Home > News > Articles > 2024 > CISRO cyber

Adapt your cybersecurity strategy to consider generative AI use

Published December 13, 2024

As the use of generative artificial intelligence (AI) increases, licensees are advised to review their current cybersecurity practices and implement necessary measures to help eliminate cyber risks and prevent cyber incidents that could compromise or lead to the theft of customer information. Generative AI refers to the use of AI to create new content, such as emails, marketing materials or translation documents.

Cyber Security Readiness published in September 2023 by the Canadian Insurance Services Regulatory Organizations (CISRO), a national body made up of provincial and territorial insurance regulators, highlights the importance for intermediaries to prioritize cybersecurity and build awareness of their role and responsibilities in achieving cybersecurity readiness. This publication is a resource for licensees to prepare protocols for cyber safety and was developed in collaboration with Canadian regulators of insurance intermediaries including the Insurance Council of BC.

The more recent Cybersecurity readiness when using generative artificial intelligence CISRO publication is complementary to Cyber Security Readiness, which addresses cyber risks involved in generative AI used by insurance intermediaries and offers considerations for organizational cybersecurity readiness.

The publication is intended to raise insurance intermediaries' awareness of the importance of adapting their cybersecurity strategy to their use of generative AI. It also identifies practices for individuals and organizations to consider, including:
  • Reviewing and implementing policies and procedures regarding AI use and ensuring established practices are followed;
  • Participating in training that helps you understand the various types of AI solutions and how to use them safely;
  • Not sharing confidential information in public and open solutions.

Insurance Council licensees have a duty to safeguard clients’ personal information and are reminded to regularly review their current practices to ensure they are taking appropriate measures to protect client information.

For more details on cybersecurity practices and client confidentiality, review the information on “Cybersecurity Practice and Safeguarding Client Information” section on our Licensee Responsibilities page.