How ChatGPT and AI Impact Cyber Risk

As ChatGPT and other AI services seem destined to become the new normal, organizations must stay on top of best practices and have plans in place to manage these new technologies safely.

Since the public release of OpenAI's ChatGPT in November 2022, the internet has exploded with content on the pros and cons of the use of artificial intelligence (AI).

For business owners, the primary discussions revolve around the question of how we can harness the power of this and other emerging AI tools to make our work run more efficiently without compromising security.

Illustration of AI and cyber risk

As chatboxes and other AI services seem destined to become the new normal, organizations must stay on top of best practices and have plans in place to manage new technologies safely. They can do this by assessing AI risk, focusing on cybersecurity hygiene, and maintaining appropriate cyber liability coverage.

Assessing AI Risks

First, it's important to gain some perspective. AI is a tool not unlike any other piece of software your company uses.

Using the latest ChatGPT (a product name combining "chat," which refers to its functions as a chatbot, and the acronym for generative pre-trained transformer, a large language model) or another AI service is essentially a way for businesses to enhance their services. For example, your business may use AI to gather information much more quickly than you once did.

When you look at it that way, the use of AI itself does not add additional risk to how you do business. It is the speed at which you are now gathering information that introduces risk.

Let's say your company once provided "X" amount of service per week. However, with the use of AI to gather information, you can now offer "10X" service per week. That increased speed means that if there was a chance of error before, that chance of error is up to 10 times greater.

In other words, the type of risk to which your company is exposed is not what's changing; it is the amount of risk that is changing.

Additionally, as new AI tools become more popular, hackers are finding new ways to use them to wreak havoc with sophisticated email phishing schemes, malware, and more.

Focusing on Cybersecurity Hygiene

AI is a double-edged sword. Although it can help your business run faster, that enhanced speed can open you up to more risk.

It's no secret that hackers—including nation-state hackers—use AI tools to infiltrate business networks and break through security protocols. However, while hackers are continually developing new methods for causing trouble, cybersecurity teams are identifying ways to use AI to thwart those forms of sabotage.

We expect this ebb and flow to continue for some time. That’s why as new AI technologies emerge and hackers learn how to exploit them, the need for robust cybersecurity hygiene measures is more important than ever. Here are some steps to take (or re-evaluate) to ensure your cybersecurity hygiene is up to speed.

  • Educate your employees on strict password management, phishing prevention, and the reporting of any suspicious activity.
  • Deploy multi-factor authentication across your enterprise.
  • Patch new software updates as soon as they are available.
  • Limit access to AI tools.
  • Use encryption to safeguard sensitive data.
  • Monitor remote connections through VPNs.
  • Conduct regular cybersecurity assessments.
Along with managing your organization's internal AI concerns, make sure you also have a plan to address any state, federal, and international cybersecurity regulations.

Since the use of chatboxes in business is still relatively new, current rules can be vague. However, it's critical to keep an eye on them as they are likely to change as governing bodies adjust to the new technologies.

If you think your business is not big enough or important enough to be a victim of a cyberattack, you're making a mistake. We’ve found that most cyber-attacks are crimes of opportunity rather than intentionally targeting a victim. Data from cyber insurance carrier Coalition suggests that companies utilizing software with one unresolved critical vulnerability are 33% more likely to experience a claim.

Maintaining Appropriate Cyber Liability Coverage

The cyber liability insurance market is working diligently to stay on top of the risks associated with new AI technologies. And fortunately, there are insurance solutions to cover the higher volume of risk that AI presents.

The amount of cyber liability coverage you need depends on your industry, your business, and the type of personal information your business handles.

If you have an existing cyber liability policy, it's essential to clearly understand your coverage limits and whether those limits are appropriate. Since most policies are written on a 12-month basis, two key questions to consider are:

  • What limits do you have now?
  • Will those limits still be appropriate 12 months from now?

No one knows exactly where AI is headed in the long term. Some experts are optimistic that the benefits outweigh the risks, while others take a dimmer Pandora's box perspective. 

What is true is that as soon as we grasp the abilities of a new AI tool, another more sophisticated one appears to take its place. At Woodruff Sawyer, we aim to stay on top of this changing technology so we can help you understand the higher risk you may be facing and how to cover those risks appropriately.

Woodruff Whiteboard Breakdowns: 6 Things Underwriters Look For in Ransomware Protection



Table of Contents