
Jaymin Kim
Managing Director, Emerging Technologies, Global Cyber Insurance Center
-
United States
Organizations of all sizes, across virtually every industry, are exploring how to optimize generative AI technology to achieve business objectives, including realizing operational efficiencies, increasing client satisfaction, and developing new products and services. To sustainably capitalize on generative AI’s potential upside, companies must be aware of and prepare for potential downsides.
At Marsh, we help organizations across industries understand, measure, and manage generative AI risks. In doing so, we have helped risk leaders and senior executives address three common myths. First, we looked at who in your company “owns” generative AI risk. Next, we considered generative AI risks beyond cyber and technology exposures.
In this article, the third in a three-part mini-series, we’ll explore:
There is a tendency to think that new technologies bring new and/or novel risks — and sometimes that is the case; for example, the internet gave rise to a new class of cyber risks corresponding to the rise of e-commerce. But this has not been the case with generative AI, so far.
Based on Marsh’s extensive analyses to date, generative AI has not created a completely new class of risk. Rather, generative AI risks are extensions of existing, familiar risks, and can act as an amplifier of them. For example:
Some insurers have begun to introduce AI-specific endorsements and products in response to the rapid adoption of generative AI since late November 2022. Many of these new solutions refer to “AI” generally, yet AI is a broad, diverse field of technologies that have existed since the 1950s. Indeed, many organizations have used machine-learning (ML) based artificial intelligence within their business operations, for many years.
For example, banks have used ML in risk modeling and fraud detection for more than a decade, and e-commerce platforms have used it for personalized recommendations and supply chain optimization, also for decades. Should the more recent use of generative AI at such banks and retailers mean they are unable to benefit from coverage within their existing tech E&O policy? Is a data privacy event in association with generative AI—or other form of AI—considered to no longer be a data privacy event? Are bodily injuries in association with generative AI not still bodily injuries?
Marsh’s perspective is that the industry would be well served by not introducing exclusions that seek to remove the core coverage of the line of business to which they are attached if generative AI is part of the causal link to loss. There are numerous non-AI specific exclusions in place that continue to apply to generative AI exposures. For example:
These existing exclusions continue to apply in the context of generative AI and should be considered, along with articulating what additional information is needed to underwrite, before even considering introducing new exclusionary language.
The applicable coverage that may respond to generative AI risks ought to continue, as always, to depend on the facts of each particular claim or potential claim and applicable policy. This should include, but not be limited to, the impact of a loss, the type of damages being sought, and the parties involved in the loss — subject to applicable exclusions.
The insurance industry has asked if there is a need to create new insurance policies in reaction to almost every new wave of technology, including cloud, autonomous vehicles, and non-fungible tokens. Rather than starting with new products, Marsh believes the insurance industry should start with open-ended questions, such as:
Generative AI risks may, over time, need to be treated separately. We appreciate that limited loss data can complicate the ability to precisely underwrite and price certain risks, given the relatively new technology. That said, because generative AI, as it stands now, generally presents nuances within existing and familiar lines of insurance, any amplification of corresponding risks should be underwritten and priced within existing lines, where possible.
This is not a situation unique to generative AI. The insurance industry has confronted such challenges many times and will do so with every new technological development. So far, the insurance industry has consistently risen to the challenge of helping organizations transfer risks and increase resilience with new technologies, from the internet and the cloud to blockchain and digital assets.
Generative AI is the latest, but will not be the last, new technology to pose risk and insurance challenges. As organizations adopt generative AI, it’s important for their leaders to understand not only the potential benefits, but also the possible risks and to stay cognizant of the misconceptions—the myths—that may arise around them.
And as the technological landscape continues to advance, new classes of risk may arise. Generative AI technologies are not surfacing in a vacuum — in parallel, we are seeing advancements in numerous other rising frontier technologies include agentic AI, humanoid AI, quantum computing, and human-brain interface technologies, among others. Inevitably, new technologies will continue to emerge and may sometimes pose new risks. Along with the evolving technological landscape, the insurance industry will continue to play a pivotal, leading role in helping organizations transfer risk and build resilience related to generative AI and other emerging technologies, developing new policies as needed to address material coverage gaps for our clients.
To learn more about how a Marsh specialist can help your company navigate generative AI and its risks and opportunities, please contact us here.
Managing Director, Emerging Technologies, Global Cyber Insurance Center
United States
Global Cyber Product Leader and Head, Global Cyber Insurance Center
United States