AI and the “Metaverse” is a new and, frankly, mysterious world to risk managers, lawyers, and insurance companies. This program will try to demystify the technology and explore some of the real-world implications for actions that happen online and through the use of Artificial Intelligence. This program will include a review of the technology, the risk exposures with AI and the Metaverse, and what can be done to insure against these and other types of emerging risks.
Cyber Insurance Scoping Call Presentation - for HSB.PPTX
1. Proprietary and Confidential
1
Courtroom Code:
Navigating the Litigation Risks of AI and the
Metaverse
July 17, 2023
Presenters:
• Violet Sullivan, VP of Client Engagement – Redpoint Cybersecurity
• Christopher Seusing, Partner - Wood Smith Henning & Berman, LLP
• Taylor Beck, Privacy Operations Counsel - UBER
• David Anderson, VP of Cyber – Woodruff Sawyer & Company
INCLUDE HEADSHOTS?
2. Agenda
UNDERSTANDING THE METAVERSE & AI
INTRODUCTIONS
EXTRAPOLATING EXPOSURES
Q&A
IMPACT TO INSURANCE
CONTROLS AND RISK MITIGATION
4 unique perspectives
Breaking down the technology and
surrounding ecosystem and concepts
Outline risks and challenges associated with
deploying, using, and securing these systems
Best practices to protect your
organizations in unprecedented times
What is insurable and what may not be… soon
Let’s interact
3. What is the Metaverse and how does
it work?
• A collective shared space where virtually
enhanced physical space and physically
persistent virtual space
• Virtual reality or augmented reality
• May be a network of virtual worlds
• Focused on social connections
• Offers highly personalized user engagement
• May include pieces of “virtual real estate” for sale
• Offers a space for businesses and customers to
connect without leaving home
4. Explaining Artificial Intelligence as
covered in today’s headlines
• Generative AI and Large Language Models
(including but not limited to ChatGPT4)
• Capable of generating images, text, music, and
solving puzzles or problems
• Results are “human-like” and conversational
• Models “learn” by crowd-sourcing humanity’s
knowledge published on the internet
• Interacts and enhances the metaverse with human
-like images and conversations
• We do not truly understand how these models
learn
5. RISKS & EXPOSURES
Financial exposures
to balance sheets,
boards, and
shareholders
Misappropriation of
intellectual property
Professional liability
Training data and
programming issues
Lack of legal
framework and
precedent
Regulatory,
enforcement, and
jurisdictional risk
Expansion of liability
theories
Biometric data
collection
Contractual, vendor,
and third-party
exposures
6. IMPACT TO INSURANCE
CYBER AND PRIVACY LIABILITY COVERAGE
Cyber policies do not delineate between metaverse and AI data sets,
systems, and use cases (for now). Contemporary policies may respond
to data loss or theft, privacy breaches, and interruption costs
Management liability policies would not exclude otherwise covered
claims arising out of a failed metaverse or AI venture; professional
liability policies still cover errors and omissions even if stemming from
AI
BODILY INJURY AND PROPERTY DAMAGE COVERAGE
Property policies do NOT contemplate metaverse assets and casualty
policies may not cover emotional distress arising out of metaverse or AI
related issues.
Most insurance policies do not
contemplate (either affirmatively or
restrictively) how insurance
coverage responds to the complex
risks arising out of the metaverse
and use of AI
7. SOME HIGH LEVEL
RISK
MITIGATION
IDEAS
(with the caveat that unknown
unknowns FAR outnumber known
risks)
TECHNICAL CONTROLS
ADMINISTRATIVE CONTROLS
SOCIAL ENGINEERING AND
INDISTINGUISHED THREATS
CONTINUOUS ADAPTATION
IS THE NEW NORM
UNDERSTAND YOUR
COMPANY RISK TOLERANCE
-Responding to a breach is as important as preventing them
-Brand impact can be the result of an inadequate business response rather than attack itself
-Pressure test plans to simulate the urgency and ambiguity of an attack
-The public response can be as challenging as the technical response
Testing Objectives:
-Simulate a real world cyber attack
-Cross-functional, involving participants throughout the organization
-Structured to simulate a real attack: participants receive incomplete information, and react in real time
-Moves beyond diagnosis to test for gaps in an organization's ability to respond to an attack
-Builds institutional “muscle memory”
-Responding to a breach is as important as preventing them
-Brand impact can be the result of an inadequate business response rather than attack itself
-Pressure test plans to simulate the urgency and ambiguity of an attack
-The public response can be as challenging as the technical response
Testing Objectives:
-Simulate a real world cyber attack
-Cross-functional, involving participants throughout the organization
-Structured to simulate a real attack: participants receive incomplete information, and react in real time
-Moves beyond diagnosis to test for gaps in an organization's ability to respond to an attack
-Builds institutional “muscle memory”
Our Cyber Security Consultants have been working with your team to understand your security architecture to prepare for this exercise. As mentioned, it’s important to have an understanding of this area to be able an identify risks that your organization has.
We have Reviewed applicable Incident Response Plan(s) and other material(s). Any policies, procedures or protocols that are applicable to how you would respond during an incident are helpful to provide context to building an exercise
Create scenario appropriate to your organization testing your team’s level of Response Readiness.