When Worlds Collide: Are We Really Prepared for the Convergence of Cyber, Insurance Fraud and Corporate Fraud?
Bad actor access to AI has irrevocably changed our threat landscape. Low-cost crime-as-a-service, generation of high-quality phishing emails, fraudulent websites, shallowfakes, deepfakes and voice emulation, automated reconnaissance of vulnerabilities, and rapid attack execution. We must expect increased compromise of consumer data, greater targeting of organisations, and more frequent attacks including business email compromise, all seeking to exploit weak control points across insurer ecosystems.
Insurance organisations have an expansive perimeter to defend. That extends well beyond the insurer itself, encompassing an extended supply chain of vendors and business partners from acquisition through to claims. This matters because the entry point for fraud is increasingly outside of our traditional “insurance fraud” focus.
When we talk about technology-enabled fraud, we naturally default to shallow and deepfakes in claims and policy validation. If we only look at fraud inside the claim file, we risk overlooking other high-impact attacks targeting the control points intended to secure the movement of money.
As financial fraud and cyber threats continue to converge, we must consider wider AI-enabled fraud threats linking cyber, corporate fraud and insurance activity. Consider sophisticated phishing at scale, higher breach potential across the extended insurance ecosystem, and enhanced opportunities for financial fraud.
So, threats are not restricted to AI-created documents to support fabricated claims or non-claims discount manipulation. This technology also enables breaches as part of a “kill chain” leading to high-value fraudulent payment insertion, targeting finance and claims processes across claims and supplier payments, bordereaux and delegated authority payments, revenue share and commission, and revenue collection.
Three Key Actions Should Be Considered
1. Horizon scan beyond “insurance fraud”
Track AI-enabled fraud typologies and translate them into insurance-specific scenarios across underwriting, claims and payments, with clear mitigation plans.
2. Make ownership explicit
Assign clear responsibility for AI-enabled fraud mitigation. Finance, InfoSec, Operational Fraud and Claims teams all have a role, and gaps between them are where attacks may thrive.
3. Stress-test the ecosystem
Assume an ecosystem weak link. Tighten onboarding, verification of payment and change-of-details controls, and run exercises so teams can spot, stop and respond to payment diversion attempts.
A focus on what is currently hurting insurance is correct, but insurance organisations must not be blind to wider AI-enabled threats.
