Cybercrime Tops Insurer Risks as AI Raises the Stakes
Cybercrime remains the number one risk for insurers worldwide, with artificial intelligence close behind, according to Alvin Dave Pusing of PwC. He noted that AI is a source of risk due to governance and implementation issues-and it also amplifies other concerns, including cybercrime.
The findings come from PwC's Insurance Banana Skins 2025 survey, which gathered 698 responses across 42 territories. Rounding out the top concerns are technology risks, economic pressures, and climate change-a mix that places both operational resilience and balance sheet strength under pressure.
Why this matters
Customer trust hinges on cybersecurity and data protection. Pricing fairness and claims experience matter just as much, because policyholders expect straight treatment when they file a claim.
Regional and line-of-business differences
Cybercrime ranks first across Europe, Asia Pacific, North America, and Africa-signaling a consistent global threat picture. AI sits in second place across regions.
Risk priorities split by segment: non-life carriers elevate climate risk given exposure to natural catastrophes, while life insurers focus more on macroeconomic pressures that affect affordability and long-term savings.
The Philippines: protection gap and sustainability risk
Insurance penetration remains below 2%. Distribution is still anchored in bancassurance and agency, while digital is growing but limited by financial and digital literacy gaps.
Exposure to typhoons, floods, and other catastrophic events fuels sustainability concerns for non-life carriers, from pricing adequacy to reinsurance costs and capital strain.
What insurers should do now
- Strengthen governance and operational controls. Elevate cyber and AI risk oversight to the board. Set clear risk appetite, assign accountable owners, and run regular incident simulations across business and third parties.
- Build security and privacy into products and processes. Enforce MFA, zero trust, encryption at rest/in transit, and rigorous third-party risk reviews. Embed privacy engineering and data minimization across underwriting, claims, and marketing. Consider frameworks like the NIST Cybersecurity Framework for structure and measurement.
- Operationalize AI risk management. Maintain an inventory of models, perform threat modeling and red-teaming, implement guardrails, and monitor for drift and abuse. Align with fairness, transparency, and explainability-especially in pricing and claims. If your teams need enablement, explore AI for Insurance.
- Protect trust in pricing and claims. Use clear rating logic and disclosures. Run bias and stability tests. Standardize claims triage, set SLA expectations, and keep audit trails that regulators and customers can understand.
- Address climate and capital head-on. Update cat models and scenarios, right-size reinsurance, and consider parametric covers where fit. Pair risk-adjusted pricing with affordability tools such as micro-covers or public-private schemes to keep protection within reach.
- Close distribution and inclusion gaps (PH focus). Blend human and digital-agent enablement, embedded partnerships, and mobile-first onboarding. Invest in financial education, simpler product language, and low-friction claims for lower-touch channels.
- Engage regulators early. Share metrics, third-party assessments, and remediation progress. Communicate incident response clearly. Don't oversell AI-prove control with documentation and testing.
Focus on key intersections
Pusing urged insurers to concentrate on the intersections that matter: AI and financial inclusion, climate risk and affordability, regulation and customer trust. That's where strategy, execution, and public expectations collide.
Questions for leadership teams
- Which risks are we underestimating across cyber, AI, climate, and macro?
- Where can we be more inclusive while staying profitable and solvent?
- What action this quarter will strengthen trust with customers or regulators?
The path forward is clear: reduce cyber exposure, make AI safe and explainable, keep claims and pricing fair, and build resilience against climate and economic shocks. Translate this into a 12-24 month work plan with hard milestones, owners, and metrics-then execute.
Your membership also unlocks:
