Insurance
Munich Re: AI causes cyber danger to grow – protective shield necessary
In general, Munich Re believes that protection against cyber attacks is still inadequate (symbolic image). photo
© Sebastian Gollnow/dpa
Artificial intelligence is helpful – even for malicious purposes. The damage caused by cyber attacks is increasing. The reinsurer Munich Re sees potentially catastrophic risks.
According to the reinsurer’s assessment, the potential damage from cyber attacks is: Munich Re is now so big that preventive protective shields would make sense. The damage caused by “catastrophic systemic events” – such as cyber war or the failure of critical infrastructure – would exceed the capacities of the insurance industry, write the experts from the Munich DAX group in a report on cybercrime.
Since such scenarios could threaten macroeconomic stability, the company advocates involving governments in order to keep the risks manageable. Munich Re refers to estimates from the statistics platform Statista, according to which the global damage caused by cybercrime could rise from a good $8 trillion in 2023 to $13.8 trillion by 2028.
Two factors contribute to the increasing risks: Technical progress, including artificial intelligence (AI), makes business easier for perpetrators. In addition, some states are directly involved in cyber attacks or at least support criminal gangs. The company did not name specific countries; security experts often blame Russia and China.
Phishing emails as a gateway for cyber attacks
“The era of generative artificial intelligence has just begun,” says Munich Re cyber expert Martin Kreuzer. “The use of artificial intelligence also allows criminal actors to achieve economies of scale through a qualitatively new level of automation, for example in phishing emails. These are still by far the most common gateway for cyber attacks in 2024.”
In legal business, the term “economy of scale” means advantage through size – the more a company can produce of a product, the cheaper the manufacturing costs. According to Kreuzer’s assessment, a similar mechanism also works in criminal transactions.
Phishing emails are intended to encourage recipients to click on malicious links to install computer viruses, reveal data or engage in personal contact with fraudsters. “AI also makes it easier to personalize such messages and helps attackers identify how to target which people with which topics,” said Kreuzer. The cyber expert cited automated monitoring of social media accounts as an example, with which perpetrators can collect information about potential recipients.
AI useful on both sides
In the future, large hacker groups would also develop their own generative AI and train it for malicious purposes, said Kreuzer – “for example to discover vulnerabilities in IT security.”
However, Kreuzer emphasized that AI is not only useful for the perpetrators, but can also make defense easier. “On the other hand, AI also allows for more effective cyber defense, for example in the detection of anomalies and through automated feedback.”
In general, the reinsurer believes that protection against cyber attacks is still inadequate. “Expertise in the area of IT security is still few and far between,” said Kreuzer. “In addition, appropriate investments are needed in the technologies and, as a third step, the processes in order to effectively use the technology in accordance with the respective needs.”
Germany is “not the country with the highest level of digitalization,” said the cyber expert. “Politicians have recognized the importance of AI, but it still remains to be seen whether there is the will and budget for rapid implementation in Germany.”