The AI risks most Australians aren't insured for

A look at the fastest-growing gap between what you assume your policies cover, and what they actually do.

Every year around EOFY, people pull out their insurance documents, glance at them, and move on. The cover that was right for you five years ago is probably not right for you now. And in the past 18 months, one category of risk has moved faster than insurance policies have been able to keep up with: AI-enabled fraud.

Deepfake video, voice cloning, AI-generated phishing, synthetic identities. These are no longer fringe risks. They are showing up in claims data, in courtrooms, and in everyday conversations with our clients.

The hard part is that most Australians, and most Australian businesses, assume they are covered. In many cases, they are not. Here is what to check before your next renewal.

Why the gap exists

Insurance policies are written against a known set of risks. When a new risk emerges, there is always a lag between what is happening in the world and what is reflected in policy wording.

AI-enabled fraud is in that lag right now. Traditional cover was designed for a person on a phone, or a fake invoice in an email. It was not designed for a synthetic CFO appearing on a Teams call, or a cloned voice instructing a wire transfer. While some insurers have updated their wording, others have added exclusions that narrow cover. Some have done nothing, which usually means cover defaults to the older, less protective definitions. Until you read your policy carefully, you will not know which side of the line you are on.

FOR BUSINESSES

Deepfake-enabled financial fraud

In 2024, Arup, a 78-year-old London-based engineering firm, became the latest high-profile victim of a multimillion-dollar deepfake fraud. The global company has many impressive achievements to its name, including co-designing the Sydney Opera House. A finance employee from Arup transferred USD 25.6 million across 15 transactions after joining a video call where, unbeknownst to them, every other participant, including the CFO, was AI-generated. The employee followed every internal protocol. The protocols were simply not built for that threat.

Smaller versions of the same attack are now common. A cloned voice of a director instructs a bookkeeper to release a payment. A deepfake video on a quick approval call confirms a vendor change. The amounts are smaller. The mechanism is the same.

The insurance question is whether your cyber or crime policy will respond. Many standard policies contain a clause called the voluntary parting exclusion, which can deny cover when an employee authorised the transfer, even under deception. Some insurers have added affirmative cover for AI-generated impersonation. Others have added new exclusions. Your renewal documents will tell you which.

AI-generated phishing and business email compromise

Phishing emails used to give themselves away through clumsy English and obvious formatting errors. Those tells have largely disappeared. Industry analysts estimate more than 80 per cent of phishing emails now contain some AI-generated content, often personalised using information scraped from LinkedIn and company websites. For small and medium businesses, the baseline level of risk has shifted upwards, even if nothing in your business has changed.

Synthetic identity fraud at the front door

AI is also being used to create entirely fabricated identities, complete with consistent documents, voice samples, and video. For businesses that onboard customers, contractors, or job applicants remotely, this is a growing operational risk. There have already been documented cases of organisations hiring fake remote workers whose entire identities were fake.

What this means for your business cover

• Cyber insuranceis the most common place where AI fraud sits, but cover varies widely. Check whether your social engineering insuring agreement explicitly addresses AI-generated content, and what the sublimit is. Sublimits often sit well below the size of a typical deepfake loss.
• Crime insurancemay also be relevant for funds transfer fraud. Cover often overlaps with cyber, and gaps between the two policies are where claims get denied.
• Professional indemnitycan come into play if a client suffers loss because of an AI-related incident at your business. Wording is evolving.
• Directors and officerscover may respond if directors are alleged to have failed to put adequate controls in place. AI risk governance is becoming a recognised director duty in some sectors.

FOR INDIVIDUALS AND FAMILIES

Voice cloning and the grandparent scam

Three seconds of audio is enough to clone a voice convincingly. That audio can come from a voicemail, a social media video, or a podcast appearance. The classic version is a panicked call from a child or grandchild who has supposedly been in an accident, arrested overseas, or had their wallet stolen, and needs money transferred urgently. The Australian Federal Police has issued multiple alerts. Research suggests roughly one in ten people globally have received a cloned voice message, and a majority of those who acted on it lost money.

Romance scams supercharged by AI

Romance scams are not new. What is new is that AI now provides scammers with fluent conversation, custom-generated photos that can satisfy verification requests, and real-time deepfake video on calls. Many of the warning signs people were trained to look for, including stilted language and refusal to do video calls, no longer apply.

Synthetic identity fraud

This is identity theft with extra steps. Rather than stealing your full identity, fraudsters combine real fragments such as a name, a date of birth, an address, with fabricated detail to create a new identity that passes verification checks. Loans get taken out, accounts opened, and the damage often only surfaces months later when collections agencies start calling.

Fake celebrity endorsements and investment scams

Australian research suggests around 68 per cent of Australians have encountered fake celebrity or influencer endorsements online, with about 30 per cent of those who engaged losing money or personal information. Deepfake video of well-known financial commentators and business figures is being used to promote fraudulent investment schemes.

What this means for your personal cover

• Home and contents policiesgenerally do not cover money you have voluntarily transferred to a scammer, even under deception. Some optional cyber or identity theft add-ons can help. Most baseline policies do not.
• Bank protectionsvary by institution and by scam type. Voluntary transfers are usually treated differently from unauthorised transactions.
• Identity theft coveris available as a standalone product or add-on. It typically covers the cost of restoring your identity, rather than the money lost. That distinction matters.

What to check before your next renewal

AI risk is not a reason to panic. It is a reason to do what insurance reviews are meant to do anyway, which is make sure your cover keeps up with how the world is changing. A short list of practical questions:

For your business
Does your cyber policy explicitly address AI-generated impersonation, and what is the sublimit on social engineering cover?

Where is the line between your cyber policy and your crime policy, and is there a gap between them?

Have you put a simple human-layer control in place, such as a verbal verification protocol for any payment change requests?

For your family
Have you talked through what a fake call from a family member might sound like, and agreed on a simple verification phrase?

For yourself
When did you last review your personal insurances against your current life, rather than the life you had when you took the policy out?

The pace of change here is the fastest we have seen in insurance for a long time. Cover varies significantly between insurers, and the answer to the question ‘am I covered?’ is genuinely different depending on which policy is sitting in your drawer.

If you would like us to look over your current policies with AI risk specifically in mind, we are happy to do that as part of your EOFY review. Often the gaps are quickly closed once they are visible.

Call us on (02) 8268 2900 or email info@insuranceadvisoryservice.com.au.

Disclaimer: This blog is general information only. This article does not take your personal circumstances into account. Please speak with us before making decisions based on it.