticated.
The result, he said, is an “increasingly uncertain threat landscape.” He expects nearly every business to be targeted in some way.
Recent industry reports chart the alarming increase in AI-fuelled cyberattacks.
The report said AI-powered cyberattacks “are making traditional security measures useless” and using AI to deploy “hyper-realistic phishing scams” and target software vulnerabilities before patches exist, catching businesses off guard.
“Our latest research demonstrates that adversaries are becoming more efficient, focused, and business-like in their approach — in many ways, more like the enterprise organisations they prey upon,” said the authors of the 2025 CrowdStrike Global Threat Report.
The report detailed the uptick in AI fuelled attacks, including from China, North Korea and Russia – but also “unidentified threat actors.”
“In February 2024, unidentified threat actor(s) used public footage of a target company’s chief financial officer and other employees to create credible deepfake video clones and socially engineer the victim into transferring 25.6 million USD to the threat actor(s),” said Crowdstrike in one example.
Cyber tech firm Sygnia said another difference in recent months is that supply chains have become more of a target, increasing third party risks for insurers’ clients.
“By targeting the legitimate third-party vendor permissions of their chosen target, threat actors are increasing the potential for severe disruption by continually bypassing traditional security controls.”
Insurance Business is reaching out to cyber brokers to find out how they are helping clients mitigate AI generated cyberattacks
Are you a cyber insurance broker? How do you see these cyberattacks and how are you helping clients stop them? Please tell us below
