AI-related risks for Asia insurers expected to grow, evolve

The insurance industry in Asia faces a series of evolving risks arising from the massive growth of AI.

Standalone AI liability insurance is coming to the fore as the industry works to determine how best to cover the risks associated with the technology's use. The insurance industry is also exploring the extent to which AI-related risks can be covered under existing products, such as errors and omissions liability insurance.

Axa XL is actively monitoring risks associated with AI, Sam Bye, head of cyber for Asia and the Middle East, said in an interview with S&P Global Market Intelligence. In 2024, the company launched cyber insurance coverage for businesses developing their own generative AI models.

Looking ahead, Bye said AI could become an "enabler" or a "multiplier" of cyber threats. Timelines for attacks will increase, and AI could be implemented into the attack chain, lowering barriers to entry to hacking, Bye said after conducting a session on post-breach steps at the Pan-Asia Risk and Insurance Management Association’s Manila Masterclass on May 21.

AI developer Anthropic PBCunveiled its latest large language model, Claude Mythos Preview, alongside the announcement of Project Glasswing, a restricted deployment of the model to 12 technology and finance partners — including Amazon Web Services Inc., Apple Inc., Cisco Systems Inc., CrowdStrike Holdings Inc., Google LLC, JPMorgan Chase & Co., Microsoft Corp., NVIDIA Corp. and Palo Alto Networks Inc. — and more than 40 critical-infrastructure organizations.

Anthropic’s claim that its Mythos model heralds a step-change in AI-driven cyber risk has focused attention on an ongoing threat: AI's growing ability to discover and exploit cybersecurity vulnerabilities at scale, S&P Global Ratings analyst Sudeep Kesh wrote in a report.

"Much of Mythos's capability may reside in its operational framework — the 'harness layer' — rather than the model itself," Kesh said. "This suggests replication barriers are lower than headlines imply and that sophisticated threat actors may already have access to comparable offensive tools."

Data centers

Another factor affecting the insurance landscape is the significant capital requirements of data centers.

Annual investment in data centers could surpass $300 billion by 2027, S&P Global Ratings wrote in a report. These projects involve a complex ecosystem of hyperscalers, developers and builders, utility providers, equity investors and increasingly, public and private lenders, each with their own insurance requirements. This presents a huge growth opportunity for the commercial and specialist (re)insurers that participate in these projects.

"We expect capacity constraints to limit the industry's ability to fully insure these hyperscale data center projects, as total insurable values reach $20 billion to $30 billion per location," said S&P Global Ratings credit analyst Charles-Marie Delpuech.

Steve Tunstall, general secretary of PARIMA, called for greater transparency in insurance regarding AI. In an interview on the sidelines of the conference, he said that if an insurer denies a claim related to AI, it must explain the decision to the customer.

Tunstall added that, at this point, he has not seen a "single insurance company... that's having a mature enough conversation around this."