Brian Raab
Vice President, Business Insurance
Artificial intelligence is driving innovation – but it’s also being weaponized for cybercrime. As attacks like phishing, spoofing and malware become faster, more scalable and more convincing, businesses of all sizes need to reassess whether their insurance coverage is built to keep up.
According to the World Economic Forum’s 2025 Global Cybersecurity Outlook, 71% of cyber leaders believe that small organizations have already reached a critical tipping point where they can no longer adequately secure themselves against the growing complexity of cyber risks.
From deepfake video impersonations to adaptive malware, AI enables a level of speed and sophistication that overwhelms traditional defenses.
The good news? Businesses don’t have to navigate this alone. With the right mix of layered security, employee training and comprehensive insurance coverage, companies can stay protected even as AI security risks evolve.
The Rise of AI-Driven Threats: From Novel to Normal
AI has dramatically accelerated the speed and scope of cyberattacks. Today’s attackers are using AI to automate the process of scanning for vulnerabilities, launching phishing campaigns and writing malware that evolves on the fly to evade detection.
According to the FBI’s Internet Crime Report for 2023, cybercrime complaints reached 880,418 during the year with reported losses exceeding $12.5 billion – a 21% year-over-year increase.
Even companies with well-established security programs are finding it harder to keep pace. AI security risks evolve constantly, creating a moving target for security teams and increasing the likelihood of undetected breaches.
For small and mid-sized businesses that don’t have dedicated security teams, staying ahead means reassessing not just technical defenses but ensuring they have the right insurance coverage in place to absorb and recover from the unexpected.
Deception by Design: Updating Coverage for AI-Savvy Scams
AI’s ability to replicate human communication has supercharged the effectiveness of social engineering. Large language models can analyze how an executive writes emails and recreate that style in seconds.
In early 2024, the FBI issued a warning about a surge in AI-generated scams, including fake video meetings and impersonated voice calls. These tools are being used to trick employees into wiring money, sharing credentials or approving unauthorized access.
What makes these attacks so dangerous is how seamless and believable they are. A fake voice or video can deceive senior leaders, vendors and clients. In fast-paced work environments, where decisions are made quickly and often remotely, AI-generated deception slips through the cracks before anyone thinks to question it.
As these AI cyber threats grow more targeted and convincing, it’s critical to understand how they show up in the workplace and what protections can help mitigate the fallout:
- Business email compromise (BEC): AI-generated emails that mimic an executive’s writing style are tricking employees into transferring funds or sharing sensitive data. The FBI found these attacks alone accounted for $2.9 billion in losses in 2023. Look for BEC-specific coverage and incident response support to investigate and recover from these events.
- Deepfake voice and video impersonation: Fraudulent meeting requests or phone calls can lead to unauthorized approvals or leaked credentials. Security and privacy liability coverage, along with employee training on verification protocols, can help reduce risk.
- Fake QR codes and malicious links: Embedded in emails, flyers or social posts, these codes can trigger malware when scanned, often without detection. Network interruption and data restoration coverage can help mitigate operational downtime and file loss.
- Ransomware and extortion: Deepfake threats or impersonation can be used to demand payment or gain leverage. Cyber extortion coverage can provide access to negotiators, consultants and payment reimbursement.
From Insurance Add-On to Cyber Essential: Evolving Risk Strategies
Five or six years ago, cyber insurance was often treated as an optional add-on and often tucked into a broader commercial policy. Today, it’s a must-have. The threat landscape has grown too complex and the potential fallout from an attack is too severe to go unprotected.
Additionally, the 2025 Global Cybersecurity Outlook found 63% of organizations cite the complexity and constant evolution of the threat landscape as their greatest challenge to improving resilience. This places unprecedented pressure on IT teams, executive leadership and brokers alike to reassess what “prepared” really means in the face of these emerging threats.
AI has changed the way cyber threats appear, behave and spread, but cyber resilience isn’t about eliminating all AI cyber risks. For business owners, this is a pivotal moment to reassess how their organizations detect, respond to and recover from digital attacks.
Marsh McLennan Agency has an extensive line of cyber insurance solutions and protection plans for businesses of every size and industry. To learn more, please reach out to one of our cyber experts today.
