Digital Twins Attract Fraud, So Cyber Insurance Must Evolve

This article from Matt Cullina, Head of Global Cyber Insurance at TransUnion, originally appeared as Digital Twins: The Next Frontier in Cyber Insurance on Forbes.com.

With so much of our time spent online, it seems like we almost have dual lives. There are the people we are in the real world: going to work, raising kids, driving cars, cleaning our homes, etc. And then there are the people we are online: buying things, booking trips, posting pictures and commenting on those of our friends.

In this age, everyone is a real-life person who also has a digital twin — one that can be active online even when we’re not. When that digital twin gets hijacked, the fallout can range from personal embarrassment to reputational harm to financial ruin. And that risk can reach into our real-life existence when our voices, likenesses and biometric data are compromised.

Impersonation fraud is targeting digital twins

In technology circles, the term “digital twin” refers to a virtual replica of a physical object or system. Increasingly, however, criminals are using nefarious versions of our digital twins.

These identity replicas can take the form of voice cloning, fabricated credentials, synthetic identities, spoofed emails or AI lookalikes convincing enough to fool customers, lenders or colleagues. Even deceased historical figures are taking on new life in the era of democratized deepfake video.

Threat actors seek to impersonate our digital twins to perpetrate any number of new-age crimes. These attempts are most frequently done through social engineering attacks — which were the top claim type handled by our team in 2025.

The consequences range from hijacked business accounts to fraudulent loans and ransomware-enabled extortion. And incidents like these are on the rise. In fact, from April 1, 2024 to March 31, 2025, impersonation scams were the top scam reported to the ITRC at a 148-percentage-point YOY increase.

Digital twins matter for the cyber insurance industry

For brokers and carriers selling increasingly popular personal cyber insurance, the rise of digital twins signals an evolving risk profile. As a result, these companies would be wise to accelerate their cyber-defense education. Insureds now need layered defenses, including strong authentication, real-time monitoring and training on how to protect their identities from being spoofed online.

Equally important, insurers will need to rethink how their own policies and practices must change to address this emerging risk.

Digital replicas are no longer a futuristic concept. They’re a current reality reshaping the fraud landscape at breakneck speed. For brokers and carriers, this rapid evolution raises urgent questions about how to underwrite and mitigate these threats. Staying a step ahead requires a proactive approach.

Advising policyholders about identity risk

A few practical moves can help cyber insurance providers become better positioned to protect their policyholders and themselves:

• Expand the definition of identity risk: Gone are the days when identity theft meant a stolen Social Security number. Synthetic identities, AI-generated likenesses and fraudulent digital twins are becoming new points of exposure and must be part of the conversation.
• Update underwriting questions: Traditional questionnaires may not surface vulnerabilities to impersonation or account takeover. When evaluating cyber risk, insurers and brokers should consider intentional exposure to the insured’s likeness. How often and where are they sharing their image or voice online? High-profile executives, for example, should account for things like webinars, recorded conference appearances, guest spots on videos or podcasts. Additionally, it’s important to inquire about practices like personal brand monitoring and employee training.
• Encourage layered defenses: Whenever possible, cyber insurance providers should promote multi-factor authentication, identity monitoring services and AI-based anomaly detection tools to policyholders. These layered controls can help quickly deter or detect fraudulent use of digital twins.
• Stress the value of incident response: Remind business owners that recovery costs go beyond hard dollars. Policies that include PR crisis response, legal counsel, customer notification and reputational repair will be increasingly essential.
• Understand regulation: Tracking emerging state and federal requirements around deepfakes and other AI-generated content will be crucial. This includes policies like Take It Down or No Fakes acts. Insurers may want to add or adjust clauses to include legal aid for takedown services and branding harm.
• Educate continuously: Companies that position themselves as trusted advisors, rather than solely risk-transfer providers, will have the best chance to capture market share in the ever-evolving personal cyber space. Aside from educating their internal teams, insurance providers should consider regularly sharing updates, case studies and preventive practices that highlight the evolving threat landscape, equipping insureds with the knowledge to best protect themselves. As insurers look for more compelling ways to educate the public, the digital twin metaphor has the potential to make evolving risks easier to grasp.

Ensuring cyber protection for digital twins

Today, our digital twins look something like fraternal siblings, sharing only some of our digital DNA. They mimic our behaviors and presence online, but they aren’t comprehensive replicas. As generative and agentic AI technologies become even more powerful and accessible, that will change. Soon, our digital twins won’t just resemble us; they’ll become indistinguishable. For cyber insurers, this evolution could completely redefine the risk equation. Future coverage will need to address not only stolen identities — but the theft of a fully formed digital self.