The insurance industry does not have a reputation for leading technical innovation, but cyber insurance is one line that has been forced to keep pace. This session addresses the intersection of artificial intelligence (AI) and cyber risk from the cyber insurance perspective. Risk management executives, CISOs, Chief Privacy Officers, government officials, and policymakers will gain a understanding of the role AI risk transfer plays for organizations in the AI ecosystem. Attendees will learn what is required for cyber insurance to really work effectively as a risk transfer vehicle for the parties involved. Executives at companies developing or using AI will also come away with insight into how to determine the optimal cyber insurance coverage.
The cyber insurance industry has played an increasingly important role for technology innovators and their customers. As AI becomes a ubiquitous feature of the digital world, integrated into all levels of business operations, it introduces new cybersecurity challenges and adds new dimensions to the traditional cyberattack surface. Cyber insurance provides a useful risk transfer solution that addresses these evolving threats because AI development and deployment create new avenues for cyberattacks, including software supply chain risks from reliance on third-party AI components and increased data exposure due to the vast datasets AI processes. In addition, purveyors of “AI-powered” solutions face the same privacy liability, professional and product liability risks as any other software company, not to mention AI’s legal and regulatory landmines. There is a broad spectrum of AI risks and they are shared among the stakeholders including innovators, their customers, their vendors and their insurers.
The session will provide insight into the perspective of cyber insurance companies and their underwriters. Underwriters will soon be consumers of AI risk assessments at scale, as they are tasked with understanding and evaluating these new risk vectors. They must quickly assess an organization's AI security posture specifically concerning its AI systems.
While traditional cyber insurance policies may offer some baseline coverage, the unique nature of AI risks necessitates a closer examination of policy terms and potential coverage gaps. Insurers are beginning to recognize the need for more explicit coverage for AI-specific incidents. Potential AI-related risks that cyber insurance policies may cover or are evolving to cover include:
• AI Model compromise and/or failure
• Data breaches involving training data or the AI models themselves
• Business interruption resulting from cyberattacks against AI infrastructure, AI-driven processes or their supply chains.
• Ransomware attacks against, or facilitated by AI systems.
This session will also provide risk managers with insights into how the cyber insurance market is adapting to the age of AI, helping organizations understand the most relevant coverage available.