Insurance AI Governance Without Handbrakes: Guardrails for Innovation, Risk & Compliance

Your competitors are already using AI. So are your employees — whether you know it or not. The question isn't whether AI is coming into your brokerage. It's whether you're in control of how it gets there. In this episode, Alex Paras (CEO, Lakeside Consulting Group) and Mike Morrison (CISO, Zendus Group) break down what responsible AI governance actually looks like for P&C insurance brokerages — and why getting it right now is the difference between competitive advantage and a lawsuit you didn't see coming. Mike has 20+ years of cybersecurity and governance experience. Alex has sat inside 32 different vendor engagements across brokerage offices and built data infrastructure for Wall Street firms. Together, they cover: Why AI behaves more like an unpredictable employee than a reliable computer — and what that means for the decisions it's making on your behalf The real-world AI failure that wiped out an entire startup's data (including all backups) — and how it's the same mistake brokerages make every day How a healthcare AI was making insurance decisions with a 90% error rate on elder patient care — and the lawsuit that followed The shadow AI problem hiding in your organization right now, and how to find it using your MSSP logs Why ring-fencing data, least-privilege access, and input/output logging aren't optional — they're the floor A step-by-step governance framework: inventory first, tiered risk assessment, RACI, continuous improvement The four governance frameworks every insurance brokerage should know: NIST AI RMF, ISO 42001, AIUC1, and AARM What's coming in the HIPAA update — and why your business associate agreements may not cover you the way you think Why governance is a guardrail, not a handbrake — and how treating it like a handbrake is exactly what drives shadow AI underground If you're an insurance brokerage owner, operations leader, or technology decision-maker trying to figure out how to move fast with AI without crashing, this conversation is for you. CHAPTERS 00:00 — Welcome & Introductions 01:44 — The AI Risk Landscape: Data Exposure, Oversight Gaps, and Output Variability 04:47 — Real-World AI Failures: Claude Deletes a Startup's Data, PII in AI Prompts 09:35 — The Output Error Problem: Healthcare AI with a 90% Error Rate 11:21 — Token Costs, Vendor Longevity, and the "First Taste Is Free" Risk 13:36 — Insurance Bias: How AI Derives Protected Characteristics Without Being Asked 17:53 — Shadow AI: The Tools Your Employees Are Already Using 21:33 — Governance Frameworks: NIST AI RMF, ISO 42001, AIUC1, and AARM 27:00 — HIPAA, Business Associate Agreements, and What's About to Change 32:18 — Building a Governance Program: Start With the Inventory 33:22 — How to Hunt Shadow AI in Your Organization 34:02 — Using MSSP Logs to See What AI Tools Are Actually in Use 34:57 — Securing Prompts and Data: The Input/Output Problem 36:34 — Risk Assessment Frameworks (Including Free DHS Workbooks) 37:44 — The RACI Governance Process: Keeping Everyone Honest and in the Loop 39:16 — Why Governance Policies Must Be Continuous — Not Signed Once a Year 40:51 — Token Costs, Tool Consolidation, and the AI Startup Risk 41:53 — Ring Fencing Data: Least Privilege Access for AI Systems 50:50 — Prompt Injection and Input Validation: Old Problem, New Stakes 52:29 — Governance as Guardrails: Why Slowing Down Now Means Winning Later 55:13 — Wrap Up, Contact Information, and What's Coming Next CONNECT WITH OUR GUESTS Alex Paras — CEO, Lakeside Consulting Group Lakeside helps P&C insurance brokerages implement agentic AI systems that move them from annual renewal cycles to continuous client engagement. Website: lakesideconsultinggroupllc.com LinkedIn: linkedin.com/in/alex-paras Email: [email protected] Mike Morrison — CISO, Zendus Group 20+ years in cybersecurity governance and risk management. Website: zendusgroup.com Email: [email protected] ABOUT THIS SERIES This webinar series is produced by Lakeside Consulting Group for insurance brokerages navigating the AI transition. Each episode features practitioners — not theorists — sharing what's working, what's failing, and what you need to know right now. Subscribe so you don't miss the next episode. #InsuranceAI #AIGovernance #CyberSecurity #InsuranceTechnology #AIRisk #PCInsurance #DataGovernance #NIST #HIPAA #ContinuousBrokerage