The Role of AI in Assessing Cyber Risks: A Modern Tale of Defense

The current cyber risk landscape – Hot spots

Over the past months, we have observed a surge in cyber-attacks, with ransomware once again on the rise. According to the analysis by Munich Re, the annual ransom crypto payment spiked from US$567m in 2022 to US$1.1bn in 2023. Other costly attack vectors were business email compromise (BEC) and supply chain attacks. Between 2021 and 2023, BECs caused US$3bn in losses and affected 22,000 victims globally (Symantec), and, in 2023 alone, the number of BEC cases doubled (Verizon). There were twice as many software supply chain attacks in 2023 compared to the previous three years combined. In 2023, the software supply chain cost businesses US$45.8bn to address 245,000 supply chain incidents (Juniper Research). The attack against MOVEit, which leveraged a zero-day vulnerability in data transfer software, was the most prominent attack in this category. Data breaches remained at a high level, with the average cost of a breach reaching an all-time high of US$4.45 million (IBM).  

© Munich Re

The global cyber insurance market has reached a size of US$ 14bn in 2023 and is estimated by Munich Re to increase to around US$ 29bn by 2027. Showing significant growth potential, the market is driven by the awareness of the increasing frequency and sophistication of cyber-attacks, including the potential financial repercussions, as well as by stricter regulatory requirements, such as the Network and Information Security Directive (NIS2) taking effect in October 2024.

AI Spending and Growth Rate Forecasts

In 2022, OpenAI introduced ChatGPT to the world, and within months, it reached the Peak of Inflated Expectations (according to Gartner’s  Hype Cycle for Generative AI). By 2027, Gartner believes the enterprise IT market spending for artificial intelligence, including AI and GenAI, will reach $822 billion. AI services will be the dominant growth driver in the IT services market, at 16.9% five-year CAGR. The bottom line is that most GenAI revenue will come from displacing spending from other spending categories, with minimal net new spending.

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner's research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

Is there any difference between AI and GenAI?

If we visualize the field of Artificial Intelligence (AI) as an onion, then AI is the outermost layer that represents the broad science of using technology to build machines and computers that mimic human abilities (e.g., seeing, understanding, making recommendations). Beneath this lies machine learning, the foundational layer. Descending further into the hierarchy, one encounters deep learning, characterized by its complexity of imitating the way humans gain certain types of knowledge.  

At the core of this layered framework resides generative AI (GenAI). Much like the vital nucleus of an onion, generative AI embodies the essence of creativity and innovation within the AI landscape. GenAI can create totally novel and original content, including text, images, audio, video, and more, just like how the core of an onion holds the potential for growth and regeneration. 

AI’s Impact on Cyber Risk Assessment

One of the most significant advancements AI brings to cybersecurity insurance is enhanced risk assessment. Traditional methods often rely on historical data and manual analysis, which can be slow and prone to errors. In contrast, AI employs machine learning algorithms and advanced analytics to assess risks in real time.

AI-powered tools can analyze vast amounts of data from various sources—such as network traffic, user behavior, and historical incident reports—allowing insurers to identify vulnerabilities and threats with greater accuracy. For example, AI can detect unusual patterns that might indicate a cyber threat, providing valuable insights into an organization’s risk profile. This proactive approach enables insurers to tailor coverage to meet the specific needs and vulnerabilities of each business.

The Rise of AI: A New Ally in the Fight

Meet AI, our digital ally. With its incredible speed and analytical prowess, AI quickly became a game-changer in the cybersecurity realm. So, how exactly does it fit into our narrative?

1. Data Analysis at Lightning Speed: Think of AI as a detective with a superpower—it can analyze millions of data points in mere seconds. Picture it scanning network traffic, user behaviors, and system logs like a hawk eyeing its prey, identifying patterns that signal potential threats.

2. Predictive Analytics: The Crystal Ball: AI doesn’t just react; it predicts. Imagine having a crystal ball that forecasts where threats may emerge. By studying past incidents, AI can highlight vulnerabilities, allowing organizations to reinforce their defenses before a storm hits.

3. Behavioral Analysis: The Watchful Guardian: AI has an uncanny ability to understand what “normal” looks like. It’s like having a vigilant security guard who knows each employee’s routine and immediately spots anything amiss—like a sudden spike in access to sensitive files at odd hours.

4. Continuous Learning: The Ever-Evolving Warrior: AI isn’t static; it grows smarter with time. Every piece of new data strengthens its algorithms, refining its threat detection capabilities. It’s a constant learner, adapting to stay one step ahead of cybercriminals.

Personalised Coverage Solutions

AI is also revolutionizing the way cybersecurity insurance policies are designed and personalized. Traditional insurance models often offer standardized coverage options, which may not fully address the unique risks faced by different businesses. With AI, insurers can create more customized coverage solutions that are aligned with the specific risk profiles of individual companies.

