We are building a civilisation that is totally dependent upon technology – water systems, heating systems, air conditioning – everything we need to stay alive is being moved onto or exists on some kind of digital platform.

Technology is rapidly permeating our everyday existence: it governs how we travel, clean our clothes, prepare our meals, access information, communicate and pay for things.

Saudi Arabia’s mega-city project NEOM is an example of this interconnectivity in action. The Line, a linear smart city within NEOM, will eventually be home to roughly nine million people. Residents will have access to all their daily needs within five-minute radius, with no cars necessary and AI will control almost every facet of this project.

Despite this seismic progress, when considering the risks associated with a cyber attack, we immediately still think of the workplace and largely commercial damage. If an organisation suffers a cyber breach, the people who are currently impacted tend to be customers and suppliers. Yet, as more companies adopt technology that goes beyond commercial, the nature of cyber risk is evolving.

Given the rapid pace of technological advancement, it is possible that a cyber incident may pose a threat to human life in the future. This may be true already for medical companies and within the NHS. However, considered more broadly, if a smart building is taken offline for 48 hours, humans have basic needs that will need to be met. These kinds of exposures are currently not considered within the cyber risk framework and will involve re-evaluation of how cyber insurance operates.

Reality bites

Another example of how AI is likely to change the way we work and live is augmented reality (AR) and virtual reality (VR). Currently, we start work at home by opening our laptop, having a keyboard and mouse, and connecting via a VPN through our broadband for which we pay a monthly subscription. However, this may be set to change. In January 2024 Apple plans to release its Vision Pro Goggles, which it describes as spatial computing and marks an important step in its AR/VR journey. Although prohibitively expensive for the majority of workplaces, the goggles are likely to spark interest and app development in this area. Creating a device with a price tag more suitable for widespread adoption will be the next, not insignificant, challenge.

AI – friend or foe?

Consider every major industry – banking, farming, transport, logistics, construction, manufacturing – they are all on a journey to being driven completely by technology. Smart farming where self-driving tractors, crop-inspection drones and autonomous sprayers are used is growing rapidly. A consumer may be able to buy a product from Amazon soon and have it delivered to their property with no human interaction. Although still very much in the pilot phase, Uber has signalled its long-term commitment to offering driverless taxis.

AI and Chat GTP can increase security exposures. Chat GTP cannot write malicious code but it will write example code and share how it is structured. Chat GTP is also good at creating code-related malware. One of the barriers to cyber crime is knowledge and Chat GTP can offer vulnerable people an avenue to coding across platforms that simply did not previously exist.

Phishing is also a major cyber exposure and Gallagher’s claims experience shows that around 80% of claims in this area relate to human error. One of the current tell-tale signs of a phishing attack is inaccurate or unusual use of language. However, if criminals use Chat GTP to write sophisticated emails, this will be much harder to detect.

Security is king

Are organisations thinking about whether it is a good idea to build an entire operation completely reliant on a computer system? These entire networks rely on a power supply; therefore, a natural disaster or targeted attack could bring any network down. Within Internet of Things (IoT) security training, three elements are always discussed when it comes to building a network: functionality, usability and security. In general, more money is invested in making networks efficient and user-friendly than in making them secure. Security is often underfunded because it does not generate revenue. However, this is going to change as leaders realise that without secure online operations, they cannot conduct business.

Five years ago clients generally asked whether they needed cyber insurance. Now they ask where need it. That’s where Gallagher can help. Please listen to Johnty Mongan and Georgia Price-Hunt’s full Beyond Today session to learn more. Alternatively, contact the Cyber Risk Management team here.


The sole purpose of this article is to provide guidance on the issues covered. This article is not intended to give legal advice, and, accordingly, it should not be relied upon. It should not be regarded as a comprehensive statement of the law and/or market practice in this area. We make no claims as to the completeness or accuracy of the information contained herein or in the links which were live at the date of publication. You should not act upon (or should refrain from acting upon) information in this publication without first seeking specific legal and/or specialist advice. Arthur J. Gallagher Insurance Brokers Limited accepts no liability for any inaccuracy, omission or mistake in this publication, nor will we be responsible for any loss which may be suffered as a result of any person relying on the information contained herein.