As the use of ChatGPT and other AI chatbots becomes more prevalent in the business world, insurers and brokers should emphasize the importance of best practices and ask their customers how they plan to safely adopt these technologies.
According to the latest issue ofInsurance Business UKmagazine, it is imperative that policyholders take into account four relevant aspects of this new technology:
- Establish policies for the use of generative AI
- Focus on data purity
- Intrinsic data risk assessment
- Generative AI access management
As stated in the article, "Organizations tend to adopt new or emerging technologies to promote goods and services, but then realize the cyber risk associated with them." To stay ahead of the curve, brokers must adapt their policies to the changing landscape of cyber insurance already in the 2023 year as new opportunities begin to take shape for cyber criminals whose cyber attacks mutate in the wake of these new emerging technologies.
Since ChatGPT is very new to the market, it is imperative to identify exactly what types of threats can affect a company in order to protect its digital assets and information.
Se abren nuevas vías de acceso a la ciberdelincuencia, de hecho, ya hay foros de ciberdelincuentes especializados donde se evidencia dentro de la “Dark web” cómo los piratas informáticos jóvenes pueden usar la tecnología para aprender a desarrollar malware y campañas de correo electrónico de phishing e implementarlas».
The latter, according to the article, could potentially increase the number of new attackers in the form of a large army whose organization will take place in a short period of time, according to the specialists consulted by the magazine.
This will allow individuals without sophisticated piracy expertise to become adept at creating unauthorized software, which will have the potential to wreak havoc on businesses, presenting claims for insurers that could be avoided or their impact lessened if proper preventative measures are implemented.
From an insurance point of view, underwriting questionnaires are already being changed to adapt to these new AI technologies and avoid risks not computed in advance in the risk assessment. In fact, the article concludes, "As hackers exploit the technology or regulators crack down on various uses of the technology, companies will need to be more proactive to stay ahead of the curve with protective measures."
The reliability of the data
When using AI-enabled chatbot services, a company should be aware of the types of information being recorded on them and whether or not that material is classified. From a risk management standpoint, proper data purity and filtering should be a top priority to "mitigate any possibility of intellectual property or trade secrets being disclosed to the public."
Para eludir este resultado potencialmente desastroso, «es necesario implementar procesos muy reflexivos sobre qué datos deben ser registrados en nuestro sistema». La tecnología es tan buena como los datos que se graban e introducen en ellos, por lo que la información debe ser examinada a fondo, mientras que la asignación de este trabajo debe confiarse a unos pocos seleccionados; cumplir con esta máxima también frustraría cualquier intento de difusión de información errónea, que puede ser perjudicial para la reputación de una empresa.
A company must also be concerned about the dynamics and direction that data manipulation takes and that entails the existence of highly professional closed teams in the legal, IT and marketing departments to prevent this from happening.
Along with internal IA concerns, a plan must also be implemented to address the actions of external regulators at the local, regional and state level for legal and administrative compliance reasons only.
"At some point, when it comes to business in cyberspace, we will have a regulator who will have something to say about the controls that affect technologies like ChatGPT," that will come without question. And it won't be too long. Now for example in Brussels there is a discussion about the regulation of "fake" photographs born from IT and the need to avoid the proliferation of false information that violate the integrity of companies, institutions and entire countries, that is only the beginning (it is the case of Macron in the turmoil in Paris, Trump in handcuffs or the World's own photograph today where Pablo Iglesias and Yolanda Diaz appear together and smiling as a result of artificial intelligence.
Given that the service is in its infancy, these parameters have not yet been established, which leaves many variables and decisions vague, and in the meantime this obliges those of us who advise on risks and those who insure them to take measures that will make up for this potential uncertainty or latent threat.
Managers of these risks in enterprises will need to subscribe to internal protocols for specific AI usage policies, which will consolidate this function to ensure that classified data does not fall into the wrong hands.
Leveraging cyber insurance
Insurers and brokers should be aware that insurance protecting against cyber attacks changes rapidly and as a result could potentially affect the scope of any current coverage.
In this year 2023, the market is constantly changing, driving insurers to adopt new methods to mitigate cascading losses from not only regulatory risk but also and especially around the use of novel technologies.
New questionnaires, new sub-limits and new deductibles are imposed for certain types of industries and activities that are particularly vulnerable to these new technologies, while some insurers have even modified insurance policy language to restrict or exclude coverage for certain incidents that may prove potentially litigious, triggering lengthy investigations and potential bailouts.
According to the authors; "it is the responsibility of the insurance industry to keep abreast of any developments and to implement or modify preventive and control policies. Things are going to change, but it is beneficial to promulgate cautious optimism about how ChatGPT will revolutionize things."
Galilea Group S.L.
April 2023