CFOtech US - Technology news for CFOs & financial decision-makers
United States

Guides

#
artificial intelligence
#
data analytics
#
digital transformation
#
fintech
#
health technologies

Search

Insurance office with digital networks data streams and cyber threats illustration
#
AI Security
#
Risk & Compliance
#
GenAI

Insurers face new threats as AI & MCP adoption reshape cyber risk

Thu, 4th Dec 2025
Author image
By Shannon Williams, News Editor

Cyber risk experts warn that the insurance sector is facing a new phase of risk as businesses adopt artificial intelligence at scale and integrate Model Context Protocol (MCP) technology into their operations.

MCP adoption

MCP allows AI systems to access and interact directly with an organisation's existing tools, data, and applications in real time. Its use is growing, particularly among companies deploying generative AI solutions to streamline business processes. However, KYND, a firm specialising in cyber risk, says this trend is exposing insurers to novel threats that are not always covered by existing risk management frameworks.

When in use, MCP connects AI models within digital ecosystems. This enables automated data exchange and decision-making, streamlining business operations. But the same connectivity creates new avenues for potential cyber attacks, increasing the vulnerability of both individual organisations and insurance portfolios as a whole.

Systemic risk

KYND highlights that MCP is introducing a new kind of systemic cyber risk that may not be readily visible to insurers. MCP can serve as a conduit where a single vulnerability could be exploited to impact several businesses simultaneously. This risk is compounded by the speed with which MCP-enabled technology is evolving, making it difficult for insurers to maintain an accurate picture of an organisation's risk profile.

Security researchers have documented a rise in MCP-related attacks. Examples include manipulation of AI models when access restrictions are not correctly configured. In some cases, broad permissions or misconfigured access controls in MCP servers have enabled malicious queries that can extract confidential information or alter data. Such attacks can occur through apparently legitimate AI integrations, making detection more challenging.

Underlying infrastructure weaknesses in MCP can also be targeted, giving attackers access to wider system networks or enabling leakage of sensitive organisational data.

Insurance response

For insurance providers, MCP-related risks create challenges both at the individual insured and portfolio levels. The interconnected nature of MCP means that an event affecting one organisation could quickly spread, resulting in losses across multiple clients. Shortcomings in traditional risk assessment approaches make it harder for underwriters to select and price risk accurately.

KYND advises that insurers update existing protocols for assessing cyber risk. This includes monitoring portfolios continuously, integrating more detailed data into risk assessments, and clarifying policy language on incidents relating to AI-driven systems.

Changing frameworks

"The AI boom is happening fast and security frameworks are still catching up," said Andy Thomas, CEO and founder, KYND.

He stressed that current industry practices must adapt to the realities of MCP-enabled AI, particularly as new dependencies emerge across supply chains and digital networks. Insurers are encouraged to evaluate not just how individual organisations manage cybersecurity, but to pay closer attention to how the interconnectedness of client entities multiplies exposure across the market.

"As MCP usage accelerates, with more companies adopting generative-AI solutions, MCP exposure is spreading quietly through digital supply chains. Because it acts as a connective layer, MCP creates an attack surface where the impact of a single flaw can be amplified across multiple insureds and portfolios. Its open, interconnected nature and the features which make MCP efficient and scalable can also be conduits for exploitation," said Thomas.

KYND suggests that relying on up-to-date cyber intelligence will be essential for insurers seeking to spot emergent threats and respond before wider incidents occur. This shift, Thomas argued, will require insurance professionals to go beyond software risk to consider the behaviours of intelligent systems themselves.

"Relying on the right cyber intelligence will be critical in spotting emerging risks - and acting on them before they become systemic," said Thomas.

Related stories
Kani & TransactPay expand data partnership for scale
Accountants embrace AI tools as scepticism increases
Claroty raises USD $150m to boost CPS cyber security
Zone unveils Zoe agentic layer for NetSuite finance
8x8 extends Secure Pay for global digital payments

Top stories

AI data matching: boosting accuracy & cutting costs
Komodor bolsters leadership for AI driven SRE growth
Gusto brings payroll tools & insights into ChatGPT
AI reshapes accounting firms but full automation lags
Stephanie Davis Neill: How I use an “operator mindset” in leadership