Implications for Cyber Catastrophe Events

Implications for Cyber Catastrophe Events

Leveraging the cyber kill chain model, the report underscores the urgency for insurers to adapt to AI-driven threats, balancing innovation with robust risk mitigation strategies.

Generative artificial intelligence is considered one of the most important technological breakthroughs of the last few decades. Munich Re Group sees great opportunities for insurers – if they explore the possibilities of the new technology and understand its risks.

There are many ways organizations could revolutionize their respective industries by applying Gen AI to routine business functions. For example, in insurance, Gen AI can assist underwriters evaluating risks by analyzing vast amounts of data, including historical claims, customer information and internal/external cybersecurity factors.

By summarizing risk profiles, Gen AI can help underwriters develop the appropriate coverages and make more informed decisions quickly. However, artificial intelligence technology in insurance also presents new cybersecurity risks.

While Gen AI can be used to improve operational efficiency, it also opens doors for malicious actors to exploit its capabilities for cyberattacks.

AI deployment can lead to cyber aggregation risk

4 new dynamics by which AI deployment can lead to cyber aggregation risk:

  1. AI as a software supply-chain threat. Organizations that deploy AI may seek third-party solutions such as ChatGPT, in which the compromise of the vendor model can become a single point of failure for all customers using the model.
  2. AI presents a new attack surface. Once AI is deployed, users can interact with the model. Whether it is a chatbot, a claims processing tool or a customized image analysis model, the model receives input and sends outputs. This process is subject to malicious and sometimes accidental manipulation.
  3. AI presents a data privacy threat. A model is only as good as the data on which it is trained. To train these models, they must be given access to relevant datasets–often large, sensitive datasets. A compromise to the centralized storage for these datasets can have dramatic downstream effects.
  4. AI in security roles. One of the highly touted use cases for AI is in cyber security operations, the type of procedures that require high-level privileges, such as those present in CrowdStrike’s recent faulty software update. With such critical response decisions given to AI, the potential for errors or misconfigurations may increase, resulting in additional risks.

While that paper explores these risks from a conceptual, forward-looking perspective, this paper serves as a complement, focusing on the evolving technical and analytical aspects of AI impacts.

Recognizing the potential exposure accumulation risk arising from AI, it is important for the (re)insurance industry to look ahead and forge an analytical pathway to measure the risk, while embracing the positive side of AI (see how Artificial Intelligence Promises to Revolutionize P&C Insurance Industry). Partnering with leading cyber risk modeling vendor CyberCube, our study discusses a framework for systemic risk quantification, then investigates 2 counterfactual examples as blueprints for an AI-empowered cyber attack.

Implications for Cyber Catastrophe Events

AI technologies are expected to significantly impact cyber catastrophe events. This analysis uses the kill chain model to align areas of AI research with components of CyberCube’s catastrophe models.

Initial findings highlight AI’s potential role in various stages of the kill chain. This discussion focuses on areas with proven proof of concept to emphasize relevance.

Frequency and Footprint Impacts

The frequency and scope of cyber events are influenced at both pre-intrusion and post-intrusion stages of the kill chain. Research shows AI’s ability to enhance threat actors’ speed and capabilities, increasing the likelihood of large-scale attacks.

Large language models (LLMs) enable higher-quality, scalable social engineering, including phishing and deep fakes. They also allow quicker vulnerability identification, potentially expanding the initial attack footprint.

These capabilities could accelerate attack escalation, raising global cyber event frequency through smaller incidents reaching material thresholds. Existing material events may also impact more companies due to AI-driven expansion of attack footprints.

Recorded Future reports demonstrate LLMs improving efficiency in reconnaissance, weaponization, and delivery stages of attacks. Additionally, adversaries manipulate LLMs through prompt injection to execute post-intrusion activities, exposing companies deploying customer-facing LLMs to insider threats.

While AI’s rapid development mirrors trends like Moore’s Law, it may face physical and technological limitations over time. These constraints could result in periods of slower innovation, reducing both offensive and defensive advancements.

Such periods may bring temporary stability to the cyber threat landscape as both sides reach temporary equilibrium.

This evolving dynamic underscores the need for continuous investment in defensive strategies, particularly for smaller organizations. As AI technologies mature, the cyber risk landscape will likely reflect a balance of heightened threats and enhanced mitigation capabilities.

A significant application of AI in cyberattacks involves polymorphic malware—malware that evolves throughout the attack lifecycle to evade pattern recognition or heuristic defenses.

Research since 2019 has showcased polymorphic malware concepts capable of rewriting themselves to avoid heuristic-based anti-malware tools. LLMs enhance this process, enabling malicious operations at scale. Threat actors can automate malware mutations to:

  • Prolong their presence in systems, increasing potential damage.
  • Evolve frequently enough to bypass signature-based detection.
  • Streamline learning, command, and control (C2) operations, accelerating propagation within and across networks.

These advancements improve current mutation algorithms, making them more dynamic. LLMs at the core of these processes adapt similarly to defensive systems, maintaining an advantage in the arms race of cyber offense and defense.

FAQ

How is AI reshaping the cyber risk landscape for insurers and businesses?

AI is significantly amplifying both the opportunities and threats in cybersecurity. While it helps insurers and underwriters automate risk evaluation and improve efficiency, it also introduces complex threats like polymorphic malware, AI-driven phishing, and expanded attack surfaces. Insurers must now factor AI-related exposures into their risk models to accurately assess systemic vulnerabilities and catastrophe potential.

What are the key AI-related cyber aggregation risks identified in the report?

The report outlines four primary AI-driven aggregation risks:
AI as a supply-chain threat: Third-party AI tools (e.g., ChatGPT) could serve as single points of failure.
New attack surfaces: Interactive AI tools are vulnerable to prompt injection and manipulation.
Data privacy risks: Training models on sensitive datasets introduces downstream privacy exposure.
AI in security operations: Errors or exploits in AI-controlled security processes can cause large-scale disruptions, as seen with recent high-profile software failures.

How does AI influence the frequency and severity of cyber events?

AI accelerates attack development across the cyber kill chain. Large Language Models (LLMs) enhance social engineering (phishing, deepfakes), accelerate vulnerability discovery, and streamline malware mutation. This increases the frequency of impactful cyber incidents and broadens their footprint, particularly for events that evolve rapidly from small to catastrophic scale.

How does the cyber kill chain model help in analyzing AI’s role in cyberattacks?

The kill chain model helps map AI’s influence across different stages of an attack:
Reconnaissance: AI improves target profiling and scanning.
Weaponization & Delivery: Faster development and deployment of payloads.
Exploitation & Installation: Enhanced precision in exploiting systems.
Command & Control: Polymorphic malware leverages AI to evolve and stay undetected.
This structured analysis allows insurers and risk modelers to better anticipate AI-augmented threats.

What is the insurance industry doing to adapt to AI-driven cyber risks?

Leading insurers and reinsurers are collaborating with cyber risk modeling firms like CyberCube to quantify systemic risks tied to AI. This includes building counterfactual scenarios to simulate AI-powered attacks. The goal is to inform underwriting, refine catastrophe models, and support risk-based pricing. Despite rising AI-enabled threats, insurers remain focused on leveraging AI responsibly while updating coverage frameworks and loss forecasting tools.