PRESS RELEASE: Insurance industry urged to wake up to new phase of AI-driven cyber risk

The insurance industry is facing a turning point and a new phase of cyber risk as AI becomes embedded in core business operations, according to cyber risk specialists KYND.

As it publishes a new white paper, MCP: The hidden frontier of AI-driven cyber risk, KYND is calling on the insurance industry to change its approach to cyber exposure and to increase technical awareness on Model Context Protocol (MCP), the key technology driving a new and uncharted era of cyber risk.

MCP enables AI models to plug directly into an organisation’s digital ecosystem, allowing AI systems to securely access and interact with tools, data and applications in real time – such as a retail company which uses an AI assistant to help with its operations.

Andy Thomas, KYND's CEO and Founder, said: “The AI boom is happening fast and security frameworks are still catching up.

“As MCP usage accelerates, with more companies adopting generative-AI solutions, MCP exposure is spreading quietly through digital supply chains.

“Because it acts as a connective layer, MCP creates an attack surface where the impact of a single flaw can be amplified across multiple insureds and portfolios.

“Its open, interconnected nature and the features which make MCP efficient and scalable can also be conduits for exploitation.”

Security researchers have already reported a growing number of MCP-related attacks, including where AI models have been manipulated. If an MCP server’s permissions are too broad or its access controls are misconfigured, a malicious query could extract confidential data or modify records, all through what appears to be a legitimate integration.

Weaknesses in the infrastructure which underpins MCP can also be exploited, allowing attackers to gain access to connected systems and the potential for sensitive data to be leaked.

For insurers, MCP exposure presents new challenges at both the individual and portfolio level, making risk selection more complex and introducing the possibility for widespread compromise. Compounding the issue further is the speed of change, as MCP-enabled tools evolve rapidly – which means an organisation’s risk profile can quickly become outdated.

To guard against MCP-driven cyber risk, KYND is advising insurers to:

• Implement continuous portfolio monitoring

• Incorporate richer data into their risk selection

• Refine policy wordings around AI-related incidents.

Andy Thomas added: “Insurers must evolve their approach to be resilient in this new era of cyber risk, where exposure stems not just from software, but from the actions and behaviours of intelligent systems themselves.

“Underwriters not only need to assess the security of individual organisations, but to understand how shared dependencies multiply exposure across the market.

“Relying on the right cyber intelligence will be critical in spotting emerging risks – and acting on them before they become systemic.”

Download the full white paper below.

About KYND

KYND is a pioneering cyber risk management provider, leading the way in transforming complex cyber risk data into clear, actionable insights. From organisations managing their own risk and their third parties, to insurance and financial services sectors overseeing entire portfolios, KYND empowers confident, informed decision-making at every level. Headquartered in London, with offices in Portugal and the U.S., KYND’s industry-leading technology delivers instant visibility into cyber risk exposure, along with continuous monitoring and advanced real-time threat alerts – helping clients stay ahead of evolving threats.

For more information, please visit: https://www.kynd.io/

Follow KYND on LinkedIn: @KYNDCyber