AI is slated to add up to US$4.4trn to annual global GDP growth but as the emerging technology becomes used by a broader range of business sectors there is potential for it to create a significant ‘silent’ cyber risk which sits unseen in carriers’ general insurance portfolios.
The SRI research paper: ‘Tech-tonic shifts: How AI could change industry risk landscapes’, contained an analysis of the risk profile of AI across various industries to evaluate insurers current and future exposures to various sectors.
Consultants McKinsey predicted earlier this year that the introduction of AI across a number of industries could increase global GDP by up to $4.4trn annually. However, the recent SRI analysis warned that this also means that AI risks could accumulate silently within insurers’ portfolios.
The SRI report said that if AI growth predictions are correct then its use will become ubiquitous across multiple industries.
“This will bring AI into traditional insurance lines, which if it is not specifically included or excluded, could exacerbate losses. This has been described as ‘silent AI risk’ and has potentially serious consequences for the accumulation of risks in insurance portfolios.
AI may be revolutionary in many ways, but it will sometimes also be fallible. It is for insurers to consider how to sustainably provide and create resilience for this emerging technology,” said SRI.
Short term AI risks
SRI said that it would look more closely at the role of silent AI risk in its future research but in its latest paper it analysed both previous AI incidents and forward looking patent data to assess the AI risk within 10 industries both on the near term and over an eight to 10 year period
The SRI report said that AI risk was currently concentrated in a few sectors, particularly technology given its role as the developer of the underlying systems. The second most exposed sector cited by SRI was government and education because of the current widespread use of AI by both areas.
SRI said the third industry most at risk currently was the media and communications sector which has short-term exposure to intellectual property risk, due to the legal status of the use of copyrighted materials to train large language models (LLMs), like ChatGPT.
The outlier is energy and utilities. Because of energy infrastructures’ critical role in enabling economies to function any incident would result in a serious insured loss, but SRI said there is a low likelihood of an AI-linked attack occurring in the short term.
SRI said that these risk exposures would evolve as the tech becomes dispersed across a wider range of sectors and it cited the healthcare and pharmaceutical industries as being at greatest risk from AI-linked cyber attacks in the long term.
AI risk will evolve
The SRI report said that this was a result of the potential high frequency of incidents due to the number of AI apps which are likely to be integrated in the sectors’ respective ecosystems. This could result in high-severity losses for insurers in areas such as bodily injury and professional liability.
SRI said that the probability of AI risk in energy and utilities would also evolve and increase over time as the tech becomes widely deployed in smart grids.
The report also said that a number of sectors — most notably health and pharma, IT services, and energy and utilities — would likely see a significant rise in the share of AI-related risks due to algorithmic and performance issues.
The potential for algorithmic failures to morph into bias in the insurance sector has already sparked a number of high profile legal cases against carriers in the US and prompted the country’s National Association of Insurance Commissioners to issue guidance on AI bias in its December 2024 Model Bulletin.
The SRI report said that financial services firms such as insurers will face increased scrutiny over their use of AI in human facing areas of their business. The reinsurer cited the example of a recent US report which suggested that algorithms are 40‒80% more likely to reject mortgage applications from persons of colour than from white applicants.
“Data bias may lead to poor underwriting, not to mention potential regulatory and reputational risk, and the possibility of liability cases and claims,” said the SRI report.
Algo failure insurance
The flip side of the potential for AI to increase insurers cyber risk exposure is that it also offers the potential for new products. The report cited the AI Performance Warranty product launched by Armilla Assurance in 2023 which indemnifies the performance of AI models, as an example.
The reinsurer warned that despite the rapid expansion of cyber insurance in recent years — the SRI report estimated the market has tripled in size in three years — a significant protection gap still exists.
And while the current SRI cybercrime model scored AI attack risk lower than other cyber incidents the reinsurer said that it had limited past data, and no forward looking data on AI-targeting attacks but the potential for criminals to hijack the technology could result in major loss incidents for insurers.
“If cyber criminals come to target AI systems in the same way they target non-AI digital systems, the risk could be significantly higher.
One can imagine the damage that could be caused by, for example, hacking the AI of an autonomous car fleet, let alone the use of AI as a hostile attack weapon,” said the SRI report.
