Industry
Banking
Banking Services Transformation: Unlocking Exponential Value
Highlights
- With cyber criminals increasingly using cutting-edge technologies to orchestrate sophisticated attacks, loss due to cyber crime is on the rise, touching $16.6 billion in 2024.
- Customers are adopting AI to fight cyber crime. However, responding nimbly in real-time to foil a cyber attack demands huge compute power. The way forward lies in adopting accelerated computing devices such as GPUs, TPUs, and quantum computing.
- Insurers must offer cyber insurance policies at competitive prices, incentivizing the adoption of accelerated and quantum computing to enhance the cyber resilience posture of their customers.
Introduction
Cyber insurers have been at the forefront in ensuring robust security measures for their customers, lowering financial and reputational risks.
Strong security controls and incentives to enhance cybersecurity are part of insurers’ repertoire to increase resilience among customers. However, the path to robust cyber resilience is rocky given the increasing use of new technologies such as GenAI by cyber actors to orchestrate sophisticated attacks.
Cyber insurance firms cater to a diverse customer base, ranging from large organizations to small and medium enterprises (SMEs) spread across various industries. With more and more businesses, including SMEs, moving to digital environments and the cloud, the risk exposure is only bound to increase. Consequently, the possibility of a systemic risk looms large for insurers. Though SMEs are increasingly opting for cyber insurance, they are constrained by limited resources and knowledge. This is a huge opportunity that insurers can exploit—they can offer consulting services to the SME segment and design policies bundled with value-added services to control cyber risk exposure.
Many organizations across sectors are leveraging AI to counter rising cyber threats. Though these tools bring the capability to thwart new attack vectors, an instant and agile response is critical to prevent cyberattacks, which in turn demands huge compute power, necessitating the deployment of graphics processing units (GPUs), tensor processing units (TPUs), and quantum computing technologies. These devices bring advanced compute power, acting as a force multiplier and accelerating the capabilities of cybersecurity tools to enable faster detection of attacks at the periphery. In our view, insurers must offer competitive cyber insurance policies that incentivize the use of GPUs, TPUs, and quantum computing devices to help their customers enhance cyber resilience and stay ahead of nefarious actors.
The opportunity
Cybercrime is rising dramatically, with a corresponding increase in financial losses.
An Internet Crime Complaint Center (IC3) report1 reveals an increase in loss due to cybercrime (see Figure 1) in 2024 compared with the 2023 report2—and the SME segment is a prime target. To capitalize on this opportunity, insurers must design cyber insurance products and services that incorporate accelerated computing and quantum computing technologies, with special focus on the SME segment, to enhance cyber resilience and ensure an instant response in the event of an attack.
Figure 1: Increase in loss due to cybercrime
Let us examine the critical cyber threats that insurance firms’ customers are prone to and what insurers can do to help mitigate them.
Despite regulators mandating comprehensive data security standards and regulations, data breaches are on the rise accompanied by a steady increase in the average cost of a breach. While enterprises have implemented data loss prevention (DLP) techniques to overcome this, the use of CPUs degrades performance by increasing response time. Deploying GPUs or TPUs or quantum computing technologies can help reduce the time taken to detect a threat to less than a second, enabling real time monitoring. To mitigate data breaches, regular cyber risk assessments are crucial. Insurers must offer cyber risk assessment through the as-a-service model (cyber-risk-assessment-as-a-service) to improve the cybersecurity posture of their customers.
Customers are increasingly moving to digital and cloud environments with the use of software-as-a service (SaaS) also on the rise. Since public cloud is concentrated among a few major players, it has the potential for systemic risk with a single breach putting data across multiple organizations at risk. Regulators mandate continuous network monitoring with non-compliance leading to penalties.
Given the massive, disparate datasets in cloud environments, central processing units (CPUs) will not be able to handle the scale and proactively detect cyber threats. To address this, businesses will need to build sophisticated intrusion detection systems (IDS) to monitor cloud infrastructure and network in real-time. Many customers, especially SMEs, may lack the resources required for this. Insurers must partner with hyperscale cloud providers to leverage their AI-backed IDS, typically powered by GPUs or TPUs, and offer value-added offerings, enabling access to such cutting-edge monitoring services.
Last year, CrowdStrike pushed an update3 that resulted in a system crash. More recently, the Notepad++ installer vulnerability4 allowed unprivileged users to gain system level privileges. Such updates inadvertently put organizations at risk, making them susceptible to cyber-attacks. Though the exposure is limited to a brief period, hackers are ever ready to exploit vulnerabilities. Accelerated computing can help anticipate such threats through simulation of potential cyber catastrophe scenarios triggered by supply chain vulnerabilities.
According to a Cybersecurity & Infrastructure Security Agency (CISA) report, supply chain is a major risk5 for SMEs as they generally do not have dedicated risk management functions. Several government agencies have published standards, frameworks, and guidelines to mitigate risks arising from third party software suppliers. In addition, these agencies recommend the use of automation tools for detecting zero-day exploits. Insurers must guide customers in the adoption of these frameworks, standards, and tools, and offer coverage at optimal rates.
Traditional security solutions are not equipped to stop sophisticated socially engineered emails as they are usually initiated from trusted sources. Business email compromise remains one of the top threats accounting for losses of over $2.7 billion.1 With the advent of GenAI, adversaries are successfully creating personalized and targeted emails at scale—a CISA assessment revealed that 84% of employees responded to a malicious email within 10 minutes6 of receiving it.
