The Australian Securities and Investments Commission (ASIC) has issued an urgent warning to financial services companies, including motor insurers, to strengthen cyber resilience measures as artificial intelligence accelerates the scale and sophistication of cyber threats.
In an open letter to industry, ASIC commissioner Simone Constant said cyber risk had entered “a new era”, with frontier AI tools capable of exposing vulnerabilities at unprecedented speed.
The warning is particularly significant for insurance companies, which manage vast amounts of sensitive customer data, financial records and vehicle information. Motor insurers, in particular, increasingly rely on interconnected digital systems for claims management, telematics, repairer networks and customer service platforms, creating more potential entry points for cyber criminals.
ASIC said boards and executives needed to treat cyber resilience as a core licensing obligation rather than simply an IT issue.
The regulator warned that AI-powered attacks could allow malicious actors to identify and exploit weaknesses much faster than traditional hacking methods, potentially creating “system-wide domino effects”.
The corporate regulator’s comments come amid growing concern about the vulnerability of Australia’s financial services sector to ransomware attacks, phishing scams and large-scale data breaches. For insurers, cyber incidents can also create reputational damage, regulatory scrutiny and major claims costs.
ASIC referenced its recent legal action against FIIG Securities Limited, which reinforced expectations that cyber risk management controls must be demonstrably effective and proportionate to the size and complexity of a business.
The regulator outlined a series of measures firms should implement immediately, including reassessing cyber plans, strengthening patch management systems, minimising attack surfaces, reviewing user access privileges and maintaining robust incident response plans.
ASIC also encouraged companies to use AI defensively, including for identifying vulnerabilities before software is released.
For the insurance industry, the warning highlights growing pressure to improve cyber governance as insurers become more digitally connected. Motor insurers are increasingly integrating online claims processing, connected vehicle data and repair management systems, all of which may become attractive targets for cyber criminals using AI-enhanced tools.
Commissioner Constant said companies that were not already focused on cyber resilience needed to act immediately.
“The clock is at a minute to midnight,” she warned.