AI could amplify cyberattacks, report warns

Could the next generation of cyberattacks be too smart to stop?

AI could amplify cyberattacks, report warns

Reinsurance

By Jonalyn Cueto

A new report from Guy Carpenter and CyberCube has warned that while generative artificial intelligence (Gen AI) could revolutionize industries by enhancing business efficiencies, it may also open doors for malicious actors, creating new systemic risks.

The report, “Outlook on AI-Driven Systemic Risks and Opportunities,” examines how AI could transform both offensive and defensive capabilities in cybersecurity. Of particular concern is AI’s potential to create more sophisticated polymorphic malware that can continuously evolve to evade detection, potentially leading to longer-lasting and more damaging attacks.

“AI enhancements to attack vectors will increase the efficacy and efficiency of attacks in the pre-intrusion phases of the cyber kill chain,” the report stated. “Threat actors will be able to attack a larger number of targets in a more cost-efficient manner, with an expected increase in success rate.”

The study analyzed how historical cyber incidents like the Ryuk ransomware attacks and the 2017 Equifax data breach might have been even more devastating if enhanced by AI capabilities. For instance, AI could have helped the Equifax attackers identify valuable data more quickly and disguise their extraction activities, potentially leading to even greater data loss, the report noted.

The double-edged sword of AI

However, the report isn’t entirely pessimistic. It noted that defenders typically have significant advantages over attackers, including better access to data for training AI models and greater resources for developing defensive tools. Larger, well-resourced organizations that effectively deploy AI defensive measures may actually see reduced cyber risk exposure.

The research suggests a potential “divide” emerging between organizations that can effectively leverage AI for defense and those that cannot.

“The most likely outcome is that larger, more resourced or more prepared firms have a better chance at reducing their exposure to cyber risk by deploying AI in defensive mechanisms, while smaller, less-resourced or less-prepared firms will likely have increased exposure,” the report said.

Looking ahead, the insurance industry faces new challenges in quantifying and managing AI-related risks. The report identified four key areas of concern:

  • AI as a software supply-chain threat
  • AI presenting new attack surfaces
  • AI-related data privacy threats
  • Risks associated with AI in security roles

The report emphasized the importance of developing new analytical frameworks to assess these emerging risks: “As AI technology becomes increasingly integrated into our lives, the (re)insurance industry has a unique opportunity to assist policyholders preparing for potential threats arising from AI.”

What are your thoughts on the impact of AI on the insurance industry? Share your thoughts in the comments below.

Keep up with the latest news and events

Join our mailing list, it’s free!