Insurers can assist their customers in identifying the deficiencies in their IT landscape that can expose them to social engineering attacks. This will necessitate using GenAI models backed by GPUs or TPUs to uncover hidden patterns that could result in an attack. Enterprises must leverage AI agents for real-time email classification, use alerting tools, and monitor network events to detect and respond to cyber threats including those arising from click bait phishing mails.
Insurers can gain immensely by recommending such advanced cybersecurity measures to their customers. To enhance their value proposition, insurers must build an ecosystem of cybersecurity providers and offer services across risk assessment and mitigation, cyberattack prevention, and post incident recovery. This will result in a win-win for both: for their customers, it will lower business interruption costs and avoid regulatory penalties while for cyber insurers, loss ratios will improve. It can also pave the way for new growth avenues such as on-demand coverage, cybersecurity-as-a-service (CSaaS) offerings bundled into cyber insurance products and services. Including attractive pay-as-you-go options can promote greater adoption by the SME segment, improving overall cyber resilience, in turn drastically reducing claim losses.
Building cyber resilience
The integration of accelerated and confidential computing bolstered by graph analytics and an AI-backed securities operations center is critical to building a formidable defense against the onslaught of cyberattacks.
Figure 2: Building cyber resilience using accelerated computing
However, before embarking on a journey to enhance the cyber resilience quotient of their customers, cyber insurers must put their own house in order by establishing robust security mechanisms to protect against cyberattacks. Subsequently, they can leverage this experience to offer value-added services across cyber risk assessment (CRAaaS) and cybersecurity (CSaaS) to their customers, helping them to fortify cyber resilience (see Figure 2).
Secure data processing at the application stage
Cyber insurers require detailed information on an applicant’s security controls and risk management practices for assessing risk, underwriting, and tailoring a policy at the right price. This includes sensitive customer data (systems, assets, protocols) and needs to be processed securely. Insurers must leverage confidential computing which will help process encrypted data without exposing the actual data. This ensures data remains secure even if the insurer’s system or network is compromised by a cyberattack.
Context-aware cyber posture
Cyber insurers must constantly monitor their IT environment including assets, networks, and software platforms to draw insights on potential cyber risks. By adopting accelerated computing coupled with technologies such as graph analytics, insurers can obtain intelligence on the complex relationships across assets and networks that can contribute to threats, uncover hidden attack paths, and detect anomalies. This approach will ensure an uninterrupted flow of cyber intelligence, allowing cyber insurers to progress from a static security model to a context-aware security posture that continuously adapts to evolving threats.
AI-first SOC
Cyber insurers must set up a security operations center (SOC) equipped with AI technologies and powered by accelerated computing devices to enable rapid incident response and recovery. AI agents can be deployed to aid in autonomous alert triaging, contextual decision support, automated incident response and containment, evidence capture, post incident analysis and timely reporting for regulatory compliance. Considering these AI agents involve complex reasoning and mission critical tasks, compute power provided by GPUs and TPUs is essential. AI-first SOCs powered by accelerated computing can be the differentiator between being vulnerable and cyber resilient.
Looking ahead
As AI adoption becomes widespread, the cyber threat landscape will transform significantly, giving rise to new AI enabled threats.
At the same time, cyber criminals will move away from traditional tools and adopt AI and other emerging technologies to develop more sophisticated attack strategies. To effectively combat such threats, cyber insurers must adopt AI and technologies such as accelerated and confidential computing to fortify their defense structures—a situation where AI will be used to fight AI. That said, technology advances will rapidly produce new cyber risks requiring insurance firms to continuously adapt to stay ahead of the game.
Most enterprises, especially the SME segment, lack the wherewithal to take elaborate steps to build robust cyber resilience. And here lies the opportunity for cyber insurers—they must adopt a consultative role, assisting customers in utilizing new technologies such as accelerated and confidential computing to mitigate cyber risks. In addition, insurers must set stringent security requirements, incentivizing customers to put in place specific controls, as a precondition to issuing cyber insurance policies. Yet again, cyber insurers are at the cusp of promoting and leading new age cybersecurity practices among their customers—this time with the higher speed and agility rendered by accelerated computing.
References
1 Federal Bureau of Investigation, Internal Crime Complaint Center, Internet Crime Report 2024, April 2025, Retrieved December 2025, https://www.ic3.gov/AnnualReport/Reports/2024_IC3Report.pdf
2 Federal Bureau of Investigation, Internal Crime Complaint Center, Internet Crime Report 2023, March 2024, Retrieved December 2025, https://www.ic3.gov/annualreport/reports/2023_ic3report.pdf
3 US Government Accountability Office, Cyber Resiliency: CrowdStrike Outage Highlights Challenges, September 2024, Retrieved December 2025, https://www.gao.gov/products/gao-24-107733
4 National Vulnerability Database, Vulnerabilities, Retrieved December 2025, https://nvd.nist.gov/vuln/detail/CVE-2025-49144
5 Cybersecurity & Infrastructure Security Agency, Reducing ICT Supply Chain Risk in Small and Medium-Sized Business Fact Sheet, May 2023, Retrieved December 2025, https://www.cisa.gov/resources-tools/resources/reducing-ict-supply-chain-risk-small-and-medium-sized-businesses-fact-sheet
6 Cybersecurity & Infrastructure Security Agency, Phishing, December 2022, Retrieved December 2025, https://www.cisa.gov/sites/default/files/2023-02/phishing-infographic-508c.pdf