Cyber, AI, and Tech Risks Are Now Center Stage for Insurers - Singapore Leads in Concern
Technology disruption and macro uncertainty are pushing anxiety levels among Singapore insurers above global peers. The latest PwC Insurance Banana Skins report puts cyber crime at the top, with AI risk making a fast climb into second place.
It's a clear signal: risk profiles are shifting faster than operating models. The firms that respond with speed and clarity will protect margins - and win share.
What the survey says
The tenth edition of PwC's Insurance Banana Skins draws on nearly 700 voices from more than 40 countries. Singapore responses mirror global rankings on cyber, but show sharper sensitivity to macro headwinds given the city-state's trade exposure and open capital flows.
Key moves versus prior years: cyber rises to #1; AI jumps from #7 (2023) to #2; human capital slips to #5 but stays critical.
See PwC's Insurance Banana Skins overview
Why cyber tops the list
Attackers are scaling through automation and generative AI. Meanwhile, insurers are expanding cloud use, APIs, and third-party ecosystems - all widening the attack surface.
For carriers, this isn't just an IT issue. It hits pricing, distribution uptime, claims integrity, and capital confidence.
- Own the basics at scale: strong identity access controls, segmentation, encryption, tested backups, and continuous patching.
- Tighten third-party risk: contractual controls, right-to-audit, SBOMs, and continuous external attack surface management.
- War-game real failure modes: business email compromise, data exfiltration during claims, ransomware on policy admin, and model poisoning.
- Validate coverage: understand cyber policy limits, exclusions, and aggregation across your own program and ceded risk.
AI risk moves to #2
AI is now a dual-risk: it amplifies cyber threats and creates new exposure in model bias, data leakage, vendor dependency, and opaque decisioning. Rapid iteration across multiple components and providers makes monitoring harder.
- Stand up AI governance: inventory use cases, define model criticality tiers, and enforce human-in-the-loop for high-impact decisions.
- Secure the AI stack: protect training data, secrets, and prompts; test for prompt injection, data exfiltration, and adversarial inputs.
- Assure outcomes: bias testing, explainability for regulated decisions, and reproducible audit trails.
- Align to local principles such as MAS FEAT for responsible AI and data analytics. Read MAS guidance
Macroeconomic risk remains elevated in Singapore
Interest rate whiplash, tariff shifts, currency divergence, and cross-border capital flows weigh on pricing confidence and plan commitments. For a trade-driven hub, these factors show up faster in earnings and new business strain.
- Reinforce ALM: duration matching, liquidity buffers, and interest-rate hedging aligned to product guarantees.
- Re-price with discipline: adjust credit spreads, catastrophe loadings, and expense assumptions where loss cost trends demand it.
- Use scenario packs: rates higher-for-longer, credit spread widening, FX shocks, and equity drawdowns tied to your asset mix.
- Tune reinsurance: optimize retentions and aggregate covers to protect capital while preserving margin.
Human capital is still a top-five risk
The workforce is aging while demand spikes for data, engineering, and actuarial skill sets. Competition for AI talent makes build-versus-buy decisions more urgent.
- Plan the skills mix: actuarial plus data science, product plus platform engineering, claims plus automation.
- Reskill at pace: short-cycle programs on AI-assisted underwriting, pricing analytics, and model risk control.
- Modernize the toolchain: reduce toil with workflow automation so specialists spend time on high-leverage tasks.
- Explore targeted upskilling options for teams adopting AI in insurance roles. Browse role-based AI courses
90-day execution plan
- Week 1-2: Name accountable owners for cyber, AI governance, and macro stress testing. Lock scope and metrics.
- Week 3-6: Run a cyber tabletop; complete an AI use-case inventory; refresh rate and credit stress tests; document decisions.
- Week 7-10: Close top five control gaps (IAM, backups, vendor access, data loss prevention, model monitoring). Update pricing and reinsurance assumptions where stress results warrant.
- Week 11-13: Launch a focused training sprint for underwriters, actuaries, and claims on AI tools and control guardrails.
Metrics to watch
- Cyber: mean time to detect/respond, critical patch SLA, third-party exposure count, and tested backup restore time.
- AI: number of material models under governance, bias/explainability pass rate, and incident count tied to AI misuse.
- Macro: new business strain, lapse and surrenders, RBC/SSR coverage under stress, and ALM duration gap.
- Talent: roles filled in data/engineering, internal mobility rate, and training completion tied to measurable workflow changes.
Bottom line
Cyber, AI, and macro risks are converging. The firms that treat them as one operating agenda - with clear ownership, short feedback loops, and visible metrics - will keep earnings stable while competitors react.
Set the plan. Move first. Review monthly. Then raise the bar.
Your membership also unlocks:
