Category Archives: Technology Risk

Immediate Vault Immediate Byte

Assessing the Legal Risks in AI—And Opportunities for Risk Managers

Posted on by

Last year, Amazon made headlines for a developing a human resources hiring tool fueled by machine learning and artificial intelligence. Unfortunately, the tool came to light not as another groundbreaking innovation from the company, but for the notable gender bias the tool had learned from the data input and amplified in the candidates it highlighted for hiring.

buy oseltamivir online thecifhw.com/wp-content/uploads/2023/10/jpg/oseltamivir.html no prescription pharmacy

As Reuters reported, the models detected patterns from resumes of candidates from the previous decade and the resulting hiring decisions, but these decisions reflect that the tech industry is disproportionately male. The program, in turn, learned to favor male candidates.

buy robaxin online thecifhw.com/wp-content/uploads/2023/10/jpg/robaxin.html no prescription pharmacy

As AI technology draws increasing attention and its applications proliferate, businesses that create or use such technology face a wide range of complex risks, from clear-cut reputation risk to rapidly evolving regulatory risk. At last week’s RIMS NeXtGen Forum 2019, litigators Todd J. Burke and Scarlett Trazo of Gowling WLG pointed toward such ethical implications and complex evolving regulatory requirements as highlighting the key opportunities for risk management to get involved at every point in the AI field.

For example, Burke and Trazo noted that employees who will be interacting with AI will need to be trained to understand its application and outcomes. In cases where AI is being deployed improperly, failure to train the employees involved to ensure best practices are being followed in good faith could present legal exposure for the company. Risk managers with technical savvy and a long-view lens will be critical in spotting such liabilities for their employers, and potentially even helping to shape the responsible use of emerging technology.

buy inderal online thecifhw.com/wp-content/uploads/2023/10/jpg/inderal.html no prescription pharmacy

To help risk managers assess the risks of AI in application or help guide the process of developing and deploying AI in their enterprises, Burke and Trazo offered the following “Checklist for AI Risk”:

  • Understanding: You should understand what your organization is trying to achieve by implementing AI solutions.
  • Data Integrity and Ownership: Organizations should place an emphasis on the quality of data being used to train AI and determine the ownership of any improvements created by AI.
  • Monitoring Outcomes: You should monitor the outcomes of AI and implement control measures to avoid unintended outcomes.
  • Transparency: Algorithmic decision-making should shift from the “black box” to the “glass box.”
  • Bias and Discrimination: You should be proactive in ensuring the neutrality of outcomes to avoid bias and discrimination.
  • Ethical Review and Regulatory Compliance: You should ensure that your use of AI is in line with current and anticipated ethical and regulatory frameworks.
  • Safety and Security: You should ensure that AI is not only safe to use but also secure against cyberattacks. You should develop a contingency plan should AI malfunction or other mishaps occur.
  • Impact on the Workforce: You should determine how the implementation of AI will impact your workforce.

For more information about artificial intelligence, check out these articles from Risk Management:

The Risky ‘Business of Art’ Explored at Observer Event

Posted on by

From left: Massimo Sterpi, Elena Zavelev, Anne Bracegirdle, Devin Finzer, Curt Bilby / Photo: Keith Sherman & Associates

NEW YORK—On May 21, the Observer’s inaugural “Business of Art Observed” event brought experts in art, insurance, risk management, tech and finance to the Roosevelt Hotel to discuss established and emerging risks facing the $50 billion art industry.

The “Insurance and Risk Management” session wasted no time exploring creative risk and claims management approaches to the various forms of potential damage to artwork. From transit to security to geopolitical risk, panelists agreed fine art coverage is not a paint-by-numbers process, and said the “framing of a claim” can facilitate a payment.

“Insurance companies get a bad reputation,” said Mary Pontillo, senior vice president and national fine art practice leader at DeWitt Stern. “But the higher-end, really good-quality insurance companies are looking for ways to pay claims. I think that’s where there are a lot of misconceptions.”

For example, she mentioned advising a client whose work was being kept on a yacht. While certain maritime and environmental risks such as humidity were not covered by the policy, she was able to demonstrate that ocean spray had been the source of the damage and successfully get the claim covered.

The session discussed modernizing risk management in the art market and how the industry should apply forensic due diligence to transactions and ensure they view all business activities through a lens of strategic risk. And with transparency cited as a continuous challenge, Dennis Wade, a senior partner at Wade Clark Mulcahy, LLP, who has handled international fine art matters, pointed out the importance of reputation risk when drafting a policy.

