In an article for Insurance Edge (UK), Daren Rudd, Head of Business, Technology, Innovation Consulting and Insurance at CGI in the UK, highlights the growing concern that cyberattacks could soon become uninsurable as threats grow in scale and sophistication.
He emphasizes the need for insurers to go beyond traditional risk coverage by helping clients build resilient ecosystems, adopt emerging technologies like AI, and strengthen cyber hygiene and incident response. These measures can significantly reduce exposure and preserve the insurability of cyber risks.
Read the full article:
Insurance is inherently an industry that thrives on reviewing past events, as well as looking forward; understanding patterns to ascertain current and future risk is paramount. As climate-related threats increasingly fall into the category of uninsurable risks, there is growing concern across the industry that cyberattacks may follow a similar path, especially as attacks become more sophisticated and AI continues to lower the barrier to entry.
Recent high-profile attacks have underscored the significant impact these threats can have on business operations. Consequently, pricing and underwriting these risks have become more complex.
Lloyd’s of London recently warned that a major cyber-attack on a global payments system, as an example, would cost the world economy $3.5 trillion, and claimed that the “global interconnectedness of cyber means it is too substantial a risk for one sector to face alone.”
To mitigate this risk, insurers must broaden the conversation beyond merely providing protection and advisory services on cybersecurity.
They need to educate clients on building a comprehensive, resilient ecosystem and encourage the adoption of emerging technologies, such as AI. By doing so, businesses can enhance their operational resilience, strengthen cyber hygiene practices and implement clear incident response protocols, effectively reducing risk to the greatest extent possible.
These strategies not only help manage underlying risk but also preserve the insurability of the digital landscape.
A robust framework built on upgraded infrastructure
When educating organizations, the industry must recognize that improving resilience and protecting against cyberattacks is not a one-time project, but a continuous commitment. It requires a comprehensive framework that integrates cybersecurity with IT, operations and governance in a cohesive and measurable way.
This type of framework combines secure cloud hosting, API-driven integrations and scalable IT service management (ITSM) solutions, while addressing the complexities of hybrid environments. It ensures that legacy systems, cloud platforms and third-party services all work together seamlessly to support critical operations.
It must also incorporate real-time threat feeds, vulnerability management and AI-powered triage, all designed to reduce response times and break down operational silos in the event of a cyberattack.
To remain effective, this framework must be adaptable, evolving to meet the specific needs of each business while incorporating emerging technologies as they arise.
AI is reshaping the cyber landscape
New technologies like AI are prime examples of how innovation can elevate cybersecurity practices. AI offers a powerful way to streamline, automate and continuously improve security measures. From delivering comprehensive, real-time analysis of threat surfaces to deciphering complex code and correlating vast data sets, AI enables faster, more effective response pathways and enhances operational resilience. Across the insurance sector, it is also being used to improve the efficiency and accuracy of claims processing and fraud detection.
However, it presents a double-edged sword for insurers, particularly in the context of insurance fraud. AI, for instance, can be used to generate convincing fake images that support fraudulent claims. Not only this, AI can be used to exploit critical vulnerabilities by threat actors. Emerging attack methods, such as code generation, deepfake technology and data scraping offer malicious actors new ways to bypass traditional security infrastructure.
As a result, it is crucial that businesses understand the full potential of these advancements, staying ahead of evolving threats and continuously strengthening their defenses by embedding new technologies across frameworks as they become available.
Establishing cybersecurity as an insurable risk
As cyber threats become increasingly sophisticated, insurers must evolve beyond serving solely as advisors and build proactive services that not only protect their clients but do so at the pace needed to keep up with emerging risk. By helping businesses develop resilient frameworks that foster effective cybersecurity practices that can evolve and adapt to the landscape, insurers can reduce the frequency and severity of cyber incidents and stop cybersecurity from becoming the next uninsurable risk.
This article originally appeared on August 19, 2025, in Insurance Edge, a UK-based magazine focusing on the latest insurance industry news within the global insurance markets, including insurtech, innovation, claims handling, and counter-fraud technology.
