Navigating the impact of generative AI on security

The potential for generative AI security risks

For the second year in a row, cyber incidents have been ranked as the most important risk globally. Reports have shown that average costs from such incidents reached an all-time high in 2022 and will continue to increase at a multi-fold pace in the coming years. As these incidents and risks become more common and more expensive, a company’s CISO will likely take on an even greater strategic significance within the organization’s cybersecurity program. 

In today’s digital world, the CISO is responsible for managing security across a widely distributed network. Given that 82% of the largest insurance carriers have been targeted by ransomware attacks, security teams should also be educating employees and informing executives about potential risks. It’s crucial that data remains secure and maintains regulatory compliance.

Balancing generative AI cybersecurity concerns and benefits

As generative AI integrates into normal workflows, CISOs should consider the ways and means in which to leverage its capabilities to help organizations become more effective and efficient. Generative AI will undoubtedly have an immediate impact, but leaders should also be preparing for how it will shape future responsibilities.

From a generative AI cybersecurity standpoint, the overall usage could create more responsibilities for a CISO when it comes to:

• Data security and privacy: CISOs will need to assess how models handle sensitive data and ensure they comply with data protection laws and regulations.
• Accessing control: Leaders should implement robust access controls to ensure that only authorized individuals have access to systems.
• Model integrity and security: It’s important to protect AI models from tampering and reverse engineering, which includes ensuring that the models themselves are securely stored.
• Logging and monitoring: Teams should have established logging and monitoring systems to detect and respond to security incidents.
• Training and awareness: CISOs should lead the charge on system training and raise awareness among employees and stakeholders.

Staying informed is the first step. It’s important for CISOs to prioritize curiosity and continuous learning when it comes to new developments and how they can affect insurers’ security posture. In turn, the CISO role will likely evolve from bearing primary accountability for treating both overall and generative AI cybersecurity risks, to being responsible for ensuring business leaders have the capabilities and knowledge required to make informed, high-quality risk

The path forward for generative AI adoption

Moving forward, organizations should immediately begin utilizing methods like in-person trainings, online courses, and awareness workshops to educate and train employees on the potential risks of generative AI adoption. Additionally, it is worth going the extra mile to further embed such trainings into existing processes.

Beyond that, CISOs should make it a top priority to establish clear usage policies, assessment frameworks, and diligence models to evaluate the credibility of third-party AI solutions. Plus, clarifying what’s acceptable versus unacceptable when using AI-generated content within the organization can help minimize the potential for larger issues.

Be sure to read through this report to learn more about generative AI adoption, best practices, where CISOs should start when it comes to minimizing generative AI cybersecurity risk, and how employees play a crucial role in keeping the company safe.

Get in touch

Have questions? Contact us.