Australian insurance organisations are reporting a significant shift in their cybersecurity priorities, with insider threats now considered a greater concern than external attacks.
This trend is highlighted in a recent global study by Exabeam, which surveyed over 1,000 cybersecurity professionals, including those in Australia’s insurance sector.
The findings indicated that 58% of Australian respondents see insider risks – whether from malicious intent or compromised credentials – as a more pressing issue than threats originating outside the organisation.
The research also revealed that 84% of local professionals expect these risks to escalate over the next year.
The increasing use of generative artificial intelligence (GenAI) is cited as a key factor in this shift.
GenAI tools are enabling both legitimate users and threat actors to operate with greater speed and sophistication, making it more difficult for traditional security measures to detect abnormal behaviour.
“Insiders aren’t just people anymore. They’re AI agents logging in with valid credentials, spoofing trusted voices, and making moves at machine speed. The question isn’t just who has access – it’s whether you can spot when that access is being abused,” said Steve Wilson (pictured left), chief AI and product officer at Exabeam.
Australian insurers are rapidly integrating AI technologies into their claims processes. According to a whitepaper from Gallagher Bassett, nearly 90% of insurers in Australia have now adopted GenAI in some aspect of claims handling, which marks a substantial increase from the previous year.
The adoption of AI is most prominent in areas such as claims intake, fraud detection, and customer communication.
John White, head of sales and client services – general insurance at Gallagher Bassett, said a growing number of insurers are leveraging GenAI to improve various stages of the claims process, such as initial intake, triage, fraud prevention, and interactions with customers.
“The results of our 2025 Claims Insights whitepaper showed 88% of Australian insurers now use gen AI in claims resolution – an increase of 38 percentage points compared to last year,” he said.
The report also highlighted that 64% of insurers see improved decision-making through data analytics as a primary benefit of AI, while 62% are using predictive technologies to address fraudulent claims – outpacing the global average.
Despite widespread AI adoption, many Australian insurers are still developing the capabilities needed to detect insider threats effectively.
Only about a third of organisations have implemented user and entity behaviour analytics (UEBA), which is considered essential for identifying unusual activity early.
The majority continue to rely on more traditional tools, such as access management and endpoint detection, which may not provide the necessary behavioural context.
Kevin Kirkwood (pictured right), CISO at Exabeam, said artificial intelligence has introduced new levels of speed and complexity to insider actions, often outpacing the capabilities of conventional security measures.
“Security teams are deploying AI to detect these evolving threats, but without strong governance or clear oversight, it’s a race they’re struggling to win. This paradigm shift requires a fundamentally new approach to insider threat defence,” he said.
The Insurance Council of Australia (ICA) has called for enhanced cybersecurity requirements for businesses, particularly in light of the growing use of AI-driven attacks.
In its submission to the Department of Home Affairs, the ICA recommended that technology providers face greater accountability, that workforce development initiatives be expanded, and that ransomware reporting requirements be broadened to cover more entities.
The ICA also stressed the importance of a national strategy that recognises the differing resources available to large enterprises and small to medium-sized businesses, many of which may lack the capacity to invest heavily in cybersecurity.
