The era of cyber attacks: AI’s role in cyber insurance

On the heels of the WannaCry cyber attack and the Petya ransomware strike, a recent data breach at a major U.S. credit reporting firm has now affected 143 million customers.

With three high-profile breaches in such a short period of time, cyber attacks outpace the security industry’s ability to respond. Cybercrime is a big business and fighting it is expensive.

Fortunately, the need to defend against and mitigate the liability of such cybercrimes comes at a time when technology companies are funnelling major resources toward emerging solutions like artificial intelligence (AI). While some hold a lingering hesitancy toward AI and its sophistication, cyber insurance companies and AI can work together to enhance their insurance product offerings. Likewise, companies’ security organisations can leverage AI to elevate their own defences against attacks.

>See also: Cyber insurance in the spotlight – what WannaCry taught us

Recent research finds that 95% of businesses already have the expertise and resources to maintain and improve their infrastructures. However, additional research shows that only 30% of companies are prepared to deal with cyber attacks at an expert level. This indicates an opening for stakeholders to advance their cyber mitigation and defense offerings, especially to integrate their existing digital systems with AI capabilities.

Predictive cyber insurance

Cyber insurance premiums grew by 35% in 2016, showing that decision makers have started to recognise the need to mitigate the risk of security breaches. But cyber insurance is still a relatively new field, and while it represents a major growth opportunity for some insurers, pricing and underwriting cyber insurance is not easy. In fact, insurance-rating agencies have cautioned insurers about exposure to too much cyber risk.

Rating factors are difficult to assess, like the long term compensatory damages to customers or third parties affected by a security breach, or the negative brand sentiment for the company subject to a breach.

Many insurers also rely on historical data in the underwriting process, which may not accurately represent a company’s current cyber risk in a fast-changing, digital landscape. Furthermore, consistency and scalability across a human underwriting staff is a challenge. This is where AI can help.

>See also: The Trojan horse: 2017 cyber security trends

Applying AI machine learning technologies, like IBM’s Watson or Amazon Machine Learning, and predictive modelling to the underwriting process can ensure accurate rating of a company’s cyber risk.

Additionally, it can achieve underwriting consistency of companies with similar digital footprints. The cyber threat landscape of a company in the digital era is ever changing, and the feedback loop from a machine learning system (along with prediction) enables a real-time view of a company’s cyber risk.

Cognitive cyber defence

AI is a powerful tool that can help companies bolster their defences against cyberattacks. Machine learning algorithms can aid security professionals in identifying whether suspicious cyber activity across a company’s digital channels and endpoints is malicious or just different. Furthermore, predictions against a machine learning model can be done with new security threat data in real-time, providing security professionals with insights that help them determine if their company is the target of a potential attack before it happens.

With just 21% of businesses ranking their current level of security as completely satisfactory, AI will serve as a major aid to those responsible for enterprise security – CIO and CISO. If the CIO’s mission is to ensure the security and confidentiality of her business, AI solutions are a must-have tool in defending against cyber attacks.

For example, consider AI as applied to a traditional security strategy that employs the NIST Cybersecurity Framework. Typically, security responsibilities are managed by a large internal team, or are outsourced to a similarly sized staff. While these measures are adequate, they often follow a rule-based system that could generate thousands of notifications daily.

>See also: Machine learning firmly integrated in the insurance industry

Humans are often unsure how to make sense of this wealth of information, which is an area where AI machine learning can succeed. For instance, if an employee incorrectly interprets a security notification as a false positive once, he will likely do so again when posed with the same situation. Conversely, another employee may come to a different conclusion when faced with the same information, leading to multiple layers of inconsistencies.

AI can easily apply real-time contextual information to reduce false positives/negatives and learn from these updates over time. This both generates efficiencies throughout the security department and frees up human employees to focus on other security tasks or business needs.

Preparing for AI integration

It’s never too late to lay the foundations for future digital improvements. Even historically slow to transform industries like insurance are starting to find small entry points along their value chain to ease the adoption process. Using the insurance industry as an example, top precursors to AI integrations include:

• User apprehensions

To convince employees and policyholders toward AI adoption, insurers must become more transparent about the benefits of the technology, as well as how it will be used. For employees, this may be how AI will alter their day-to-day responsibilities, and for policyholders this could come in the form of new communication channels with an insurer, such as a chatbot.

>See also: 10 cyber security trends to look out for in 2017

At a time where cyber threats are on everyone’s mind, insurers should disclose what personal information they’re using, and how they’re protecting this information. Transparency, even when this granular, gives policyholders confidence in their insurer so there’s no confusion or mistrust when the time comes for to leverage AI. Considering that a third of consumers report that they know nothing about AI, every piece of information shared can speed up adoption trends.

• Data sources and integrations

Difficulties sourcing and aggregating information counter AI’s machine learning sophistication, as trend spotting and risk prediction occur on massive data sets.
To successfully implement an AI system, insurers must first have access to critical (usually many) data sources. This includes internal data, information from third-party data providers and ultimately any source relevant to the context for which AI is tasked with advising.

Specifically, insurers must develop strategies for managing unstructured data. For example, take recorded communications between a policyholder and an insurer’s call centre. If this data is not made accessible to an AI system, any insight (such as emotion or sentiment) the policyholder surfaces about her customer experience during these conversations may fall on deaf ears. Insights from how a customer service representative performed on a call will be lost as well.

Insurers may understand the issue at hand, but without the ability to contextualise this moment with other similar instances, there’s minimal real-world action to take. However, if an AI-powered system is at play and supported by a proper data strategy, the insurer can transcribe this call, make the data accessible to the cognitive system and then begin to analyse the interaction with other available data. This can include sentiment analysis, measurement against a specified operating model and more.

>See also: Cyber crime: an unprecedented threat to society? 

The data management problem will only escalate over time. While insurers should want to add more communication channels to better meet policyholders where they are, they must have a strategy in place to aggregate these disparate sources and make them accessible to the same cognitive system.

This will be a key area of focus for insurers looking to thrive digitally, as 29% still find it difficult for internal developers, third-party partners or service providers to integrate with their organisation’s existing systems.

As with any other technology investment, companies will not see full value from pursuing AI solutions unless employees are trained and ready. Businesses may want to jump ahead and implement top cognitive systems – justifying the leap with the increasing threat of hackers – but this will only lead to a state-of-the-art solution that cannot solve the problem at hand unless paired with the right digital strategy.

Cyber threats are certainly advancing, but mitigating and defending against the risks posed by these threats starts with the basics – a digital strategy and infrastructure that paves the way for today’s cognitive solutions.

 

Sourced by John Cammarata, VP of development, PointSource

 

The Women in IT Awards is the technology world’s most prominent and influential diversity program. On 22 March 2018, the event will come to the US for the first time, taking place in one of the world’s most prominent business cities: New York. Nominations are now open for the Women in IT USA Awards 2018. Click here to nominate

Avatar photo

Nick Ismail

Nick Ismail is the editor for Information Age. He has a particular interest in smart technologies, AI and cyber security.