Podcast Summary: "Is Artificial Intelligence Changing the Insurance Game?"
Artificial Intelligence Podcast: ChatGPT, Claude, Midjourney and all other AI Tools
Host: Jonathan Green (A)
Guest: Amber Moss (B) – Insurance risk manager, law student
Date: May 5, 2025
Overview
This episode takes a practical dive into the impact of artificial intelligence (AI) on the insurance industry, focusing particularly on risk management, data security, and emerging legal and cyber threats. Host Jonathan Green and guest Amber Moss—a seasoned risk manager and law student—explore the double-edged sword of AI in insurance, highlighting its benefits, real-world pitfalls, evolving threat vectors, and the importance of vigilance in an era of accelerating technological change.
Key Discussion Points & Insights
1. AI’s Role in Insurance: Practical Benefits and Caution
-
Data Analysis & Presentations
- AI excels in organizing, sorting, and analyzing vast amounts of data—“the boring stuff” like actuarial tables.
- Tools help insurance professionals create better visual presentations and streamline standard lingo.
- Amber Moss [01:40]:
“A lot is changing in insurance…we have to be very strategic and careful on how we’re using the data and where we’re using the data because…we’re working with very sensitive data.”
-
Caution with Sensitive Data
- While tempting to use AI for all tasks, Amber stresses the need for human oversight, especially when handling sensitive medical and personal data (“claims, socials, medical diagnoses”).
- A current challenge is tracking exactly what parts of the work have been AI-generated versus human.
-
Legal Documentation & Accountability
- Legal risk when relying on AI for authoring documents:
"We have to say, ‘Judge, I didn’t say that. I used artificial intelligence to say that.’ So we have to be careful on how we are doing our presentations and how we’re noting when AI is being used." —Amber Moss [02:38]
- Legal risk when relying on AI for authoring documents:
2. AI Hallucinations and Liability in Law and Insurance
-
Hallucinations Leading to Real-World Consequences
- Amber recalls recent cases where lawyers submitted fake citations generated by ChatGPT:
“The sightings were correct, it looked legitimate, but it was purely a hallucination.” [04:00]
- Amber recalls recent cases where lawyers submitted fake citations generated by ChatGPT:
-
Absolute Accuracy is a Must
- Legal and insurance fields require 100% accuracy:
“When it comes to the law, you have to be correct 100% of the time, not 90 or 95% of the time.” —Jonathan Green [05:09]
- Legal and insurance fields require 100% accuracy:
-
Human Supervision Remains Essential
- Even advanced AIs are fallible and can confidently produce incorrect information.
- Over-reliance on AI can increase mistakes—users may become complacent, letting “something slip through the cracks.”
“…AI can do 90% of the work, but we tend to let it just do 100%. And that’s where the glitches happen.” —Jonathan Green [03:03]
-
Detecting AI-Generated Content
- Consistent linguistic “giveaways” reveal AI’s hand in writing—overly formal language, cliches like “ever-changing digital landscape.”
“Whenever I hear the word ‘landscape’ and then there’s a comma, I know it’s AI…” —Jonathan Green [06:48]
- Consistent linguistic “giveaways” reveal AI’s hand in writing—overly formal language, cliches like “ever-changing digital landscape.”
3. Cybersecurity, Compliance, and Emerging Threats
-
AI Changing Cyber Insurance
-
Insurance policies now evaluate past cyber incidents: extortion, malware, privacy breaches, ransomware, and increasingly “AI-caused” threats.
- Amber Moss [11:27]:
“AI can trick you into giving funds…There’s room for coverage depending on how AI affects…the actual attack.”
- Amber Moss [11:27]:
-
Cyber attackers are more sophisticated; AI can help both defenders and adversaries.
-
-
Data Security Complexity
-
Strict compliance (HIPAA, SOC2, etc.) means companies must carefully vet all AI tools before use, sign contracts (BAAs), and prevent accidental info leakage.
“People are like, which AI can we use? I’m like, none of them until we sign a contract.” —Jonathan Green [09:03]
-
Accidental breaches can happen easily (e.g., sharing the wrong tab during a screen recording).
-
-
Remote Work & Risk
-
Distributed teams increase “attack surface”; companies need strict policies on permissible AI usage.
- 50% of surveyed employees in Amber’s organization now use AI daily [13:50].
-
Standardizing/training on approved, secure AI software is essential for corporate safety.
-
4. The Relentless Pace and Culture of Change
-
Keeping Up with AI Innovation
-
Rapid AI evolution means new tools—and new threats—emerge daily:
“There’s a major AI news story every single day…It’s mathematically impossible to keep up.” —Jonathan Green [14:46]
-
Companies use AI to protect, as well as attack, infrastructure.
-
-
Stricter Security Cultures
- Creating a compliance-based culture where software updates, strong authentication, and endpoint protections are enforced; non-compliance leads to penalties or terminations.
“Once a company enters certain compliance rules, then there are rules for how you have to punish people who don’t do it…you get a warning…third time, the company has to fire you…” —Jonathan Green [16:21]
- Creating a compliance-based culture where software updates, strong authentication, and endpoint protections are enforced; non-compliance leads to penalties or terminations.
