Can your brokerage business stay ahead of AI-driven risks?

Artificial intelligence (AI) is revolutionizing the insurance industry, offering brokers tools to streamline processes, analyze vast datasets, and deliver catered solutions to clients. From predictive analytics that may help to inform human underwriting decisions, to automated workflows that enhance efficiency, AI is likely to become indispensable in staying competitive.

However, alongside its benefits, AI also presents a double-edged sword, introducing new risks that should not be ignored. “While AI drives efficiencies across organizations, it also opens the door to new vulnerabilities as these systems evolve,” said Jamie Weston, (pictured), head of risk control, Canada, at CNA Canada. To mitigate these risks, brokers should consider prioritizing proactive training and implementing clear AI policies within their organizations as part of their risk management approach to AI. However, before doing so, it's important to understand the risks at play.

The risks of AI integration

Brokers may face a range of challenges when implementing AI in their businesses, including:

• Data privacy and security: AI systems can create new entry points for cybercriminals, enabling them to exploit vulnerabilities and access sensitive information stored within these systems. 
• Inaccuracy or hallucinations: AI systems can sometimes produce inaccurate or misleading outputs, known as AI hallucinations, due to factors like biased or insufficient training data. These inaccuracies can lead to significant consequences, such as spreading misinformation or making incorrect decisions.
• Lack of transparency: Some AI algorithms operate as ‘black boxes’, meaning their decision-making process is not easily understood. This lack of transparency could create challenges for brokers in explaining AI-generated decisions to clients or regulators.  Human oversight (human in-the-loop), testing and monitoring are critical components to ensure appropriate risk mitigation.
• Over-reliance on automation: Brokers could potentially become overly reliant on AI for decision-making, possibly overlooking nuanced factors or human judgment that an AI technology might miss. This could lead to errors or missed opportunities in advising clients.

The Canadian Insurance Services Regulatory Organizations (CISRO) recently released a publication to help insurance intermediaries adapt their cybersecurity strategies for the use of generative AI in their operations.

The list of guidelines emphasizes the importance of integrating secure practices and implementing robust plans to mitigate risks in the event of a security breach or other issues. This is particularly pressing given the sharp rise in the costs associated with cybersecurity incidents. According to Statistics Canada, total spending on recovery from cyber incidents doubled in 2023, increasing from approximately $600 million in 2021 to $1.2 billion.

CISRO proposed practices for brokers using generative AI

Beyond incident response plans, brokers can maintain a proactive approach to mitigate the risks posed by generative AI by adopting the following practices:

• Define clear usage policies: Develop explicit rules for approved generative AI tools and ensure all users follow protocols to protect sensitive customer data. This minimizes unintentional data exposure.
• Avoid public AI platforms for sensitive data: Restrict the use of open AI tools for handling proprietary or confidential client information. Instead, integrate private, secure AI systems designed to protect organizational data.
• Prioritize ongoing employee training: Equip employees with knowledge on AI-related risks, proposed practices, and compliance standards. Regularly update training programs to address emerging threats and advancements in AI technology.

In addition, as Weston pointed out, many of these strategies are not only important for insurance professionals to be aware of, but also crucial for brokers to relay to their clients, as doing so can help ensure that their own organizations and those they serve are implementing cyber security practices in line with industry standards, especially in the context of AI.

"Working with partners to provide materials and solutions - whether it's risk control services, fact sheets, or other resources - is crucial for raising awareness about cybersecurity. Many businesses may not fully understand the potential cybersecurity threats they face,” revealed Weston.

Combatting cyber fatigue

Cyber training fatigue is a real challenge, especially as technology and generative AI continue to evolve. As more training is required, keeping employees engaged is crucial - otherwise, fatigue can turn employees into your biggest cybersecurity risk.

To combat this, brokerages may consider a strategic approach that combines engagement, relevance, and continuous learning. Here’s how you can keep your team motivated and prevent training burnout:

• Make it interactive: Incorporate gamification and real-life scenarios to keep training engaging and directly related to everyday tasks.
• Break it down: Keep training sessions short and manageable to avoid overwhelming your team.
• Encourage peer-led learning: Promote knowledge-sharing through mentoring or small group discussions to lighten the training load.
• Reward progress: Celebrate milestones and achievements, such as completing training courses, to boost motivation and morale.

As AI continues to transform the insurance industry, insurers and brokers must prioritize open communication with clients, helping them understand and adopt proactive measures to protect their businesses from emerging threats. Through proactivity and a collaborative approach, the industry can enjoy the benefits of AI without overlooking cybersecurity and other AI risks.