Narratives are constantly emerging of how people and devices both in the digital and physical world are being manipulated by generative AI. This is a threat to the economy at-large, and it is becoming a larger problem that insurance companies cannot ignore. Insurance policies are essential shock absorbers in many industries and without them, many businesses will not be able to survive generative AI-induced crises.
Insurance companies cannot ignore this threat from generative AI. It's not just about insuring against cyberattacks on digital infrastructure and assets. Generative AI is already making it extremely easy to create 'evidence' to make claims against insurance policies in the physical world as well as to create physical damage to assets covered by insurance. Fewer and fewer insurance companies are able to calculate risk in a way that is profitable and affordable for businesses in the digital and physical economy. These companies will not only be challenged to assess risk in order to issue new policies, but they will also be dealing with a surge in claims on existing traditional policies.
Three key technologies and practices enable businesses to ensure the health of insurance in the age of generative AI. These include solutions based on zero trust, zero knowledge proofs and self-sovereign identity.
Zero trust (ZT) has received a lot of attention in the public arena, especially as a result of the United States government’s Executive Order (EO) 14028 issued in 2021. ZT is an amorphous concept signaling the end of an era of focusing on securing the perimeter against cyberattacks and ushers in one of constant verification of every cyberactivity within the organization potentially down to the level of each data packet. While ZT seems obvious in the era of cloud-based services, the actual details of implementing ZT in multi-party environments is challenging. Many of these challenges are rooted in the difficulty of verifying the identity of true source and destination of traffic, as well as the policies that should be applied to the traffic. However, especially in the era of generative AI, implementing ZT is an unavoidable requirement for enterprises.
Zero knowledge proofs (ZKPs) are the result of mind-bending work done by mathematicians starting in the late 1980s. An example of a ZKP in real life is proving without doubt that a person is over 21 years of age without showing any personal details — say in a driving license. ZKPs are becoming extremely important in the world of cybersecurity because they allow participants in a digital interaction to prove who (or what) they are without any of today’s drawbacks of managing credentials. ZKPs also make recording transactions and other forms of interaction on a public blockchain — where they are immutable and therefore deemed tamper-proof — extremely scalable and completely private.
Self-sovereign identity (SSI) is the ability of a person, or a device, to manage their own digital identity. The importance of digital identity is not yet understood by the vast majority of the public including those managing enterprise cybersecurity. SSI is an essential element in extending trust throughout complex digital environments, especially in the era of tens of billions of Internet of Things (IoT) elements being used by enterprises. For example, think about networked cameras on which we increasingly rely on for a wide range of uses. Being able to verify in real time that camera’s details such as the version and source of firmware it is running, its current owner, its previous owner, its location and so on is essential for successful implementation of ZT and ZKP.
These technologies have been implemented and are rapidly being enhanced. However, it is incumbent on everyone, from the individual employee to all parts of the executive management of businesses to learn how to use ZT, ZKP and SSI to ensure a healthy future for our digital economy and the insurance industry that underpins it by managing risk.