Quardia/shutterstock.com_1938746143
20 January 2025Re/insurance

AI will rapidly scale up cyber-attacks: CyberCube

The technology will benefit cyber attackers more than defenders in the short term. 

Artificial Intelligence will enable threat actors to rapidly scale up cyber-attacks, according to a new report from cyber security insurtech Cyber Cube.

Cyber Cube, which has operations in Bermuda, said in its 2025 Predictions Report that AI agents would be able to increase the size of attacks with “unprecedented speed and efficiency”.

The report also said that cyber underwriting will become “more science and less art” as improved underwriting data comes to the fore. 

But the major threat in 2025 appears to come from threat actors using AI, the report said. 

“In the past two years, we witnessed how threat actors leveraged AI to enhance phishing campaigns and financial fraud schemes, marking only the beginning of a new era in cybercrime,” said Ashwin Kashyap, co-founder and chief product officer. “Looking ahead, a more advanced and concerning development is emerging: AI agents that operate autonomously to scale cyber-attacks with unprecedented speed and efficiency.”

“While AI has obvious applications in defensive cybersecurity, we believe that in the near term, threat actors will be the primary beneficiaries of these technologies.”

Kashyap said the AI agents are capable of executing a wide range of tasks, from reconnaissance and target identification to exploiting discovery and malware deployment, without the need for constant human intervention. 

“Trained on data from previous successful and failed campaigns, these agents can adapt and evolve their strategies, dramatically lowering the cost and complexity of launching widespread attacks,” he said. “This autonomy presents a significant challenge for organisations, enabling threat actors to rapidly scale attacks and target large numbers of businesses and individuals with minimal effort.”

While AI can also improve cyber defences, Kashyap said the attackers were likely to have the edge in the near term. 

“AI’s ability to automate and optimise cybercrime activities will allow even smaller, less sophisticated groups to execute highly effective campaigns,” he warned. “As a result, organisations will face heightened risks and increased pressure on their security protocols.

“This shift in the cyber threat landscape will have profound implications for the cyber insurance market, which relies on models that assess the likelihood of large-scale cyber events. 

“With AI-driven attacks now able to scale rapidly, the probabilities of such events need to be looked at through a fresh lens, which could lead to more stringent coverage terms. 

“We anticipate that the frequency of cyber incidents will rise in the near term due to AI innovation, aligning with our broader outlook for 2024 and beyond.”

The report said increased and improved underwriting data means cyber underwriting will become more science and less art.

Pascal Millaire (pictured), CEO, said: “For a risk as complex, dynamic, and multi-faceted as cyber, underwriting will always be a mix of art and science. As underwriters upskill their capabilities, the industry is increasing the state of that art; and as technology providers improve underwriting data, they will be supported with increasingly compelling science.”

“In 2025, reinsurers will start to have access to more detailed, data-driven analytics to compare the relative risk profiles of prospective cedent portfolios,” Millaire said. “This will tilt treaty underwriting discussions somewhat away from the softer, qualitative factors that inform a carrier’s underwriting process to harder quantitative metrics on underlying risk quality relative to other cedents.”

The report also said that cross-sector partnerships will accelerate the business impact of cyber risk management decisions and generate much-needed efficiency. 

“Delivering financially-quantified risk analytics to the organisations that need them requires partnership across the public and private sectors,” said Rebecca Bole, head of strategic engagement. “In 2025, leaders in strategic enterprise risk management, tech infrastructure, and government will seek to develop pathways to obtain timely, data-driven insights.”

Cyber Cube said cyber risks are increasing at a faster rate than security expenditure. Cyber-crime is predicted to increase by 66% between 2024 and 2029, while cybersecurity spend is slated to grow by just 45% in the same period.

“It is increasingly important to demonstrate the financial ROI of cyber risk management to enterprise leaders,” Cyber Cube said. “Such partnerships with global leaders in risk management will bring cyber risk quantification into the boardrooms of organisations and assist government policymakers around the world — ensuring the development of strong risk management programs within enterprises and building resilience across society.”

Other predictions include how brokers will be crucial to unlocking growth in the cyber insurance market, particularly for small and medium-sized businesses that are still underinsured. To better manage growing accumulations of risk, cyber insurers will focus on improving data collection and enhancing their ability to model and mitigate potential exposure. 

“Just as the insurance industry has been instrumental in driving safety improvements against damage caused by natural catastrophes, cyber insurance will meaningfully impact cybersecurity posture,” the report said.

Did you get value from this story? Sign up to our free daily newsletters and get stories like this sent straight to your inbox.