Cyber insurers warn AI is accelerating phishing and business email compromise attacks

Cyber criminals are increasingly using artificial intelligence (AI) tools such as ChatGPT to scale phishing and fraud attacks, according to speakers at a webinar hosted by Consilium.

During the broker’s “Friday Firewall” cyber session, director of UK claims Kirsten Maley warned that cyber attackers were becoming more sophisticated in their attempts to deceive businesses, particularly through phishing emails and business email compromise scams.

Maley said attackers had recently been targeting senior executives using fake non-disclosure agreements linked to fraudulent business transactions.

“We’ve seen a couple of claims come in recently where they send someone kind of high up in the business a non-disclosure agreement,” she explained.

The tactic is designed either to encourage the recipient to click on a malicious link or persuade them to authorise a payment.

“There’s some sophistication to that which we don’t always see in phishing attempts,” Maley added, noting that traditional phishing emails were often easier to identify because they were “very clumsily written”.

According to claims data discussed during the webinar, email compromises accounted for 42% of recent cyber incidents Consilium handled, while ransomware represented 24%.

AI-driven attacks

Responding to questions about AI and deepfakes, Maley said the greater concern for insurers was not necessarily highly advanced impersonation technology, but the accessibility and speed AI tools now offered cyber criminals.

She said: “There’s not so much the deep fake element of it, but the speed and process in which somebody can complete a cyber attack.”

She referenced a recent US case in which a fraudster allegedly used ChatGPT to identify chief executives at Fortune 500 companies before issuing fake invoices worth around $1,400.

“Back in the day you did have to be quite technical to really understand how to get into a network,” she said. “Now there’s ransomware as a service for hire.”

The comments reflect wider concerns emerging across the cyber insurance market. Research published by Coalition found business email compromise was the leading source of cyber insurance claims globally in 2025, accounting for 31% of incidents.

Meanwhile, Munich Re said fraud and phishing had overtaken ransomware in insurer cyber risk rankings, driven partly by AI-generated content and deepfake technology.

During the webinar, Consilium’s head of cyber Ethan Godlieb said businesses were hearing about new AI-related cyber threats “every week, every day”, as insurers increasingly adapt products and incident response services to evolving attack methods.