“The impact of GenAI on the cyber landscape is likely to increase the frequency, severity, and diversity of smaller scale cyber attacks, which will grow over the next 12-24 months, followed by a plateauing as security and defensive technologies catch up to counterbalance their impacts,” predicts the report, “Generative AI: Transforming the Cyber Landscape.”
The report includes interesting analysis on the risk of catastrophic cyber attacks, a risk that drives so much of cyber insurance underwriting and policy concerns. Lloyd’s notes that cyber criminals — unlike state or terrorist attackers — have incentives to avoid catastrophic attacks, even when armed with AI: “Cyber campaigns tend to be designed with specific objectives and aim to maximise returns for the perpetrators, so most threat actors have a strong incentive to keep their actions concealed and their attacks contained. Catastrophes in cyber occur, for the most part, because the mechanisms put in place by the perpetrators to keep the campaign under control have failed.” [Cyber Insurance News: It’s interesting to note the parallels between this and the public health theory of actual viruses, which die out if they prove too deadly for their human hosts.]
“Transformation of Cyber Risk”
While AI may increase the chances of state-backed or terrorist cyber catastrophes, Lloyd’s focuses on the risk of “manageable cyber catastrophes” from non-state actors. The Lloyd’s graphic below outlines how AI will help cyber criminals
“(I)t is highly probable that the frequency of manageable cyber catastrophes will moderately
increase. The risk is very unlikely to sharply escalate without massive improvements in AI effectiveness, which current industry oversight and governance make improbable; this is an area where an increased focus from regulators may be helpful.”
Although the report calls for increase regulatory action, and provides useful details on how this might work, it also notes that AI capabilities have already escaped “into the wild:” “Hundreds of LLMs (Large Language Models/AI) now exist in the wild for a variety of tasks, many of which can be run locally on commodity hardware.”
We would have wanted more analysis of the positive impact of AI on the insurance industry and how it should and will be used for underwriting, risk control, etc, but we certainly recommend the report. Aside from its insights on cyber security, it also includes an usually lucid and practical explanation of basic AI trends, risks and regulatory issues.
Other News: Here’s the First Reported “Cyber Catastrophe Bond,” from Beazley (Opens in a new browser tab)