Are your AI Systems Insurable?

It will not be technology or regulations that limit AI; it will be insurance. Several major U.S. insurance companies are petitioning lawmakers to allow them to completely exclude AI risks from their coverage, arguing that they pose an unmanageable risk.

Insurance companies are already fighting with Air Canada over who will pay for the fictitious discounts that their chatbot invented and they had to honor. Next time something like that happens, AI will allow thousands of customers to easily create plausible claims, but the insurance company cannot use AI to handle them. This asymmetry has them scared, for good reason.

If you are running AI systems, take a good look at your Tech E&O insurance. You are likely to find that it already limits coverage from some types of AI incidents. When it comes up for renewal, you will find more AI excluded. Insurance is just as real a limitation as regulation and technology.

How Bank Customer Data Ended up at Auction

“But I thought the drives were encrypted!”
“Only if you turn encryption on”

An American bank got off lightly, getting only a $35 million fine. For five years, they simply hired a moving company to get rid of old computers. That company then sold Morgan Stanley’s used hard drives at auction. Too bad that the drives still included information about 15 million customers. The drives did contain an encryption feature, but nobody turned it on…

The whole debacle came to light accidentally when an IT consultant bought a used hard drive for backup and discovered it was full of confidential data.

Organizations keep losing data. It costs money and reputation each time. You must address this problem with employee security awareness, internal procedures, and external security audits. Tell the story of Morgan Stanley at your next IT meeting. It just might remind someone of something they really ought to fix…

What Happens if You are Locked Out?

If the software at your cloud vendor has a bad day, it’ll lock you out of your account. And there is nothing you can do about it.

Many Facebook users discovered their accounts disabled last week, supposedly due to a violation of Facebook’s secret “Community Standards.” Even users who had posted nothing or commented on nothing. Facebook says it is investigating.

What will happen if your cloud vendor suffers a similar glitch? Do you have a business continuity plan, or do you simply pause your business until your cloud vendor gets its act together?