Synthetic intelligence (AI) is proving adept at perpetrating subtle fraud.
Right here’s one instance: A yr in the past, thieves used AI-generated deepfake video know-how to persuade an organization’s chief monetary officer to switch $35 million in firm funds by mimicking the CEO and different employees members on a video name.
Whereas business sources inform Canadian Underwriter cyber insurance coverage insurance policies do cowl AI-perpetrated cybercrime, this begs the query: How will cyber coverage phrases and circumstances evolve to reply when AI-generated fraud turns into extra acute? And, will coverage exclusions evolve based mostly on an organization’s oversight of its AI tasks?
“AI is simply one other cyber or digital know-how software program device,” Neal Jardine, international director of cyber danger intelligence and head of claims at BOXX Insurance coverage, explains. “It’s just like different software program we now have used to speak similar to e mail [and] Phrase paperwork or to make calculations utilizing Excel. AI software program is now getting used extra broadly, as companies adapt to new alternatives to attain their organizational objectives.
“Is AI lined by a cyber insurance coverage coverage? The reply is sure as a result of we cowl cyber and digital know-how software program. If we had been to exclude AI, the insurance coverage coverage could be excluding a specific software program device companies use to function. The coverage has to cowl all software program, as they’re typically interdependent, and companies can select to make use of them with a novel mixture of applied sciences.”
Is coverage language broad sufficient?
Lindsey Nelson, head of cyber improvement at CFC Underwriting, says the wording of cyber insurance policies is deliberately broad to incorporate AI.
“I feel it’s truthful to say most standalone cyber types [are] supposed to cowl nearly each type of digital danger they probably can [including AI],” she says. “As a result of cyber danger has developed so shortly, [if cyber policies didn’t use broad wording], we might be ready the place we must replace our wording each single day if we needed to seize each single time period that got here with [a risk] to guarantee that it’s addressed.
“So, cyber insurers attempt to create that umbrella, all-encompassing time period by deliberately protecting the language broad in order that it captures your complete menace panorama.”
Nonetheless, AI probably poses an unlimited menace to additional the ends of cybercriminals, as famous by Kirsten Thompson, accomplice and the nationwide lead of the privateness and cybersecurity group at Dentons LLP in Toronto.
“Within the cyber [insurance] area, claims are being denied on the idea of the actor,” she noticed throughout a Dentons insurance coverage media briefing final November. “When insurers began backing away from cyber insurance coverage [during the pandemic], they began issues like ransomware. Nicely, that’s a prison actor. That’s a prison matter, not a cyber [matter], so it’s not lined by the cyber safety provisions.”
Thompson provides: “It’ll be attention-grabbing to see [what happens with] AI-mediated cyber safety incidents as a result of there’s no actor you’ll be able to level at. There’s autonomous AI that simply probes techniques after which breaks into them. So, if in case you have that, you’ll be able to’t level to an actor for an exclusion.”
This text is excerpted from one which appeared within the February-March print version of Canadian Underwriter. Characteristic picture by iStock/Sansert Sangsakawrat
