Experts argue that risk managers or their counterparts should be included in organizational discussions and activities regarding the use and potential impact of artificial intelligence.

“This is always good practice because risk managers have a good view of broader exposures that people in separate disciplines within the organization would not otherwise have the opportunity to see. ,” said Elizabeth Case, global product manager for Cyber, based in Chicago. , for Liberty Mutual Insurance Company.

Involvement in risk management will help ensure that “everyone is aligned on what the tools will be used for and how they will be deployed, and it will be done in a thoughtful way,” she said. .

Jaemin Kim, senior vice president of Toronto-based Marsh LLC's cyber risk practice, says organizations need to identify potential AI exposures and proactively address them.

Managers responsible for AI should ask “what can we do from a risk management perspective to understand specific exposures and transfer residual risk,” she said.

“When it comes to AI, organizations are generally aware that they need to ensure that their internal risk management and legal and compliance structures have adequate oversight,” said Beasley's Underwriting Management, Cyber ​​and Technology Division. said director Bob Weiss of West Hartford, who is based in Connecticut. PLC.

“To ensure that your organization’s employees are not using generative AI incorrectly, you must ensure that your privacy and security controls are updated and that appropriate barriers, practices, policies, and procedures are in place. .The way they work.

It all needs to be managed by the risk management practices of these organizations,” Weiss said.

John Farley, managing director of the cyber practice at New York-based Arthur J. Gallagher & Company, said in a mid-April webinar that given the growing profile of AI in data breaches, organizations are He said AI should be incorporated into response plans.

“Incident response plans need to anticipate the possibility of deepfakes and put mitigation mechanisms in place, just like any other cyber incident,” Farley said.



Source link