Alta Signa’s Technical Expert Spotlight Series focuses on emerging trends in the cyber market with insights from Mauro Marongiu, Technical Head Cyber, Alta Signa
The world of cyber is evolving; statistics reveal that the computing and human power put into developing artificial intelligence (AI) is increasing ten fold every six months. This pace of change is unprecedented; so much so that AI has become the most rapidly developing technology since the advent of the internet.
Even as little as eighteen months ago, deep fake videos and AI-generated images were unheard of; and yet now here we are, in a moment of history where such technologies are being used to scam, con, and manipulate people on a daily basis. We are living in an era where fake news has progressed into something tangible, visual. Who is to say that the next person you speak to on a video call is not a deep fake? How do you know they are not AI generated?
And this is the question we should all be asking ourselves. In a world where cyber criminals are always one step ahead of technology, we need to challenge what we see, what we hear, and what we read. Cyber security programmes and systems can only prevent so much; the main line of defence is what we can do ourselves, and for that people need training and awareness.
The power of facial recognition
As we have seen time and again, deep fake images are easy to be fooled by; and this is even more so in a working environment – especially when employees are facing deadlines or high workloads. But while there are companies trying to create technology that can determine if an image is real or AI-generated, developing such a tool is not straightforward; it is a complex process, and even when such a breakthrough does happen, we will always encourage companies to challenge everything they see. Whether on a video call, phone call, or corresponding with someone over email, challenge who you are talking to, double check they are who they say they are.
Unfortunately, people are not used to this mindset; they are not in the practice of questioning a request at work, especially when it comes from management. This is where insurers are encouraging companies to implement more checks in their processes – whether an employee is being asked to transfer money or join an online call, all tasks must require multi-factor authentication. The higher-stake the task, the higher the authentication process.
Regardless of the power of tools such as AI, the approach to mitigating attacks remains the same; it all comes down to training and awareness. Cyber attacks are designed to catch you out, they always have been, and they always will be. Whatever new tools come to market, whatever new technology is created, the techniques carried out by cyber criminals remain the same. Training, therefore, needs to focus on staff mindsets, regardless of the size of business. SMEs to global organisations are all susceptible to risks, and it is our job to make them aware of current and even future threats. From phishing emails to deep fakes, staff need to be alert at all times. They need to be empowered to question, to challenge anything they are asked to do.
Insuring the unknown
Insurance too must adapt to new forms of technology, and to do that we include exclusions, rearrange wordings, and explore new definitions, because also we cannot predict what the next level of an attack might look like; but we can hazard a guess.
Despite these uncertainties, it is interesting to note that there is no lack of capacity in the cyber market. European markets in particular are investing in cyber just as quickly as the technologies are changing. This picture is at the opposite end of the spectrum compared to two years ago, when the hard market made it very difficult to get capacity. Now in soft market conditions, carrier appetite has increased, and premium discounts are as low as 15 percent compared to last year alone.
But while premiums may have decreased, the risks are still there. As insurers, we are always looking ahead as to what the next threat could be, what risks a client might be susceptible to. Talk of future developments such as auto-generated malware, cloud server outage, or even physical power damage, is something to keep in mind. Considering our reliability on the internet, such threats are particularly important to take note of: While it is one of humanity's greatest inventions, the internet remains to be one of our biggest vulnerabilities.
A stark reminder of evolving risks
The threat posed by deepfake technology is a stark reminder of the evolving landscape of cyber risks. As AI continues to advance at an unprecedented pace, the ability of cybercriminals to exploit these tools becomes more sophisticated. This new era of digital deception requires a proactive and multifaceted approach from businesses and insurers alike.
Despite the uncertainties, the cyber insurance market is robust, with increasing investment and capacity, especially in Europe. However, the primary defence against these threats lies in awareness and training.
Businesses, regardless of size, must foster a culture of scepticism and vigilance. Employees need to be empowered to question and verify the authenticity of requests, especially those that involve sensitive information or financial transactions. Multi-factor authentication and rigorous verification processes should be standard practice.
To combat the deepfake threat effectively, it is crucial to stay informed about the latest developments in AI and cyber threats. Insurers and businesses must collaborate to create comprehensive training programs that keep employees up-to-date with the evolving landscape of digital risks.
Call to Action
For Insurers:
For Businesses:
Ultimately the message is to stay informed, stay vigilant, and ensure that every interaction is trustworthy. Thankfully, there have been very few large-scale events that have made a lasting impression on the sector, meaning the claims market remains stable. Of course, a systemic event would change this, but determining exactly what that would look like, and predicting what such damage could be, is almost impossible. So, for now our advice is clear: educate and train your staff and your clients, make them aware of what is out there in terms of risk, and above all, make sure to question everything, no matter who you think it is from.