Get your free personalized podcast brief
We scan new podcasts and send you the top 5 insights daily.
For emerging risks like cyber, the primary barrier to full insurance coverage isn't just a lack of historical data, but the inability to model the absolute worst-case scenario. This fundamental uncertainty forces insurers to reduce their exposure by offering smaller, capped limits, as the potential for a systemic, catastrophic event remains unquantifiable.
Related Insights
The reinsurance giant creates virtual replicas of client assets, down to a specific address (lat-long). These digital twins are then stress-tested against various scenarios like hurricanes or heat waves, allowing for highly granular and predictive risk quantification for individual properties or entire portfolios.
Unlike natural catastrophes, the ultimate financial impact of a systemic cyber event is poorly understood. This "unknown worst-case scenario" forces insurers to mitigate their own risk by capping exposure and offering smaller coverage limits for cyber incidents.
Existing policies like cyber insurance don't explicitly mention AI, making coverage for AI-related harms unclear. This ambiguity means insurers carry unpriced risk, while companies lack certainty. This situation will likely force the creation of dedicated AI insurance products, much as cyber insurance emerged in the 2000s.
Insurers lack the historical loss data required to price novel AI risks. The solution is to use red teaming and systematic evaluations to create a large pool of "synthetic data" on how an AI product behaves and fails. This data on failure frequency and severity can be directly plugged into traditional actuarial models.
Drawing from the nuclear energy insurance model, the private market cannot effectively insure against massive AI tail risks. A better model involves the government capping liability (e.g., above $15B), creating a backstop that allows a private insurance market to flourish and provide crucial governance for more common risks.
Insurers like AIG are seeking to exclude liabilities from AI use, such as deepfake scams or chatbot errors, from standard corporate policies. This forces businesses to either purchase expensive, capped add-ons or assume a significant new category of uninsurable risk.
Without clear government standards for AI safety, there is no "safe harbor" from lawsuits. This makes it likely courts will apply strict liability, where a company is at fault even if not negligent. This legal uncertainty makes risk unquantifiable for insurers, forcing them to exit the market.
Insurers can price a single large loss. What they cannot price is a single AI model, deployed by thousands of customers, having a flaw that leads to thousands of simultaneous claims. This "systemic, correlated" risk could bankrupt an insurer.
In emerging markets, where 'six sigma' events happen frequently, statistical risk models like Value at Risk are ineffective. A more robust approach is scenario analysis, stress-testing portfolios against specific historical crises like 1998 or 2008 to understand true vulnerabilities.
Unlike software engineering with abundant public code, cybersecurity suffers from a critical lack of public data. Companies don't share breach logs, creating a massive bottleneck for training and evaluating defensive AI models. This data scarcity makes it difficult to benchmark performance and close the reliability gap for full automation.
