12 January 2026 - OneInfinity announced a major upgrade to its cyber insurance product. The upgraded cyber policy addresses AI-related risks where they intersect with cybersecurity, data protection, and network compromise.
The enhancement responds to fast-growing demand for AI risk protection and aligns with the Protection of Critical Infrastructure (Computer System) Ordinance, which came into effect in Hong Kong on January 1, 2026. The upgraded product is designed as an integrated solution combining compliance, risk management, and financial safeguards to help local enterprises build a more sustainable AI risk framework.
AI Risk Insurance Gap Rapidly Widening as Major Insurers Restrict Coverage
In recent years, several global insurers have applied to regulators to add exclusion clauses to commercial policies. These clauses may exclude legal liabilities arising from the deployment, use, or integration of AI technologies, including tools such as chatbots, agentic AI systems, and other generative AI applications.
Some market developments suggest that exclusions around the “actual or alleged use of AI” could leave many companies adopting generative AI with limited protection against systemic and interconnected risks.
Recent incidents also show how AI can amplify cyber risks when used as part of an attack vector. Examples include AI-generated voice deepfakes used in financial fraud, AI-enhanced phishing campaigns leading to credential compromise and data breaches, and the use of AI to automate ransomware and extortion activity.
From OneInfinity's perspective, these developments highlight the need for cyber insurance products that explicitly address AI-enabled cyber threats, rather than treating AI risk only as a standalone liability issue.
OneInfinity Takes a Proactive Approach: AI-related Risks Now Covered
While some insurers are responding to AI risk by adding exclusions, OneInfinity is proactively upgrading its product to include AI-related cyber risks within the coverage scope. The enhancement is particularly relevant for SMEs, start-ups, and innovative companies adopting generative AI, AI agents, and automated decision-making systems.
Through collaboration with Vulcan, a sister company offering AI red-teaming and real-time guardrail solutions, OneInfinity combines active AI defence technology with insurance risk transfer. This combination is designed to help companies scale AI adoption more confidently while limiting potential financial losses arising from AI errors, misuse, or malicious exploitation.
Businesses can choose coverage levels of up to US$2 million, balancing affordability and protection. The product continues OneInfinity's focus on clear policy terms, sustainable risk design, and a digital application process that supports efficient online completion.
Key AI-related cyber coverages include:
-
Cyber losses and third-party liability arising from security incidents where artificial intelligence technologies are used within the insured’s systems or exploited as part of a cyberattack, resulting in network compromise, data breaches, or system disruption.
-
Costs associated with incident response, business interruption, data recovery, network security, and privacy liability following cyber events in which malicious actors leverage or exploit artificial intelligence to gain unauthorised access, exfiltrate data, or impair system availability.
OneInfinity has incorporated risk layering and sub-limit management into the product design, providing clearer compensation boundaries within a sustainable risk framework. OneInfinity has also secured A-rated reinsurer capacity to support the long-term sustainability of the programme.
Michelle Ip, AIFT Group Managing Director, said the new ordinance is expected to increase demand for cyber security protection. In an AI-driven environment, proactive monitoring and prevention are essential because AI can operate as both a risk and a safeguard. By embedding AI-related cover directly into its products, OneInfinity aims to help enterprises pursue AI innovation while managing the associated risks responsibly.
New Cybersecurity Law Spurs Demand and Sector Growth
Hong Kong‘s Protection of Critical Infrastructure (Computer System) Ordinance officially came into effect on January 1, 2026. It imposes three major statutory obligations on designated critical infrastructure operators: establishing a security management framework, formulating and implementing security management plans with regular risk assessments, and maintaining incident reporting and response arrangements.
The regulated sectors include key industries such as energy, information technology, banking and financial services, transportation, healthcare, telecommunications, and broadcasting. These obligations are expected to significantly drive local enterprises to raise their cyber and information security standards.
As AI reshapes the cyber risk landscape, demand for consulting and technology solutions is expected to increase, attracting new providers and foreign investment. OneInfinity aims to support Hong Kong enterprises with integrated insurance, advisory, and compliance services, empowering businesses to pursue AI innovation with confidence under a sustainable risk framework.
Remarks:
-
World Economic Forum – Deepfake AI used in $25m corporate fraud case: https://www.weforum.org/stories/2024/07/deepfake-ai-cybercrime-arup/
-
BlackFog – AI powering a new wave of phishing attacks: https://www.blackfog.com/ai-phishing-powering-a-new-wave-of-cyberattacks/
-
Proofpoint – Generative AI accelerating phishing and social engineering: https://www.proofpoint.com/us/threat-insight/post/generative-ai-and-phishing
-
Dark Reading – Cybercriminals using AI to scale ransomware and extortion: https://www.darkreading.com/cyberattacks-data-breaches/how-cybercriminals-are-using-ai
For more information, visit the original announcement: https://aift.io/oneinfinity-pioneers-ai-related-risk-coverage-in-upgraded-cyber-insurance-delivering-comprehensive-protection-for-hong-kong-smes-and-start-ups/
