The Canadian Insurance Services Regulatory Organizations (CISRO), a forum of Canadian regulatory authorities, has weighed in on the use of generative artificial intelligence (AI) saying insurance intermediaries should review their current cybersecurity practices in light of growing generative AI usage.

The document from CISRO, Cybersecurity readiness when using generative artificial intelligence, provides general information and poses a number of questions intermediaries might ask themselves when discussing or probing cybersecurity readiness.

“This document is intended to raise insurance intermediaries’ awareness of the importance of adapting their cybersecurity readiness strategy to their use of generative AI in the course of their business activities,” CISRO states. “Given the increasing popularity of chatbots and virtual assistants powered by generative AI and the sense of productivity they bring to their users, intermediaries should establish guidance for their use and implement measures to prevent cyber incidents that could compromise or lead to the theft of confidential information.”

Intermediaries should review current practices 

The regulators go on to encourage insurance intermediaries to review their current practices and implement all measures necessary to achieve cybersecurity readiness when using generative AI. The report also looks at AI solutions being used in the industry, saying organizations should establish controls that evolve based on the use of AI solutions being implemented.

Notably, it also warns insurers against using public and open solutions. “No confidential information should be shared with this type of AI solution,” they state. “As the organization is responsible for the services it outsources to third-party service providers, it should identify the risks associated with the use of a third-party service provider’s AI solution and assess its cybersecurity practices before integrating it into the organizations’ computer systems and networks.”