EY/IIF Survey Finds Insurance CROs Flag Cybersecurity as Top Risk While AI Spending Soars
Companies Mentioned
Why It Matters
The survey’s findings signal a pivotal re‑orientation of risk priorities within the insurance sector. By placing cybersecurity at the top of the agenda, insurers acknowledge the escalating cost and frequency of cyber incidents, which have already driven billions in claims and reputational damage. Simultaneously, the surge in AI and data investments reflects a belief that advanced analytics can both detect threats earlier and streamline underwriting, pricing and claims processes. Together, these trends suggest that insurers will allocate capital toward technology that promises both defensive and revenue‑enhancing benefits, reshaping competitive dynamics and potentially widening the gap between digitally mature firms and legacy players. For regulators, the convergence of cyber risk and AI governance raises new supervisory challenges. As insurers embed AI into core risk functions, oversight bodies will need to develop standards for model transparency, bias mitigation and data quality. The survey’s emphasis on integrated risk frameworks may also influence industry best practices, prompting a wave of cross‑functional risk committees and shared‑service models that could become the new norm.
Key Takeaways
- •Over 50% of insurance CROs rank cybersecurity as the top risk for the next 12 months.
- •A significant share also list third‑party and vendor cyber risk among their top five concerns.
- •Most insurers plan to cut manual risk‑function roles while boosting AI, analytics and data‑platform spending.
- •Hybrid risk‑data‑AI roles are expected to grow, reshaping risk‑team composition.
- •EY/IIF warns that integrated governance, continuous monitoring and scenario testing are essential to manage rising complexity.
Pulse Analysis
The EY/IIF survey underscores a dual‑track strategy that insurers are adopting: hardening cyber defenses while leveraging AI to gain a competitive edge. Historically, insurers have been cautious adopters of technology, often lagging behind fintech peers. The current wave of AI investment marks a departure from incremental digitization toward a more aggressive, data‑centric model. This shift is likely driven by two forces: the need to detect and mitigate cyber threats faster, and the pursuit of efficiency gains in underwriting and claims processing.
From a market perspective, firms that can successfully integrate AI into risk analytics stand to improve loss ratios and pricing accuracy, creating a defensible moat. However, the rapid adoption of AI also introduces model risk, especially in jurisdictions where regulatory guidance on AI is still evolving. Insurers that proactively embed AI governance—clear accountability, automated testing, and transparent model documentation—will not only satisfy regulators but also reduce the likelihood of costly model failures.
Looking forward, the next 12 to 24 months will likely see a consolidation of risk‑function technology stacks, with cloud‑based data lakes and AI platforms becoming standard. Companies that invest early in talent pipelines—data scientists, AI ethicists and cyber risk analysts—will be better positioned to translate technology spend into tangible risk reduction. Conversely, firms that underinvest in governance may face heightened scrutiny and potential penalties, eroding the financial benefits of AI. The industry’s trajectory suggests that the CRO’s role will continue to expand, becoming a bridge between board‑level strategy and frontline technology execution.
EY/IIF Survey Finds Insurance CROs Flag Cybersecurity as Top Risk While AI Spending Soars
Comments
Want to join the conversation?
Loading comments...