-
Classic Scams Still Work
- Social engineering remains rampant—AI just accelerates and amplifies the risk:
- LinkedIn used for realistic phishing targeting recently promoted professionals [17:16]
- Even intelligent, experienced users get caught by “the right scam on the wrong day” [16:54]
- Social engineering remains rampant—AI just accelerates and amplifies the risk:
5. Identity Theft, Monitoring, and Personal Risk Management
-
Comprehensive Protections Are Key
- Both hosts agree: identity theft protection, credit monitoring, and cyber insurance are essentials for individuals and businesses alike:
- Amber Moss [20:38]:
“Americans need to ensure that if they have a business that they have the cybersecurity coverage…Identity theft protection…credit monitoring…It’s not very expensive…just because of the unknowns.”
- Amber Moss [20:38]:
- Both hosts agree: identity theft protection, credit monitoring, and cyber insurance are essentials for individuals and businesses alike:
-
Skepticism Toward Data Broker Opt-Out Services
- Jonathan expresses skepticism about “pay us to stop selling your data” services—once data is out, you can’t put it back:
“If someone’s already stolen your data…you’ve already sold it a thousand times.” [21:36]
- Jonathan expresses skepticism about “pay us to stop selling your data” services—once data is out, you can’t put it back:
-
Evolving Vectors and the Unknowable
- Most major attacks exploit what companies failed to anticipate (“the thing you don’t think of always gets it”).
- Personal anecdotes underline the ongoing risk, even for very small businesses and individuals.
6. Security Best Practices & Organizational Discipline
-
Authentication and Security Fatigue
- Amber shares how strong security imposes friction, but is worth it for client trust:
-
“The hardest part of my job is chasing my passwords and authenticators…I had to go through three different processes to get into the website. But it’s worth it for my client.” [24:34]
-
- Amber shares how strong security imposes friction, but is worth it for client trust:
-
Most Attacks Are Opportunistic
- Most cyberattacks are indiscriminate, targeting thousands in hopes of one success:
“Most of the attacks are really like mass attacks, as in they just hit every small website, as many as they can…and you only need one person to fall for it.” —Jonathan Green [25:06]
- Most cyberattacks are indiscriminate, targeting thousands in hopes of one success:
-
Leadership by Example
- Best practice is to be cautious and diligently separate work and personal devices, maintain up-to-date security, and do not make exceptions for leaders.
-
“You have to set the example…one person didn’t [update password] and it was the CTO and that’s who they’d hacked.” —Jonathan Green [28:31]
-
- Best practice is to be cautious and diligently separate work and personal devices, maintain up-to-date security, and do not make exceptions for leaders.
-
Standardization and Policy Enforcement
- Difficult but critical to get everyone, especially in large organizations, to use approved AI and security protocols consistently.
Notable Quotes & Memorable Moments
-
Amber Moss on Legal Dangers:
“There were at least seven cases submitted to a federal court that looked legit, that were not…My biggest concern is the legal side of things and how do we control what is being sent to our courts or what is being sent in trial and who said it, where did it come from and what software are you using?” [04:48] -
Jonathan Green on AI’s Limitations:
“AI never makes spelling mistakes or grammar mistakes. Everything else, it makes a lot of mistakes.” [05:20] -
On Insurance Mindset:
“You have to always be alert…we don’t know what we don’t know.” —Amber Moss [18:47] -
On Vigilance:
“I used to think, oh, my website’s too small. No one would ever attack me…Every three minutes an attack would come in…I had to turn off the alerts, it was too frequent.” —Jonathan Green [19:31] -
On Leadership Responsibility:
“Don’t let that…I don’t want to be the lawyer who submitted the brief, it was all written by AI or the one person who goes, my password would never get [hacked].” —Jonathan Green [28:31]
Timeline of Important Segments
| Timestamp | Topic | |--------------|--------------------------------------------------------------| | 01:06–02:38 | Amber Moss on AI’s role in insurance, risk management, data | | 03:03–04:30 | Dangers of over-relying on AI & legal hallucination stories | | 05:09–06:48 | The necessity for 100% accuracy in law & insurance | | 09:03–10:27 | Data security, contracts, compliance, HIPAA/SOC2 challenges | | 11:27–13:40 | Cyber insurance: new risks, possible AI-specific policies | | 13:50–14:46 | Remote work & risk, standardizing AI use in organizations | | 16:21–18:47 | Security cultures, compliance, modern phishing stories | | 19:31–20:38 | Persistent attacks, personal experiences with credit theft | | 20:38–22:48 | Identity theft protection, credit monitoring - essentials | | 24:34–25:06 | Security fatigue, passwords, and real-world discipline | | 28:31–29:30 | Leadership, examples of organizational weakness or breach | | 30:50–31:52 | Amber Moss on connecting with her firm for risk management |
Conclusion & Takeaways
- AI is reshaping the insurance landscape, mostly benefiting data analysis and presentations, but demands caution with sensitive data and legal documentation.
- Absolute vigilance is required—AI errors can cause critical legal and financial consequences; human oversight remains vital.
- Cyber and identity protection are now foundational for both individuals and businesses due to escalating and evolving cyber risks.
- Leadership and consistency in security practice throughout organizations are paramount; the weakest link remains the greatest vulnerability.
- Education, adaptation, and standardization of AI and security practices are ongoing challenges in the face of rapid technological change.
Contact for Help & More Info:
Amber Moss and her team can be reached at hotchkiss.com for insurance and risk management expertise.
“Cover your risk as best as you can. That’s all we can do. Cover the risk.”
— Amber Moss [31:35]