How generative AI is changing the cyber risk game and what smart UMAs should be doing about it.
AI Isn’t Coming. It’s Already Here.
There’s a lot of noise about artificial intelligence (AI) right now. But strip away the hype, the tech jargon, and the Hollywood-style panic, and what’s left is something very real for every South African underwriting management agency (UMA).
AI – and more specifically generative AI (Gen AI) – is already shaping how businesses operate, how cybercriminals attack, and how insurers and reinsurers think about risk.
This isn’t a future problem. It’s a right now problem.
And like most things in the (re)insurance world, AI cuts both ways. It’s a risk. It’s an opportunity. It’s absolutely something UMAs can’t afford to ignore.
What does this mean for you?
The Risk: How AI Is Changing the Cyber Threat Landscape
AI has turbocharged cybercrime.
Not because attackers suddenly have Hollywood-level tech. But because Gen AI makes old-school scams faster, cheaper, and harder to detect.
Here’s how AI is showing up in South Africa’s cyber risk scene:
AI Risk Factor
What It Means for South African UMAs
AI-powered phishing & scams
Hyper-personalised emails, WhatsApps, and SMS that sound real, look real, and fool even smart people.
AI-generated malware
Code that changes and mutates to avoid detection — often in real-time.
Data privacy threats
AI needs data to learn. Breaches of client information (especially sensitive or financial data) create massive risk and FSCA headaches.
AI in your supply chain
Many UMAs use third-party platforms that embed AI – if their defences fail, your risk exposure increases.
South Africa is already a top global target for cybercrime. Add AI to the mix, and attacks don’t just increase, they evolve.
The Opportunity: AI Isn’t Just for the Bad Guys
This is where smart UMAs will pull ahead.
AI is not only a threat, it’s one of the most powerful defensive tools we’ve ever had access to.
Used well, AI can:
Detect anomalies faster than any human team.
Spot early signs of phishing or fraud.
Automate monitoring and response to suspicious activity.
Reduce claims exposure by catching attacks early.
And here’s the kicker – this creates a clear divide in the market:
UMAs using defensive AI will have lower claims, better cyber hygiene, and stronger insurer relationships.
UMAs ignoring it? Well… the market (and the regulators) will catch up to that soon enough.
What Smart South African UMAs Should Be Doing Now
This doesn’t have to be complicated. But it does need to be deliberate.
1. Review Your Cyber Exposure – Properly
Is AI mentioned in your cyber risk strategy?
Are your suppliers and partners embedding AI (and if so, how safely)?
Are you pressure-testing your cyber scenarios against AI-driven attacks?
2. Get Cyber Hygiene Basics Right
AI-driven attacks exploit lazy security.
Non-negotiables include:
Multi-factor authentication (yes, everywhere).
Regular software patching.
Cyber awareness training for your team (tailored to SA scams and tactics).
3. Talk to Your Insurers About AI-Driven Cover
AI is changing policy language, exclusions, and risk appetite.
Start those conversations early:
What’s covered? What’s not?
Are there conditions about your cyber defences?
Is AI usage part of your risk disclosure?
4. Use AI, But Securely
Already using AI tools (like chatbots or document automation)? Great.
Make sure:
You know what data is being processed.
You’ve checked the privacy settings.
AI tools aren’t introducing new vulnerabilities.
5. Stay Informed
AI-driven risks are dynamic. Today’s best practice might be tomorrow’s baseline.
Lean on partners who:
Live and breathe cyber risk.
Understand the local landscape.
Know the (re)insurance implications.
The Reinsurance View on Systemic AI Risk
Here’s where it gets interesting. Reinsurers are increasingly concerned about systemic cyber events, those rare but devastating incidents that hit multiple policyholders at once, often across portfolios, geographies, and sectors. AI-powered attacks have the potential to be exactly that.
For UMAs writing cyber cover or including cyber exposure in other lines, reinsurers are starting to:
Scrutinise how AI-related risks are underwritten.
Reassess aggregate exposure and limit structures.
Apply pressure on how cyber scenarios are modelled, or even impose exclusions for poorly defined risks.
This means AI isn’t just a front-line issue. It’s a capital one. UMAs who can clearly define, model, and explain their cyber exposure, including how AI shifts the risk, will have the upper hand in treaty reinsurance discussions and capital negotiations.
AI Changes The Rules. Resilient UMAs Change The Game.
Look, volatility isn’t new to South African UMAs.
If anything, this market has built its reputation on dealing with complexity, uncertainty, and operating in challenging conditions.
But AI changes the speed of the game. The scale. The stakes.
The good news? Preparedness still beats panic. Smart strategy still beats luck.
Oak Tree helps UMAs see risk clearly, and act with confidence. If you’re ready to talk about what AI means for your business (the risks, the opportunities, and the practical next steps), we’re ready too.
WERNER BARDENHORST
CA (SA)
He has his BCom Accounting with Honours through the University of Johannesburg.
He has a wealth of experience with over 9 years within the South African Short Term Insurance Industry and has held multiple roles from auditing to risk consulting to Corporate Financial and General Manager to COO.
He will also hold a seat on our Management Team.
