Generative AI is intensifying cyber risk to companies

A few weeks back, Lloyd’s of London released its Q2 Market Message, with an overview of current conditions in which, unsurprisingly, Middle East exposure featured heavily. However, it also contained a stark warning about how AI and its rapid evolution is intensifying cyber risks, whilst increasing uncertainty around insurance coverage exposure. 

Automated phishing, deepfake-enabled fraud and highly targeted intrusion campaigns are becoming more prevalent, increasing both the frequency of incidents and the likelihood of high-profile breaches. Rapidly advancing AI technologies, particularly generative AI, are enabling cyber attackers to operate with ever greater speed, scale and sophistication.

The evolving risk landscape is also making cyber events harder to predict and explain. AI-driven threats can blur the lines between system failure, human error and malicious activity, and the report highlighted the consequential uncertainty for insurance coverage. As policy language struggles to keep pace with AI-driven risks, organisations may face unclear or disputed claims outcomes. This introduces additional complexity, as companies must manage expectations among investors, regulators and customers regarding financial exposure and recovery.

The lack of clarity around coverage also heightens scrutiny following an incident. Stakeholders increasingly expect transparency about what happens and how losses will be mitigated, but how organisations communicate this is becoming more complex, potentially undermining stakeholder confidence.

Companies must proactively adapt to this evolving cyber risk landscape – and understand that AI adoption by a much wider spectrum of threat actors has decisively changed the risks they will face over the next 12-24 months. From a communications standpoint, companies should check if and how their insurance covers them – and if their policy covers specialist crisis communications support in the event of a cyber-attack. They should also review and update their cyber-attack communications protocols to take account of the new and novel risks posed by genAI. 

Importantly, awareness of these risks must be enhanced beyond the boardroom and specialist teams (e.g. risk and compliance, legal, communications) - every person within an organisation should understand the elevated threat level and their own role in minimising that risk.

As AI accelerates the scale and visibility of cyber incidents, integrating communications strategy with broader risk and insurance planning will be critical for maintaining trust and credibility, and ensuring effective crisis preparedness in an increasingly complex digital environment.