Artificial intelligence is not like other risks the insurance industry has faced, and current frameworks for identifying, preparing for and responding to emerging threats may already be inadequate. That warning emerged from conversations with four senior industry figures at AIRMIC 2026 in Birmingham, who all pointed to AI's unique ability to reshape an organisation's risk profile, business model and security environment simultaneously while the technology keeps evolving.
A risk that reshapes everything around it
Nina Arquint, CEO of UK Corporate Solutions at Swiss Re, described AI as a risk that constantly changes the rules. "AI constantly changes the risk profile of a business," she said. "It can even change entire business models. Because it often operates in an open-ended environment, the whole way you deal with operational risk or cyber security controls keeps evolving."
Her deeper concern is accumulation: what happens when AI risk collides with climate volatility, geopolitical instability and supply chain disruption. Many organisations still assess each of these in isolation, she said, rather than understanding how they can combine and amplify each other. Companies that move beyond compliance-led risk management and use risk insight to inform business decisions gain the greatest advantage, Arquint argued. For AI, that means grasping not only what the technology does internally, but how it changes the behaviour of customers, competitors and threat actors.
Criminals are weaponising AI faster than businesses can respond
David Warr, who manages QBE's UK cyber portfolio, warned that criminal organisations are exploiting AI's capabilities well ahead of many companies' defences. "Organisations underestimate how criminal groups weaponise AI and digital technologies against businesses," he said. The attack surface now extends far beyond phishing emails. Criminal groups use AI to analyse building floor plans, identify weaknesses in access controls, monitor staff movements with drones, and replicate security badges and photographic IDs. Social engineering attacks have become more sophisticated as AI reduces the cost and effort of deploying them at scale.
"Keeping pace with technology has become the primary challenge for risk leaders," Warr said. "AI proliferation enables malicious actors to penetrate businesses and IT systems faster than most internal security teams can handle." Cyber risk consistently ranks among top organisational concerns, yet many still lack formal response plans. The gap between awareness and preparedness is widening.
The limits of existing risk frameworks
Beverley Adams, Managing Director and Head of Client Engagement at Marsh, sees the challenge beginning long before an incident occurs. "It is a bit like walking along looking down or walking along looking up," she said. "For me it is all about that look up." During her horizon scanning sessions, AI emerges as the leading concern, but rarely in a fully formed way. Organisations are still trying to understand both its opportunities and the risks it introduces.
"I have had to get comfortable being uncomfortable," Adams said. "You can sense check all the time. But you can't always expect things to be things you're already aware of." For her, uncertainty itself is a warning sign. The greatest risks are often the ones organisations have not yet learned to describe. Professionals pursuing AI for Insurance training may recognise this challenge, as the technology outpaces traditional risk assessment methods.
The human skill that AI cannot replace
Matt Terry, who has spent 13 years at Marsh and recently developed the firm's carbon credits insurance offering, argued that as AI becomes better at generating analysis, the value of human judgement increases. "A lot of the industry has failed in our ability to translate effectively," he said. "And I would say that becomes even more critical now we are in the AI world."
His argument is that the most important factor is the trusted adviser who can interpret AI-generated insights and translate them into a client's reality. "If we embrace every positive that the AI revolution brings and manage the risks of it," Terry said, "I still think the most important piece of the equation is going to be the person that the client trusts to interpret what is coming out of the AI machines and translate this complex topic into their reality."
Why this matters for insurance professionals
The conversations at AIRMIC 2026 make clear that AI risk management is no longer a specialist concern - it touches underwriting, claims, cyber, and advisory work. Insurance professionals who treat AI as a static exposure to be logged in a risk register will miss how it alters loss patterns, customer behaviour, and the threat landscape in real time. The advice from these leaders is straightforward: invest in horizon scanning that acknowledges uncertainty, build response plans that account for AI-driven threat acceleration, and strengthen the human advisory skills that no model can replicate. Organisations that do this will not only protect themselves but will also earn the trust of clients navigating the same unfamiliar terrain.
Your membership also unlocks: