ChatCPT- A New Threat for Cyber Risk Insurers?

The ChatGPT (Generative Pretrained Transformer)- an OpenAI platform- was released in November 2022 and has been an instant success. In simple terms, ChatCPT is an artificially intelligent model that has been trained to generate text that imitates human language once it has been prompted with a query or question. The producers of the model expect to release a new version soon!       

ChatGTP has been identified as a problem in education sector that could potentially enable some students to engage in unfair practice undermining the integrity of assessment procedures. We have also in the press read about lawyers in different jurisdictions making submissions to courts by using texts obviously prepared by ChatCPT. In insurance sector, especially cyber risk insurers are also concerned of the potential disruptive impact of this OpenAI platform on their business models.

If prompted ChatCPT will refuse to write ransomware or malicious codes and when denying such requests, it will explain that ransomware is both “illegal” and “unethical”. However, there is no guarantee that a person will not find a way to create a malicious code by utilizing ChatCPT. As long as right questions are posed, the current version of the model could give anyone step by step guidance as to how to create a malicious code. This is a genuine concern for cyber risk insurers as it potentially makes it easier to produce such a malicious code (even by amateurs) and then target a business. Small and medium sized (SMEs) businesses, which do not have appropriate cyber security measures in place, are particularly vulnerable to ransomware attacks.  

Also, it is possible that if prompted ChatGPT can write convincing phishing emails that can be utilized in social engineering campaigns by threat actors. Again, this increases the possibility that an employee in a company or business could engage with such a convincing phishing email potentially compromising the cyber security of the organization in question.  

In recent months, cyber risk insurers have reported that ChatCPT has been utilized by criminals in ransomware negotiations potentially tilting the balance in favour of such criminal elements-one underwriter who discussed the matter with the author believes that ransomware negotiations are getting more difficult by the day thanks to ChatGPT and sums paid by insurers are increasing as a result!  

The main problem stems from the fact that OpenAI remains largely an unregulated area and realistically this will not change anytime soon. While there is an expectation on the creators of ChatGPT to ensure that their tool cannot be easily manipulated by threat factors, there is no denying the fact that ChatGPT has broadened the potential attack surface for businesses and this a particular concern for cyber risk insurers. If the new version of ChatGPT is not designed to better detect such threat factors (and block such requests), we should expect an increase in the successful ransomware attacks on businesses which will potentially lead to a further increase in cyber risk insurance premiums. We cannot stop innovation, but we have every right to expect the producers to put in place mechanism to prevent their harmful use. Cyber risk insurers are hoping that the new version of this OpenAI tool will be equipped to deal with those who are panning to use it for criminal purposes. This will be a good illustration of how tech can perform the function of regulation as well as innovation!   

Published by

Professor Barış Soyer

Professor Soyer was appointed a lecturer at the School of Law, Swansea University in 2001 and was promoted to readership in 2006 and professorship in 2009. He was appointed Director of the Institute of Shipping and Trade Law at the School of Law, Swansea in October 2010. He was previously a lecturer at the University of Exeter. His postgraduate education was in the University of Southampton from where he obtained his Ph.D degree in 2000. Whilst at Southampton he was also a part-time lecturer and tutor. His principal research interest is in the field of insurance, particularly marine insurance, but his interests extend broadly throughout maritime law and contract law. He is the author of Warranties in Marine Insurance published by Cavendish Publishing (2001), and an impressive list of articles published in elite Journals such as Lloyd’s Maritime and Commercial Law Quarterly, Berkley Journal of International Law, Journal of Contract Law and Journal of Business Law. His first book was the joint winner of the Cavendish Book Prize 2001 and was awarded the British Insurance Law Association Charitable Trust Book Prize in 2002, for the best contribution to insurance literature. A new edition of this book was published in 2006. In 2008, he edited a collection of essays published by Informa evaluating the Law Commissions' Reform Proposals in Insurance Law: Reforming Commercial and Marine Insurance Law. This book has been cited on numerous occasions in the Consultation Reports published by English and Scottish Law Commissions and also by the Irish Law Reform Commission and has been instrumental in shaping the nature of law reform. In recent years, he edited several books in partnership with Professor Tettenborn: Pollution at Sea: Law and Liability, published by Informa in 2012; Carriage of Goods by Sea, Land and Air, published by Informa in 2013 and Offshore Contracts and Liabilities, published by Informa Law from Routledge in 2014. His most recent monograph, Marine Insurance Fraud, was published in 2014 by Informa Law from Routledge. His teaching experience extends to the under- and postgraduate levels, including postgraduate teaching of Carriage of Goods by Sea, Transnational Commercial Law, Marine Insurance, Admiralty Law and Oil and Gas Law. He is one of the editors of the Journal of International Maritime Law and is also on the editorial board of Shipping and Trade Law and Baltic Maritime Law Quarterly. He currently teaches Admiralty Law, Oil and Gas Law and Marine Insurance on the LLM programme and also is the Head of the Department of Postgraduate Legal Studies at Swansea.

Leave a Reply