Insurers in India are pressing companies to reveal how they use AI as part of stricter cyber insurance assessments. The move reflects growing concern that opaque AI deployments could introduce new security gaps and complicate risk modelling.
According to a recent report by The Economic Times, insurers have started sending detailed questionnaires to corporate clients, asking about their use of AI tools, the type of data these systems handle, and the safeguards in place in case the AI system malfunctions.
“These questions help insurers understand new types of threats and ensure policies keep up with how AI is changing the risk landscape,” said S Vishwanathan, head of underwriting and reinsurance at SBI General Insurance.
The new line of questioning is a clear break from earlier underwriting practices. Until recently, cyber insurance assessments relied heavily on standard frameworks such as ISO 27001 and the NIST Cybersecurity Framework. These checklists focused on established risks like data breaches and access control, but did not account for AI-specific threats.
“Disclosures… have traditionally relied on standardized questionnaires… which did not include AI-specific factors,” said Tanuj Gulani of Prudent Insurance Brokers, adding that risks tied to AI tools were often underreported.
The new normal
Ritesh Thosani, cyber practice leader at Marsh India, says they quiz companies about their use of AI when a client, usually a large tech or consulting company, reports AI-linked revenue or operational exposure.
The shift comes as AI adoption accelerates across sectors. While these tools promise efficiency gains, they can inadvertently expose sensitive data, and if poorly secured, can also expand the attack surface.
AI systems can also behave unpredictably and generate false or misleading information, which can undermine trust and decision-making in critical sectors. In some cases, these flaws have already shown up in real-world systems.
Has your password leaked?
For insurers, this creates a pricing challenge. Cyber insurance depends on the ability to quantify risk. AI introduces variables that are harder to measure, such as model behavior, data integrity, and reliance on external providers.
When it detects AI use, Marsh India seeks detailed information on governance, risk ownership, bias detection, API security, model validation, data protection, and audit logging.
The answers have clear financial implications. Companies with weak AI governance may face higher premiums or stricter policy terms. On the other hand, those that demonstrate strong controls could benefit from broader coverage and better pricing.
The development in India mirrors a wider global trend. Insurers worldwide are beginning to treat AI as a distinct risk category rather than an extension of existing IT systems.
For them, AI is no longer just a tool for innovation but a potential source of liability that directly affects cyber insurance coverage and costs.
Unlock more exclusive Cybernews content on YouTube.
Your email address will not be published. Required fields are markedmarked