Mitigating Emerging Risks of GenAI in Business Operations
Businesses are rapidly adopting Generative Artificial Intelligence (GenAI), with user numbers reaching 77 million within two years of ChatGPT’s release in November 2022. While GenAI offers a competitive edge by speeding up operations, it also poses significant risks to data privacy, intellectual property, and sound decision-making.
Many businesses are struggling to understand and manage the full risk landscape associated with GenAI. Research by Riskonnect found that although 93% of surveyed companies were aware of AI-related dangers, only 17% had briefed their workforce or implemented training, and merely 9% felt prepared for these risks.
To safely experiment with GenAI, businesses should implement the following seven-point checklist:
1. Choose Your Tool Wisely
Many AI tools capture data input for their machine-learning processes. Ensure the selected tool meets client confidentiality and information security standards. The National Cyber Security Centre provides guidelines for secure AI system development. Include data and cyber requirements in the Service Level Agreement and consider contractual protections if your service delivery relies on AI tool output.
2. Conduct Due Diligence
When selecting third-party providers with access to your and your clients’ data, check their AI safeguards. Verify their data protection measures and ensure they align with your security standards.
3. Maintain Detailed Data Records
Keep a record of what data you have, its quality, value, and storage location. Assess whether your data is relevant, adequate, and reliable. Consider additional sources if necessary and check for data corruption or infiltration. Include a detailed data strategy in your AI risk management plan and use diverse sources to mitigate bias risks.
4. Update Policies and Procedures
Keep accountability and governance at the forefront when updating policies. Include AI in your risk register and specify acceptable AI tool usage in your documentation. Review supervision processes to ensure AI-assisted outputs are checked by a person on a risk-assessed basis.
5. Regularly Test Data Security
Use trusted independent agencies to assess vulnerabilities regularly. Include misuse of AI in your disciplinary processes to deter inappropriate use.
6. Implement Robust Security Measures
Use multi-factor authentication (MFA) and digital certificates to secure communications. Establish internal-only channels for document sharing and verify high-value transactions through secure communication channels not initiated by the requester.
7. Educate Employees
Regular training is crucial for employees to understand approved AI tools, associated workflows, and risk controls. They should be aware of AI’s wider implications, including error replication and bias reinforcement. Critical assessment skills are essential to identify errors or bias in AI outputs.
By implementing these measures, businesses can confidently experiment with GenAI while minimizing associated risks. Purchasing a cyber insurance policy can also help transfer emerging risks and provide access to expert advice and services for better protection and quicker recovery in case of incidents.
