Artificial intelligence is placing increased demand on insurers to guard against fraud and other forms of risk. Experts are urging an investment in AI literacy and other forms of training to limit exposure, rather than simply deploying more AI internally as the only safeguard.
Read more on the issue and other topics in this roundup of recent Digital Insurance coverage of AI.
AI threats demand shift from prevention to cyber resilience
AI-driven threats are forcing a fundamental reframe of cybersecurity strategy. The Information Security Forum argues that organizations must operate as though a breach is inevitable, building resilience rather than relying on prevention alone. The practical starting point: define the "minimum viable organization" by identifying critical processes and the data assets that support them before an attack occurs. From there, classify information assets by criticality, enforce least-privilege access, and patch known vulnerabilities immediately. Legacy systems that cannot be patched require compensating controls. Security leaders must also align with business priorities and cultivate enterprise-wide risk ownership at every staffing level.
Read more:
Human error, single points of failure drive AI cyber risk
AI has made ransomware faster and easier to execute, and large enterprises remain vulnerable despite well-funded defenses, primarily through human error at help desks and similar touchpoints, according to Ryan Kratz, head of cyber for North America at MSIG. Ransomware at large organizations now routinely triggers data-privacy litigation from third parties. Equally concerning: concentration risk among five to 10 major cloud, data-center and cybersecurity vendors creates catastrophic aggregation exposure across entire insurer portfolios. Enterprises are building redundancies and scrutinizing vendor dependencies, but Kratz warns that contingent business interruption from a single-point-of-failure provider remains the industry's most underappreciated systemic threat.
Read more:
Shift AI spend to change management, Capgemini tells P&C insurers
Only 10% of P&C insurers are successfully scaling AI, and the primary obstacle is organizational, not technological, according to Capgemini. Insurers allocate 72% of AI investment to technology and just 28% to change management — and nearly half of employees report no meaningful workflow change after 18 months. To close the gap, executives should redirect budget toward change management, redesign workflows and incentives (currently a priority for only 27% of insurers), and establish AI metrics, which 42% of insurers still do not track. Sixty percent of insurers remain in exploration or proof-of-concept stages.
Read more:
Iran launches Bitcoin ship insurance for Hormuz Strait transit
Iran has launched Hormuz Safe, a Bitcoin-backed insurance service for Iranian shipping companies transiting the Strait of Hormuz. Marine insurers and risk managers should treat the service as a sanctions exposure trigger: Foreign carriers or their partners using the platform risk violating U.S. sanctions on Iran. Bitcoin's price volatility further undermines its viability as a policy settlement currency. The scheme's ties to the Islamic Revolutionary Guard Corps — through Fars news agency and sanctioned businessman Babak Zanjani — compound counterparty risk.
Read more:
49% of cyberattack targets report AI-generated malware: QBE
With 67% of U.S. businesses hit by a cyber event in the past 12 months and only two-thirds of small to medium-sized businesses carrying cyber insurance, coverage gaps remain a critical exposure. QBE North America's survey found 29% of businesses faced an AI-assisted attack, with 49% of those reporting AI-generated malware and 51% citing AI-crafted phishing. Supply chain risk is compounding the threat — 58% of attacked organizations traced incidents to suppliers. Closing the insurance gap and stress-testing incident response plans are the clearest near-term priorities; 81% of respondents say they have a plan in place, but underinsurance among smaller firms leaves significant downside exposure.
Read more:
Tame evidence sprawl to speed cyber claims, cut disputes
Evidence sprawl — data fragmented across cloud platforms, SaaS apps, endpoints and third parties — is emerging as a material risk for cyber claims outcomes. Organizations unable to quickly produce defensible forensic evidence face delayed claims, coverage disputes and regulatory penalties; Morgan Stanley's $35 million penalty for untracked decommissioned servers illustrates the stakes. Notification windows are compressing to as little as 72 hours, and insurers increasingly demand proof packs documenting security controls, telemetry and remediation timelines. The practical response: eliminate data with no business or regulatory purpose, map all data locations including shadow IT, and build forensic-grade preservation workflows before an incident occurs — not during one.
Read more:
Outdated pricing tools put P&C profitability at risk
Inflation, rising claims severity and catastrophe losses are squeezing P&C margins, and legacy pricing tools are making it worse. Many carriers still rely on spreadsheets and disconnected workflows, leaving them unable to respond quickly to market shifts or regulatory demands. Dedicated pricing engines address this by centralizing rating logic, automating governance and integrating external data for more granular risk segmentation. Carriers that modernize can accelerate product launches, sharpen risk selection and build the audit trails regulators increasingly require. Those that don't risk ceding ground to more agile competitors, particularly in commoditized personal lines where pricing speed and precision are decisive.
Read more:
Trust engineering emerges as AI governance imperative in 2026
As AI moves from decision-support tool to autonomous agent across underwriting, pricing and claims, insurers face a concrete governance challenge: Can they explain, audit and control the decisions their systems make? The EU AI Act classifies risk assessment and pricing AI in life and health insurance as high-risk, and EIOPA has set explicit standards for data quality, explainability and human oversight. Fragmented core systems and siloed customer data compound compliance exposure. Executives prioritizing 2026 planning should focus on five operational pillars — data lineage, explainability, auditability, defined human-oversight thresholds and adaptable governance architecture — treating them as infrastructure, not afterthoughts.
Read more:
This roundup was created with AI assistance. A Digital Insurance editor reviewed each item before publication.