“Many policies also contain an exclusion for the dishonesty of the person to whom you deliver or entrust the goods,” Wade said. “So if you consign a work to a corrupt gallerist, there may be an exclusion in your policy and you may not be covered at all.”

The emergence of blockchain technology dominated discussion at another session, “Art Market 2.0: Using Art & Technology to Drive the Industry Forward.” According to panelists, authentication and secure transactions have risen to the top of their risk registers. New Art Academy Founder Elena Zavelev said blockchain’s ability to put individual faces on digital artwork has mostly solved the prior risk of unauthorized duplications, forgeries, and fraud. Zavelev and her co-panelists said blockchain may facilitate a long-term change in the way art is created, sold, curated and insured by improving the ability to track a work’s provenance.

Christie’s AVP Anne Bracegirdle said the masterstroke for streamlining the authentication process is to create a digital, industry-wide registry. Tokenizing original works, she said, would simplify the experience of buying, selling and trading. “If each piece had its own digital identity that would stay the same, no matter where it went, it would instantly provide secure provenance and prices,” Bracegirdle said. “There are companies like Consensus and Microsoft working to create distributed identity networks. The security within that could be applied to scale blockchain—regardless of which blockchain you’re interacting with. Digital identities would provide clients with access to all their consignments and their purchases in one consolidated space, which currently doesn’t exist.”

The evolution of art was also a hot topic during this session since what’s considered a “finished piece” is no longer just a physical canvas. Digital, virtual and even crypto-art may be in their relative infancy but these are gaining global popularity and could significantly influence the industry, said Devin Finzer, co-founder and CEO of OpenSea, a peer-to-peer marketplace for crypto collectibles, gaming items, and digital art.   

“[Owning digital products] has always been confined to a specific ecosystem, like event tickets to a ticketing site,” Finzer said. “Blockchain offers a new type of ownership for these digital assets and it’s exciting for digital art because you can own it in a variety of [digital forms]. Right now, we see the enthusiasm is from tech enthusiasts, but I think over time these ideas around digital ownership will cross over to a mainstream crowd who appreciate the art more than the technology.”

Microsoft Vulnerability A Reminder to Update and Patch

Posted on by

Microsoft recently announced a major vulnerability to Windows XP, Windows 7 and several older Windows server versions. According to Simon Pope, the company’s director of incident response, “[A]ny future malware that exploits this vulnerability could propagate from vulnerable computer to vulnerable computer in a similar way as the WannaCry malware spread across the globe in 2017.” This announcement reinforces the importance of companies patching security vulnerabilities to mitigate the risk, especially on older machines that still serve essential functions.

This news follows a TechCrunch article reporting that at least a million computers worldwide, mostly in the United States, remain vulnerable to the WannaCry and NotPetya malware because users have not installed the necessary patches. Cybercriminals continue to use this malware, based on hacking tools originally developed by the NSA, to deliver all sorts of malicious software to unsuspecting victims online.

WannaCry is ransomware—malicious software that hijacks a computer and demands payment to regain control—that quickly spreads and has affected businesses, government and individuals in over 150 countries since 2017. Around the same time, a malicious software disguised as ransomware called NotPetya spread worldwide, affecting global business operations, and effectively paralyzing multiple companies in what has been called “the most devastating cyberattack in history.” Both caused massive financial damage worldwide, with WannaCry estimated at $8 billion in damages and NotPetya estimated at $3 billion.

Windows has released patches to protect systems from the newly announced vulnerability, even for Windows XP and Windows Server 2003, despite the company not usually offering support for those older systems.

online pharmacy nolvadex with best prices today in the USA

However, XP users will have to manually download the patches from Microsoft’s update website. According to a 2017 Spiceworks study, businesses worldwide were still running Windows XP on 11% of their laptops and desktops. While that has likely decreased in the past two years, it would still leave a significant number of machines running exposed systems that require manual updates to patch.

Not patching vulnerabilities has led to serious incidents, like the Equifax breach in 2017, which led to the theft of 143 million Americans’ personal information.

online pharmacy buspar with best prices today in the USA

In that case, the US Department of Homeland Security had issued a warning about the vulnerability, a patch for a web application vulnerability had reportedly been available for 2 months before the breach, and Equifax failed to implement the fix. A US House Oversight Committee report blamed the company entirely, saying that Equifax “failed to implement an adequate security program to protect this sensitive data,” and that “such a breach was entirely preventable.”