By analyzing data such as a company’s industry, size, and cybersecurity practices, AI can help insurers design policies that offer targeted protection. For example, a company that handles highly sensitive customer data might require more extensive coverage for data breaches than a company with less sensitive information. AI enables insurers to assess these needs more accurately and provide tailored coverage that reflects the true risk exposure.

Another area where AI is making a significant impact is in the claims processing aspect of cybersecurity insurance. Traditionally, the claims process can be cumbersome, involving extensive paperwork and lengthy investigations. AI streamlines this process by automating various tasks, such as data collection and analysis, and providing quicker insights into the nature and scope of the claim.

Excessive hype damages our perception of time and balance, but roadmap planning requires that cybersecurity leaders factor in all possibilities, without a strong fact base that balances cybersecurity realities with GenAI hopes or promises. The cybersecurity industry has long been obsessed with fully automated solutions. The hype surrounding GenAI already led to unrealistic promises, potentially damaging the credibility of longer-term improvements coming from future features and products.

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner's research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

Shift: AI Approach of Fraud Detection  

Shift Technology's AI-driven solutions offer comprehensive support for fraud detection, claims processing, and compliance. By leveraging advanced AI technology, insurers can enhance their operational efficiency, reduce risks, and improve compliance with regulatory requirements. The company's products are trusted by some of the most prominent insurers globally, underscoring their effectiveness and reliability in the insurance industry.

Shift Technology, founded in 2013, specializes in AI-driven solutions for the insurance industry, providing intelligent decisioning across key functions such as fraud detection, claims processing, and compliance. With a focus on automating and streamlining critical processes, Shift Technology's suite of products is trusted by some of the world's leading insurers. Here's a detailed overview of their offerings and the value they bring to the insurance industry. 

Fraud Detection 

Shift Technology's fraud detection solutions are designed to identify potentially fraudulent activities across multiple stages of the insurance process. Here's a breakdown of their key fraud detection products: 

• Shift Underwriting Risk Detection: This tool helps insurers detect potentially fraudulent entities and applications before they open accounts. By catching risks early in the underwriting process, insurers can prevent fraudulent policies from being issued. 

• Shift Claims Fraud Detection: This solution uses advanced AI to identify potential claims fraud with high accuracy. It provides detailed contextual guidance to investigators, helping them focus on the most suspicious cases and accelerate the investigation process. 

• Shift Improper Payment Detection: Going beyond traditional fraud, waste, and abuse detection, this product identifies improper payments at various levels, including patient, provider, and network. This comprehensive approach helps insurers address financial risks in a holistic manner. 

Claims Processing 

Shift Technology offers a range of solutions to streamline claims processing, increase efficiency, and reduce settlement times. The following are key components of their claims solutions: 

• Shift Claims Document Decisions: This tool extracts, analyzes, and verifies both structured and unstructured claims data, enabling faster settlements and improved efficiency in claims processing. 

• Shift Claims Intake Decisions: Providing a seamless claims experience, this solution integrates across multiple channels and uses AI-based decision support to ensure consistent and accurate processing of claims. 

• Shift Subrogation Detection: This product analyzes structured and unstructured claims data in real time to identify subrogation opportunities, allowing insurers to recover costs more efficiently. 

Compliance 

Shift Technology also addresses compliance needs, ensuring that insurers meet regulatory requirements and detect financial crimes. This tool examines entities and transactions throughout the customer lifecycle, supporting anti-money laundering (AML) and know your customer (KYC) efforts. It helps insurers comply with regulations and prevent financial crimes. 

The Human Element

While AI is invaluable in assessing cyber risks, it cannot replace human expertise. The most effective cybersecurity strategies integrate AI with human intuition and oversight. Security professionals interpret AI findings, make context-based judgment calls, and devise comprehensive responses to complex threats.

The Human-AI Partnership

A symbiotic partnership between humans and AI is essential for transforming cybersecurity. Cybersecurity leaders must view AI as a complement to human insight. Generative AI can enhance human creativity, while precision AI offers transparency. However, responsible oversight and continuous improvement driven by human insight remain crucial.

Security teams should curate the training data used by AI systems and monitor their performance post-deployment. By evaluating real-world results, analysts can provide feedback to refine algorithms and address potential biases. Ongoing collaboration between technologists and security experts will ensure AI augments human analysts as trusted partners rather than merely automating tasks.

The Future of Cybersecurity Insurance with AI

As AI technology continues to advance, its impact on cybersecurity insurance will likely grow even more profound. The ability to leverage AI for real-time risk assessment, personalized coverage, and efficient claims processing represents a significant leap forward in how businesses manage cyber risks. By integrating AI into their insurance strategies, companies can better protect themselves against evolving cyber threats and ensure that their employee benefits packages remain robust and relevant.

In conclusion, AI is not just a tool but a transformative force in the world of cybersecurity insurance. Its ability to enhance risk assessment, personalize coverage, and streamline claims processing is reshaping the industry and setting new standards for how businesses approach cyber risk management. As the digital landscape continues to evolve, AI will undoubtedly play a pivotal role in helping organizations navigate the complexities of cybersecurity insurance and safeguard their operations against emerging threats.