As cyber threats and financial crime risks become more complex, insurance stakeholders in Australia are being encouraged to revisit traditional models of cyber incident management.
Two new reports – one from loss adjusting firm Crawford & Company and another from risk consultancy Kroll – outline emerging challenges and call for more agile response strategies across the insurance and financial services sectors.
Kroll’s 2025 Financial Crime Report has revealed growing apprehension among financial and professional services leaders in Australia, according to Kroll’s 2025 Financial Crime Report. Of those surveyed, 64% believe financial crime risks will increase in 2025. Contributing factors include AI-enabled fraud, cyber vulnerabilities, shifting regulatory expectations, and global political instability.
More than half of respondents flagged the criminal use of artificial intelligence and ongoing cyberattacks as leading risk drivers. However, just 24% said AI tools had significantly improved their organisation’s ability to detect or prevent fraud. Despite widespread deployment of detection technologies, many firms acknowledged internal challenges in governance and oversight.
Only 16% of Australian respondents described their compliance programs as highly effective. Key limitations included inadequate investment in technology, cited by 72% of respondents, and weak internal controls.
In its report titled “The Adaptive Service Model – Plugging the Cyber Gap,” Crawford & Company highlighted the operational risks posed by outdated, static cyber response plans.
The firm suggested that as businesses increasingly take control of their cyber strategies, insurers must evolve their support models to remain relevant.
The report argued that a flexible, modular approach to cyber incident response – what it calls an “adaptive service model” – can bridge capability gaps and better align with how clients now approach digital risk. Under this model, services can be integrated on a case-by-case basis depending on the severity and specifics of an incident.
Crawford’s global head of cyber, Paul Handy, said the needs of the cyber insurance market have shifted away from a single-template response.
“The one-size-fits-all approach no longer meets the needs of today’s maturing cyber insurance market. An adaptive service model that dovetails with the cyber strategies of insureds and enables them to import the expertise and services they need, when they need them, will lead to better outcomes for insureds and insurers alike,” he said.
Crawford’s report also suggested that experienced loss adjusters can play a more active role in guiding the incident response process, including ensuring insurer involvement and policy alignment.
William Gow, international cyber technical director at Crawford, said the pace of technological change demands flexible solutions.
“With AI accelerating the speed at which the cyber threat landscape is evolving, plugging any gaps in cyber competency is a critical and ongoing part of any corporation’s cyber resilience,” he said.
