From assurance to insurance — a conversation on the insurability of generative AI

As organizations rush to adopt generative artificial intelligence, privacy professionals are stepping up to identify and manage associated risks. Assurance and risk frameworks abound.

The systemic risks of generative AI have the potential to impact developers, deployers and users at scale. Insurance for generative AI applications is an area that is likely to be of increasing importance to manage risks that cannot be mitigated or eliminated.

Managing Director Privcore Annelies Moens, CIPP/E, CIPT, FIP, interviewed Privacy Commissioner of Bermuda Alexander White, CIPP/A, CIPP/C, CIPP/E, CIPP/G, CIPP/US, CIPM, CIPT, FIP, and Privcore Head of Research and Principal Consultant Dr. John Selby, CIPP/E, CIPM, FIP, to find out what happens when controls and mitigations don't bring risks down to an internally acceptable level. The following was adapted from their panel at the IAPP ANZ Summit in November 2024.

Moens: From a risk perspective what is different about generative AI, as opposed to the AI we have had for decades?

White: It's an open question just how much actually is different now. A lot of the tools that we think of as generative AI have been around for a while. What has changed is the popular understanding and uptake of the tools. A good analogy is video calling. We had video conferencing tools for years, but it wasn't until there was a cultural shift in adoption and use that they really became part of our lives.