Going Cyber
A conversation from the future
"Alexa, what is the current balance on my savings account?“
“Fifteen thousand and sixty-seven pounds, eighty-two pence.”
“Alexa, transfer all funds from my savings account to IBAN CH56-0483-5012-3456-7800-9.”
“Transaction complete.”
Voice-activated transactions edge ever closer to reality as the adoption of smart speakers continues to rise, but what if it wasn’t you having this conversation with your voice assistant, but a malicious AI?
While we are aware of and acknowledge the risks of hackers stealing biometric data such as fingerprints, asking what the next stage of evolution will be is an interesting question. AI-enabled hackers will also be able to steal your voice, and use your vocal patterns to generate things that you never said.
We stand at the dawn of AI in cybersecurity –- security specialists are now developing the equivalent of expert systems for hacking. Additionally, with AI, it’s possible to generate images and videos that can fool humans, and not long before it’ll be feasible to generate realistic vocal and textual information. Eventually, AIs will be able to code-generate programs -- just imagine intelligently evolving computer viruses. Finally, AIs themselves also provide a target for attackers, through malicious and corruptive training of the machine learning models that the AIs are based on, a good example being Microsoft Tay. Defending against these threats will necessitate keeping up-to-date, taking the necessary steps to proactively simulate AI-enabled attacks, and identifying the best ways of mitigating the impact.
This was the central theme of my talk at the 2018 Asia Cyber Security Summit. Such risks have implications for all players in the financial services sector. On the other hand, the insurance industry is uniquely positioned in that new risks also bring new opportunities. There will be demand for new cyberinsurance products to protect against cybercrime.
Some insurers such as AIG have already tuned in to these possibilities and are well on their way to offer cyber insurance products, even as many others have yet to begin theirs, as Mark Camillo discussed. Though the vast majority of cyberinsurance products focused on the business market, Bajaj Allianz, for example, has started to offer cyberinsurance products for consumers, as introduced by Sasikumar Adidamu.
Cyberinsurance adoption is most advanced in the US, whereas Asia lags Europe. China is an extremely sophisticated market for certain types of insurance, but remains a blue ocean market for cyberinsurance.
At the AITAs, Nicolas Michellod also gave a thought-provoking speech regarding a more holistic treatment of cyber-risk as an operational risk.
He presented a compelling case. Cyber-risks are created by weaknesses in people, processes, controls, and operations. For this reason, defenses should be focused on hardening the business, prioritizing according to structured frameworks, and managing across the entire business. Simply throwing money at the problem will not solve it.
In the afternoon, Celent and Asia Insurance Review(AIR) hosted the 8th Asia Insurance Technology Awards (AITAs) at AIR’s 3rd Asia Cybersecurity Summit at the Mandarin Orchard Hotel.
This year we’ve received close to 50 nominations APAC-wide; even after the initial round of screening, we still had as many as 42 nominations. There was an abundance of impressive entries, from which our international panel of Celent insurance analysts selected the very best to receive the six awards.
Further information about the winners can be found here.
After the award presentations, representatives from Bajaj Allianz, Kotak Mahindra, and Prudential Assurance joined Celent in a lively panel discussion about how to carry the momentum of the success further.