Companies use numerous different types of software in their daily operations, and software providers issue many patches for their products, which leaves companies overwhelmed. According to an April 2018 Ponemon Institute study, 68% of companies “find it difficult to prioritize what needs to be patched first.” IT staffing limitations and competing priorities within organizations can hinder these efforts, since patching requires heavy time investment and sometimes taking important aspects of the business offline to implement fixes. Companies with third-party partners and supply chains face even more complex risks, since their systems are often integrated or dependent, and companies likely do not have direct control over partners’ systems to ensure patching. Mitigating outside risk by including in contracts stipulations that third-party partners meet certain security requirements can also help.

online pharmacy imodium with best prices today in the USA

The Economic Costs of Government Internet Interruptions

Posted on by

At the end of April, global internet access monitor group NetBlocks reported that Venezuela’s state-run internet provider ABA CANTV was restricting the country’s access to various social media platforms amid continuing demonstrations and political turmoil. In May, NetBlocks reports this has continued, in addition to similar internet limitations in Benin and Sri Lanka. While increased global internet connectivity has led to international economic growth, it has also often led to increased government control over methods of communication and commerce, and government shutdowns pose a serious risk to businesses and economic activity in these countries.

Businesses face a variety of challenges and risks when operating abroad, but internet shutdowns and limitations may present a unique impediment, especially for companies that operate largely online and rely on consistent internet access. With more countries shutting down or limiting access more frequently, companies that conduct business in countries with regular interruptions may need to plan accordingly, or reevaluate whether their operations can accommodate these disruptions. Companies that have internet-dependent supply chains may be particularly susceptible and should ensure they have comprehensive mitigation strategies in place to avoid business interruptions.

Many nations increasingly use internet and social media disruptions as a way to quell political dissent. Some countries have shut down social media after violent incidents, purportedly to curb people’s ability to incite further violence, such as in Sri Lanka after the Easter suicide bombing there. Ethiopia also limited internet access in 2017 after activists leaked copies of the national school exams online. Whatever a country’s motivation, the frequency of shutdowns worldwide is rising dramatically, according to Stastista, which notes a 6,000% increase between 2011 and 2018.

government internet shutdowns

The Indian government routinely implements shutdowns in various parts of the country, and has in turn suffered serious economic consequences. The Indian Council for Research on International Economic Relations recently reported that, between 2012 and 2017, internet shutdowns in India climbed from 3 to 70 per year, and the shutdowns’ total duration rose from 9 hours in 2012 to 8,141 hours in 2017. According to the report, titled The Anatomy of an Internet Blackout, these disruptions cost the Indian economy approximately $3.04 billion in total. This includes approximately $2.37 billion from mobile internet loss and $678.4 from fixed line internet shutdown.

The Brookings Institution released a study in October 2016 examining 81 short-term shutdowns in 19 countries and their impact on GDP. Between July 1, 2015, and June 30, 2016, the study found that the economic consequences of internet shutdowns cost at least $2.4 billion in GDP globally. The report notes that this is a conservative figure and does not account for tax losses or drops in investor, business, and consumer confidence.

Deloitte also examined the issue in 2016, estimating that the economic consequences of a temporary shutdown “grow larger as the level of connectivity and GDP increase.” For highly connected countries, a temporary shutdown could cut 1.9% of daily GDP—an estimated $141 million per day. Medium-connectivity countries lose an estimated 1% ($20 million) of daily GDP and low-connectivity countries could lose an estimated 0.4% ($3 million) of daily GDP.

A study released in October by Strathmore University’s Center forIntellectual Property and Information Technology Law (CIPIT) showed that shutdowns can also severely impact countries’ shadow economies, often uncounted in formal studies like those from Brookings and Deloitte. According to the report, titled Intentional Internet Disruptions in Africa, unreported economic activity in 49 African countries made up an average of 37.65% of all economic activity. Because this activity is not counted in previous formal studies (like the Brookings study), CIPIT estimates that including these shadow economies increases the total cost of shutdowns by 19% to 29%.

Another Statista study from August 2018 shows that certain countries are shutting down their internet more often than others, most notably India, Pakistan and Iraq. Risk managers should consider these figures and cost estimates when assessing their companies’ existing or potential operations in the countries noted below, or when looking at where to invest overseas.