Policy wordings failing to keep pace with Asia Pac’s ravenous appetite for AI

Artificial intelligence is revolutionising businesses across Asia-Pacific, yet too few insurance policies explicitly address the new risks this brings to the corporate landscape. This is opening the region up to problems in the future.

A recent survey from Aon suggests that 79% of the broker’s clients in the APAC region are currently using artificial intelligence or plan to in the next year. However, wary of the vast unknowns that the new technology brings, insurers have been slow to support this trend.

“When we move around the region and ask how they would like the insurance market to support these ambitions the majority would like to see existing policies extend coverage to address any AI risks and liabilities,” says Adam Peckman, Aon’s Head of Cyber Solutions for APAC.

Peckman likens the emergence of AI to the early days of cyber insurance, where cyber risks were often unintentionally covered under traditional policies. This materially impacted some portfolios.

“Our journey in the cyber insurance market highlights that we need to be vigilant of any potential silent AI risks emerging across policies as the breadth of AI applications and use cases increases,” says Peckman.

“Our journey in the cyber insurance market highlights that we need to be vigilant of any potential silent AI risks emerging across policies as the breadth of AI applications and use cases increases.”

Adam Peckman

Head of Cyber Solutions, APAC at Aon

While this is a global issue, Ashwin Kashyap, co-founder and chief product officer of CyberCube, says that the dangers could be more prevalent within APAC, due to the wider “cybersecurity maturity gap” that exists in the region.

“AI tools have enabled threat actors to improve the effectiveness of phishing campaigns by eliminating previously recognised indicators of phishing emails, such as grammatical and spelling errors,” says Kashyap. “We have also seen AI tools being used to generate very convincing voice and video deep-fakes that have been used to instigate financial fraud.”

In February, a Hong Kong-based employee of British engineering firm Arup was tricked into wiring US$25m to fraudsters, after interacting with a digitally-cloned version of the firm’s chief financial officer.

“We expect an increase in the frequency of cyber attacks that will impact loss ratios in the cyber insurance industry over the coming years,” says Kashyap.

“We have also seen AI tools being used to generate very convincing voice and video deep-fakes that have been used to instigate financial fraud.”

Ashwin Kashyap

Co-Founder and Chief Product Officer of CyberCube

In May, the Swiss Re Institute published a study looking at the impact of AI risk across different industries.

In the near-term, the highest probability of risks (55% of the total) is concentrated within information and technology, the sector which has been quickest to adopt AI.

However, moving on to longer-term horizon (eight to ten years), the picture is more mixed, with the health, education, transportation and media sectors all facing significant risks.

By not explicitly tackling AI risk within more traditional policies, insurers are leaving the way open for future resolution disputes, whereby a policyholder assumes a particular risk is covered only to find that this view is at odds with its insurer.

Conversely, such ambiguity could also lead to a significant increase in “silent AI” risk, in which the use of AI means that the exposures within traditional insurance policies are far higher than expected.

“As such, we want clients to be very deliberate about stress testing their insurance programs to identify areas of potential ambiguity,” says Peckman. “We are doing this through cataloguing the AI use cases, overlaying potential risk scenarios, and then mapping any gaps in coverage or grey areas that need to be addressed with their insurer partners.”

The great unknowns

There have been some new product developments on the back of the AI frenzy.

Back in 2018, Munich Re launched what is widely thought to have been the first insurance solution specifically targeting AI risk, known as aiSure. Since then the reinsurer has been seeking to refine and scale its offering.

In October, Swiss Re teamed up with US startup Armilla Assurance to offer third-party coverage for AI performance risk. This includes algorithmic failures, which could lead to inaccurate risk assessments or unfair policy pricing. For now, these products are only available in the US market.

In March, Coalition, a managing general agent that specialises in cyber, tweaked the definition of “a security failure or data breach” in some of the products that it offers in North America, to explicitly include an AI security event.

Such developments, though, still remain fairly niche – and many of them have not yet reached the APAC market.

“Despite its transformative potential, the insurance industry – particularly in the domain of cyber insurance – has yet to explicitly address the risks and implications associated with Gen AI,” says Shay Simkin, Global Head of Cyber for Howden.

“We believe that in the very near future we will see insurers more actively addressing this issue with policies that specifically cover failures in AI systems, including algorithmic errors, unintended consequences and misuse of AI technology.”

“Despite its transformative potential, the insurance industry – particularly in the domain of cyber insurance – has yet to explicitly address the risks and implications associated with Gen AI.”

Shay Simkin

Global Head of Cyber for Howden

The problem is that AI technology is developing so fast that there is not yet enough data to give insurers the comfort they need to explicitly include this kind of risk in their policies.

This could open the industry up to dangers that it is not adequately prepared for. It may also create opportunities for those players who are prepared to underwrite the risk.

“Some insurers with product development capabilities are attempting to work through the challenge of creating new AI products,” says an expert from Swiss Re. “Taking into consideration the lack of historical data to assess loss frequency and severity, the absence of universally agreed-upon definitions around AI to develop clear policy terms and conditions, as well as the uncertainties around regulations and potential legal liabilities, this challenge is significant.”

A glimmer of optimism

Pressure on AI systems and demand from businesses are likely to drive insurance innovation.

Peckman notes that in 2023, more than US$150bn was spent on AI tooling globally. “So we should anticipate that the insurance market will respond to this new growth opportunity,” he says.

Data from national and international crime agencies, such as the Federal Bureau of Investigation and Interpol, suggest that the rapid pace of digital transformation following the Covid-19 pandemic resulted in a significant surge of online cyber attacks.

“We are facing a similar challenge now,” asserts Peckman. “The concern is that these tools are being explored and experimented with outside of the purview of technology and security leadership with less privacy, security, or legal controls.”

The rush to deploy AI tools without the proper safeguards in place could “trigger significant downside to companies hoping to capture significant upside,” he says.

Peckman describes AI as “the next industrial revolution”.

He adds: “As the opportunities and risks associated with this new economic cycle begin to emerge, we should anticipate companies will look to harness insurance capital to safeguard their AI investments and markets.”

But whether this is a new line of insurance (similar to the crime protection products that started appearing on the back of the cyber revolution) or more affirmative wording in existing policies “is yet to be determined”, says Peckman.