RANCHO MIRAGE, California – Intelligent automation and machine learning technologies can help businesses and their captive insurers address cyberattacks in microseconds, experts say.

Businesses should harness these advanced technologies to bridge the gap between the rapid rate of attacks and their cybersecurity response time, attendees at the Captive Insurance Companies Association 2023 International Conference heard last week.

Information technology organizations use “bows and arrows” to respond to bad actors that are deploying high-speed attacks, said Michael Steep, Stanford, California-based founder and executive director of the disruptive technology program at Stanford University and president of consultancy Transform Innovation Ventures.

“The problem is the technology to fight (attacks) is super slow, and in some cases obsolete. That is the reason why cyber insurance is now experiencing this big financial crisis,” Mr. Steep said during a panel session at CICA.

“We cannot figure out what the risk factor is in a fast enough time to be able to address these concerns,” he said.

In addition, hackers backed by nation-states are manipulating information via artificial intelligence technologies, leading to greater high-speed attack vulnerabilities.

“We must rethink how to enable sub-second response against data breaches,” Mr. Steep said.

The problem is there’s been a disconnect, said Stephen Cardot, CEO of CloudCover, a Minneapolis-based cybersecurity company.

While the insurance sector traditionally looks back at historical loss scenarios and loss ratios, businesses are starting to think about cybersecurity strategies that anticipate cyber threats, he said.

“People can get all spooked out, but AI, quite frankly, is a useful tool when it’s applied correctly. I don’t refer to AI as artificial; it’s actually augmented, or autonomous, or automated intelligence,” Mr. Cardot said during the panel discussion.

AI-generated technology and machine learning are “a game-changer” because they can help insurers and other businesses predict cyber threats before they occur and address them in real-time, he said.

The total cyber insurance market was estimated at roughly $10 billion in premium in 2022, but is expected to grow to up to $25 billion by 2025, said Nick Pearson, Tampa, Florida-based vice president of BMS Group Ltd.

“It’s been a very hard market and that means pricing is going up, up, up,” Mr. Pearson said during the panel session.

In 2021, prices increased by up to 400%, but since then cyber rates have “leveled off,” with some books seeing increases more in the 10% to 50% range, he said. Underwriting discipline and security protocols have improved, while losses have increased, he said.

Increasing use of AI, including chatbots such as ChatGPT, raises risk concerns, but it also presents opportunities to improve risk management, Mark Field, director, risk and insurance operations team, office of the general counsel, at Sutter Health, a Sacramento, California-based health care system, said during another panel session at the CICA conference.

“Risk management and insurance decisions or events are driven by data,” Mr. Field said.

“Think of yourself as a primary care physician and your patients are your insurance claims information, underwriting information, exposure information. Wouldn’t it be nice if you could have assistance to pull data information from large datasets to make better decisions?” he said.

There's a trend toward AI improving decision-making by risk managers and insurers, he said.