Can AI ever fully replace human judgment? And perhaps most crucially, how can AI and human expertise complement one another to bolster cybersecurity?
Artificial intelligence (AI) has been steadily gaining prominence across various sectors and is now playing a significant role in cybersecurity. As society grapples with its integration into everyday life, organisations are rethinking how they defend against cyber threats. However, this shift also raises pertinent questions: does AI pose a greater risk to cybersecurity by potentially replacing human intervention? Can AI ever fully replace human judgment? And perhaps most crucially, how can AI and human expertise complement one another to bolster cybersecurity? Our Cyber Insurance expert Mihajlo Milanovic from GrECo and Cybersecurity expert Ulrich Fleck from CERTAINITY offer their insights.
The Double-Edged Sword of AI
While AI undoubtedly brings exciting developments to cybersecurity, it also presents new risks. The same technology that can fortify defenses may be exploited by cybercriminals. Adversarial attacks -where AI is deployed by attackers to craft sophisticated, often unrecognisable threats – are a growing concern.
One emerging area of malpractice involves AI being used to automate and enhance phishing attacks, making them more tailored and persuasive. “Deep fake” technology, which enables the creation of highly realistic fake audio and video content, is increasingly being used for fraudulent purposes. A well-publicised example occurred in February 2024 in Hong Kong, where a finance employee was duped into transferring $25 million following a convincing AI-generated call from someone posing as the company’s CFO. Similarly, during the Slovakian pre-election campaign, a fabricated conversation between a journalist and a politician circulated widely on social media.
This rising trend suggests that AI-enhanced fraud is likely to grow. However, on the defensive side, AI also has enormous potential, particularly in areas like software development. It can swiftly analyse millions of lines of code to detect errors, significantly improving software security. Nevertheless, criminals will inevitably harness this same technology to identify and exploit vulnerabilities. Moreover, AI systems – especially those that are opaque or poorly understood – may themselves introduce unforeseen weaknesses. If such a system makes a critical mistake, human operators could struggle to identify and rectify the error quickly.
Will AI Replace the Human Element in Cybersecurity?
AI excels at processing large volumes of data, detecting patterns, and responding to threats in real time, making it an invaluable tool in cybersecurity. Yet, it cannot replace the human element entirely. Cybersecurity is not just about technical defenses; it involves strategic thinking, ethical judgment, and the ability to respond to the unexpected – areas where human insight remains indispensable.
AI lacks the nuanced understanding of context and the ethical framework that humans bring to decision-making in cybersecurity. Furthermore, creative problem-solving and the capacity to anticipate unforeseen developments – skills that often prove crucial in cybersecurity – remain outside AI’s capabilities.
The Collaborative Future of Cybersecurity
The future of cybersecurity is likely to depend on a collaborative model where AI and human expertise work in tandem, each reinforcing the other. AI can manage routine tasks – such as network monitoring, anomaly detection, and addressing minor threats – freeing human professionals to focus on more complex challenges, such as analysing advanced attacks and shaping strategic security policies.
AI’s capacity to process and analyse vast amounts of data also generates actionable insights that would be impossible for humans to handle unaided. However, it is human experts who provide the necessary ethical and contextual judgments, interpreting AI’s findings and making informed decisions. In this collaborative framework, AI enhances human efficiency and effectiveness by automating routine and data-intensive tasks, allowing cybersecurity experts to focus on areas that demand human intelligence.
AI’s Role in Risk Management
The combination of AI and human judgment will likely play a crucial role in proactive risk management, helping to mitigate and reduce cyber risks in the future. The insurance industry is already engaging with AI’s potential, although it remains to be seen how cyber insurers in particular, for whom solid IT security plays a key role in risk assessment and the associated underwriting and pricing policy, will react to AI.
Striking the Right Balance
While AI is often heralded as a game-changer, it is important to recognise that it is no panacea. This is particularly true in cybersecurity, where AI brings significant benefits but also presents new challenges, which in themselves can become considerable risks. Much like other sectors, AI is unlikely to fully replace the human factor in cybersecurity. Rather, it will augment human expertise. The most effective cybersecurity strategies will be those that harness the strengths of both AI and human intelligence, creating a more resilient defense against the constantly evolving threat landscape.
For the insurance industry, the full implications of AI’s role in cybersecurity remain to be seen. However, it is clear that AI will increasingly be used to enhance risk assessment and improve resilience through advanced data analysis and modelling.
HORIZON Risk Thought >> Fast Forward
The complexity of today´s risk environment is changing at an accelerating pace, making risk management even more challenging. We have created HORIZON, firstly as a print publication and now as a page for sharing the latest insights about ongoing transformations. Our risk specialists will continue to provide their expertise and knowledge to shine a light on the challenges of the future.
Mihajlo Milanovic
Competence Center Manager Liability & Financial Lines
T +43 664 962 40 27
Ulrich Fleck
Cybersecurity expert
CERTAINITY
