While artificial intelligence (AI) is making business smarter and more efficient, it is also making cyber risks more complex.
Businesses purchasing cyber insurance have long been concerned about familiar threats such as ransomware attacks, phishing emails, data breaches, and network outages. While these risks remain, AI is changing how cybercriminals operate and the types of mistakes companies can make, forcing insurers to rethink what they cover and how they price it.
This comes as more companies are incorporating AI into their daily operations to optimize productivity, from customer service chatbots and software development to fraud detection and data analysis.
But this also opens the door to cybersecurity risks that didn’t exist a few years ago. Cybercriminals are increasingly using AI to automate the discovery of software vulnerabilities, generate convincing phishing emails, and create deepfake audio and video to trick employees into transferring money or divulging sensitive information.
At the same time, companies deploying AI systems are creating new forms of risk unrelated to hackers. For example, AI models can hallucinate inaccurate information, inherit bias from training data, leak sensitive information, or make mistakes that disrupt business operations.
At the same time, training datasets can be manipulated by injecting malicious or misleading data into an AI or machine learning model’s training dataset, which is technically known as data poisoning, producing unreliable or compromised output.
Because these failures often occur without attack by a malicious third party, many cyber insurance policies may not specifically cover the resulting losses.
As a result, insurance companies are facing a new generation of threats that are beyond the scope of traditional cyber insurance.
Cyber insurance has traditionally focused on attacks by external attackers who infiltrate corporate systems through stolen credentials, software vulnerabilities, and social engineering.
The policy was designed to protect businesses from financial losses resulting from ransomware, data theft, phishing attacks, and business interruption following a cyber incident.
Law firm Bowmans says this uncertainty is prompting insurers to change the way they evaluate customers. Rather than asking whether a company has antivirus software or firewalls in place, insurers are increasingly looking for evidence that an organization has appropriate AI governance structures, human oversight, process oversight, and controls over third-party AI vendors.
“Defensible AI governance policy and evidence of governance, once a niche consideration, is becoming a prerequisite for meaningful coverage and favorable pricing,” Bowmans said in a recent analysis.
The insurance industry is also leveraging AI to underwrite insurance more efficiently.
Rather than relying solely on annual surveys, insurance companies are analyzing companies’ digital footprints, internet-connected systems, and past cyber incidents in real time.
This means that risk assessments evolve continuously rather than once a year.
At the same time, insurers are beginning to redesign their products, with some adding coverage to explicitly cover AI-related incidents, such as fraudulent disclosures through AI systems, social engineering fraud, and failures involving third-party AI providers.
Some companies introduce exemptions when companies deploy AI without proper governance or when algorithmic decision-making results in losses.
Whole new insurance products are beginning to emerge that cover regulatory investigations related to AI governance failures, intellectual property disputes involving AI-generated content, and business interruption resulting from AI model failure or corruption of training data.
Although the market is still in its infancy, this signals a shift in cyber insurance from covering only network breaches to addressing a broader range of AI-driven business risks.
This trend is becoming increasingly important in Kenya as companies accelerate investments in cloud computing, digital platforms and AI.
Cyber threats are one of the fastest growing operational risks facing organizations. From January to March 2026, the Communications Authority of Kenya (CA) recorded over 3.3 billion cyber threat events.
The regulators said many of the attacks were caused by poorly patched software, low awareness of phishing and social engineering tactics, and the increasing use of AI and machine learning by malicious actors.
Attacks targeting operating systems, databases, and network infrastructure were the most common incidents, but malware, distributed denial of service attacks, and brute force attacks continued to pose significant threats.
Kenya’s insurance industry is responding to the growing demand for cyber protection, with companies such as APA Insurance, Aon Kenya, Britam and Zamara already offering specialized cyber insurance products.
“With the introduction of technology and AI, we see new risks emerging and we want to mitigate them. Hacking and ransom demands are a major threat,” said Ashok Shah, group chief executive officer of Apollo Investments, the parent company of APA Insurance. business daily In a recent interview.
“In this case, insurance is applied so the client does not have to pay the ransom, but at the same time the system is protected.”
Analysts say that as AI adoption increases, AI governance will become a key determining factor in whether and under what conditions companies can obtain insurance.
