AI Oversight Becomes Essential for Insurance Sectors
In the rapidly evolving digital landscape, the importance of AI governance in cyber risk management has never been more apparent. According to a recent report, AI-driven attacks such as phishing and deepfakes now account for one in six breaches, highlighting an escalating AI arms race in cyber warfare.
The 2025 IBM Cost of a Data Breach Report, published on Friday, reveals that the average cost of data breaches has hit a record high of $4.88 million. This is up by ten percent from 2023 as breaches grow more sophisticated. Customer Personal Identification data was the most frequently compromised data in data breaches (65%). However, surprisingly, Intellectual Property data was the costliest at USD 178 per record, despite being less frequently compromised (40%).
The report also sheds light on the growing issue of Shadow AI, responsible for 20% of data breaches, adding an average of USD 670k to breach costs for organizations with high levels of shadow AI.
In an effort to combat these trends, forward-thinking organizations like Consilium are advocating for a comprehensive approach to AI cyber risk governance. Ethan Godlieb, Associate Partner at Consilium, warns brokers of the need to build AI governance into clients' cyber risk frameworks. Godlieb, who joined Consilium in May from Aon, is expanding Consilium's cyber book across class and territory.
Consilium's partnership with the Canada Association of Managing General Agents (CAMGA) as a Gold sponsor will benefit CAMGA's members from Consilium's broadening expertise in AI governance.
The best practices for AI governance in cyber risk frameworks recommended by Consilium and IBM's 2025 Cost of a Data Breach Report emphasize embedding security by design, establishing strong AI risk management governance, and ensuring collaboration across organizational teams.
Key recommendations include implementing AI Risk Management Frameworks like NIST's AI RMF, embedding security from the start by applying threat modeling and safeguards early in the AI system design phase, designing resilient AI systems, adopting AI governance structures, establishing detailed AI Use Policies, using identity and access management tailored for AI models and pipelines, and fostering alignment between AI, cybersecurity, engineering, data science, compliance, and product teams.
These best practices form a comprehensive approach that emphasizes early risk identification, governance oversight, operational controls, and cross-functional collaboration for effective AI cyber risk governance. As tariff and trade war moved into the top rank of emerging risks for the second quarter of 2025, and volatile tariffs can disrupt cargo, trade credit and stock insurance, the need for such comprehensive approaches becomes increasingly urgent.
[1] NIST's AI RMF: https://nvlpubs.nist.gov/nistpubs/ir/2020/NIST.IR.8220.pdf [2] Threat modeling: https://www.owasp.org/index.php/Threat_Modeling [3] IBM's 2025 Cost of a Data Breach Report: https://www.ibm.com/security/data-breach [4] AI governance structures: https://www.ibm.com/security/services/ai-ethics-compliance [5] AI Use Policies: https://www.ibm.com/security/services/ai-ethics-compliance/ai-use-policies
- The IBM 2025 Cost of a Data Breach Report, published recently, underscores the increasing importance of AI governance in cyber risk management, revealing that AI-driven attacks now account for one in six breaches and costing an average of $4.88 million.
- As AI-related cyber risks continue to escalate, forward-thinking organizations like Consilium are advocating for best practices in AI governance, such as embedding security by design, establishing strong governance, and fostering cross-functional collaboration across teams.
- To combat the growing issue of Shadow AI, which adds an average of USD 670k to breach costs for organizations with high levels of shadow AI, Consilium recommends implementing AI Risk Management Frameworks like NIST's AI RMF, establishing detailed AI Use Policies, adopting AI governance structures, and using threat modeling for early risk identification.
