Cyber insurance gap amid rising AI threats – Aon

Aon has published a new report on the state of cyber risks for businesses in Europe, Middle East and Africa (EMEA), claiming that a protection gap has arisen just as firms want to engage with artificial intelligence (AI).

The broker released its “2024 Intangible versus Tangible Risks Comparison Report EMEA Edition”. 

The paper suggests firms should reassess cyber insurance and intellectual property (IP) protection strategies in the light of evolving threats from generative artificial intelligence (Gen AI), and increasing exposure to losses of IP and intangible assets.

Key findings included:

• The likelihood of a loss is higher for intangible assets than for tangible assets.
• The average probable maximum loss for intangible assets is almost 43% higher than of tangible assets.
• Insurance is in place to cover only 17% of information assets compared to 60% for property, plant, and equipment (PP&E).
• Some 54% of businesses had a material or significantly disruptive security threat or data breach one or more times in the past 24 months.
• And 69% of businesses use or plan to use AI products or services.

The new report drew insights from 596 respondents in EMEA, with the responses underscoring a key discrepancy in insurance coverage.

While 60% of PP&E is insured, only 17% of information assets have similar protection, Aon reported.

This gap has remained unchanged over the past two years, despite the increasing value of intangible assets and the growing frequency of substantial cyber breaches, the paper suggested.

Aon’s survey also showed that the expected loss from a cyber event targeting intangible assets is 43% higher than for tangible assets.

Furthermore, the likelihood of a significant cyber event involving intangible assets is three times greater than for PP&E. Despite these findings, many businesses still lack adequate coverage for trade secret theft and intellectual property liability – potentially exposing them to heightened financial risks.

With 69% of businesses in EMEA using or intending to integrate AI products or services, the potential for cyber incidents and regulatory compliance issues, is considerable.

New regulations like the European Union’s AI Act could add further complexity by inadvertently prompting more litigation from copyright holders.

Additionally, the rising threat from Gen AI is expected to increase the amount and heighten the impact of cyber-attacks over the next two years, Aon said.

Gen AI may enhance the existing tactics, techniques, and procedures (TTPs) of cyber criminals, as well as make it easier for novice cyber criminals to carry out effective attacks, contributing to an increased global ransomware threat.

Moreover, Aon noted that only 36% of respondents reported that their cyber insurance policies cover ransomware costs, leaving many businesses vulnerable to financial losses stemming from cyber incidents.

“Cyber insurance has rapidly evolved to address more effectively the key loss drivers associated with cyber events. It offers more favourable coverage and premium pricing for businesses that demonstrate strong cybersecurity practices,” said David Molony, head of cyber solutions EMEA at Aon.

“However, the increasing value of intangible assets, alongside the rise of generative AI, represents a paradigm shift in cyber risk, while the EU’s new AI Act is only likely to introduce more regulatory complexity. Businesses must prepare for these evolving risks and potential liabilities,” he said.

“The recent global IT outage served as a powerful reminder of the dynamic nature of cyber and technology risks and emphasised the importance of robust business continuity and incident response protocols. It also reiterated the need for a comprehensive cyber insurance policy to mitigate these risks,” Molony continued.

“This evolving landscape presents major opportunities for global businesses to rethink their risk strategies, whether through conventional risk transfer mechanisms or by leveraging capabilities in alternative capital arrangements, such as captives and reinsurance markets,” he added.