What Problem Are We Talking About?
The notion of an insurance protection gap, at its simplest, is the difference between total economic damages and the share of those damages that can realistically be insured—or are insured in practice.
Take climate risk as an example. The climate insurance protection gap can be defined as total climate-related damages worldwide minus what insurance markets are able or willing to cover. While this gap is already large today, it is set to grow dramatically in the coming decades.
At first glance, this may not appear unprecedented. Insurance gaps have existed before. In the 20th century, nuclear risks were largely uninsurable. Early aviation faced a similar fate, with insurers initially refusing to cover aircraft and flights. In each case, markets eventually adapted through regulation, public backstops, and technological learning.
What confronts us in the 21st century, however, is fundamentally different—both in nature and in magnitude.
A New Category of Risk
Two domains stand out as uniquely destabilizing: climate risk and cyber and AI risk. They are unprecedented in nature because they affect every sector of human activity simultaneously. They are unprecedented in magnitude because potential damages reach tens of trillions of dollars per year.
Climate Risk: A Planetary Systemic Threat
Climate risk is not merely about storms, floods, or heatwaves. It is a planetary, ecosystem-level risk that transcends borders, challenges the conditions for human prosperity, and potentially threatens human survival.
By around 2050, under a scenario of already-committed warming and limited mitigation, annual global economic damages are estimated at roughly USD 38 trillion, with plausible estimates ranging from USD 19 to 59 trillion per year. These figures include impacts on productivity, agriculture, health, and labor, and may still underestimate certain risks such as sea-level rise and extreme tail events.
Without meaningful mitigation, global GDP could be nearly 18% lower by mid-century. This is not a one-off shock, but a permanent reduction in economic potential—a sustained drag on growth.
Cyber and AI: A Compounding Digital Risk Spiral
The global cyber insurance protection gap is already estimated at approximately USD 0.9 trillion per year. Insured cyber losses represent only about 1% of total economic damages, leaving businesses and societies to absorb the remaining 99%.
What makes the situation more alarming is the deep interdependence between cyber risk and artificial intelligence. Indeed, AI widens the cyber protection gap by fundamentally reshaping cyber risk along three dimensions:
- Scale: AI automates phishing, malware generation, vulnerability discovery, and social engineering. Attacks become cheaper, faster, and vastly more frequent.
- Effectiveness: AI enables hyper-targeted attacks using deepfakes, voice cloning, and behavioral mimicry, while defensive measures face diminishing returns.
- Correlation: The same AI tools are deployed globally, meaning a single exploit can be reused at massive scale, increasing systemic risk.
From an insurance perspective, this translates into a dangerous combination: rising loss frequency, rising loss severity, and rising correlation. Predictably, insurers respond by raising premiums, imposing exclusions, and limiting capacity—thereby widening the cyber protection gap even further.
How Cyber Risk Widens the AI Protection Gap
The feedback loop runs in the opposite direction as well. AI systems are cyber-fragile by design. They introduce new failure modes that traditional cyber frameworks struggle to address: data poisoning, model theft and inversion, prompt injection, model manipulation, and supply-chain compromises involving open-source models, APIs, and cloud infrastructure.
Unlike traditional software failures, AI failures may be silent, propagate before detection, and cause legal, financial, or reputational damage without any conventional “breach.” As a result, insurance coverage becomes ambiguous. AI exclusions are increasingly appearing across cyber policies, technology errors and omissions, directors’ and officers’ insurance, and even general liability.
AI thus becomes both a cause and a victim of cyber loss, making it effectively uninsurable at scale.
The result is a classic systemic-risk spiral: AI amplifies cyber attack power → cyber losses become systemic → insurers retreat → uninsured cyber losses damage AI systems → AI claims become unpredictable → insurers exclude AI → organizations self-insure or under-invest → overall risk increases further.
Why This Matters for Global Growth ?
Climate Protection Gap and Growth
Climate change reduces potential GDP rather than causing isolated shocks. An 18% cumulative GDP loss by 2050 corresponds to roughly 0.6 percentage points of lost annual growth between now and mid-century.
Cyber Protection Gap and Growth
Cyber risk affects growth primarily through productivity losses, business interruption, and reduced trust in digital markets. With most losses uninsured, firms absorb shocks directly, depressing investment and innovation. Conservative estimates suggest cyber-driven productivity losses of 0.1–0.3% of GDP annually.
AI: Growth Engine or Growth Risk?
AI could boost global output by approximately 0.5 percentage points per year in the second half of this decade. However, if AI risks remain largely uninsured—covering issues such as bias litigation, systemic model failures, or cascading cyber incidents—firms may underinvest due to fear of catastrophic losses. In adverse scenarios, misallocation of capital and uninsured AI failures could shave 0.1–0.4% off annual growth.
The Combined Effect
Taken together, the insurance protection gaps associated with climate, cyber, and AI risks could reduce global GDP growth by 0.8–1.3% per year. With expected global growth in the range of 2.3–2.8%, this implies that 30–60% of future growth could be effectively erased by uninsured risks over the next 25 years.
This magnitude alone should place climate, cyber, and AI risks at the very top of the agenda for governments, corporations, and civil society.
What Can Be Done?
The first step is to recognize the unprecedented magnitude of our risk exposure. We already know that climate, cyber, and AI risks collectively threaten the largest share of global growth across all sectors and geographies. If we do not act urgently and decisively, the consequences will extend far beyond economic growth. They will affect critical supply chains and infrastructures—food, water, energy, health, and government services—and ultimately threaten sovereignty itself.
Properly addressing climate, cyber, and AI risks is not “nice to have.” It must be prioritized as a matter of national and global security.
The second, equally critical step is acknowledging our knowledge gap. Fewer than 0.5% of the global population has meaningful expertise in cyber and AI, and a similarly small share is literate in climate science. This asymmetry between impact and understanding is itself a systemic risk. In this context, societies cannot passively delegate decisions into these domains without ensuring transparency, accountability, and informed oversight. Mechanisms that allow populations to follow, understand, and challenge debates, decisions, and long-term implications are essential.
Third, at both individual and collective levels, action must start now:
- Learn: Build climate and AI literacy as foundational skills for everyone, everywhere. Responsible citizenship cannot exist without understanding the defining challenges of our time. There are numerous great resources to start with such as Green. Io podcasts, Stanford AI free online courses etc etc.
- Engage: These issues are too serious to leave politics alone in the driver’s seat. At local, national, and international levels, we must actively support initiatives that advance climate action and responsible AI. (No initiative is too small here. We need to stop disdaining positive initiatives with the pretext that they supposedly may not be sufficient to solve the problem. None are. Let’s focus on what’s necessary: We need all of us to be engaged in any capacity at our disposal.
- Act and resist: Advocate forcefully for governance, incentives, and institutions that reduce systemic risk rather than amplify it. We are at a critical time where citizen mobilization and grass roots movements are more likely to move the needle than any other type of action. Doing nothing and/or remaining silent means choosing the side of the status quo.
Without deliberate action, the world risks entering a future in which the most powerful forces shaping our economy are also the least insurable. Bridging the climate, cyber, and AI protection gaps is therefore not merely an insurance problem.
We can be hopeful. AI has the potential to mitigate climate risks, optimize energy systems, accelerate drugs discovery, democratize education and healthcare etc etc. But this promise will only materialize if AI systems are transparent, trustworthy, and resilient. That is the prerequisite for responsible AI adoption at scale, sustainable growth, economic stability, and human progress.