Why a ‘wait-and-see’ approach to AI won’t work

Artificial intelligence (AI) is changing the way all kinds of businesses operate. Getting AI-ready should be a priority for all business leaders, not just those in tech.

Generative AI systems are a particular breed of “machine learning”. They are algorithms, like ChatGPT, that “can create things like text, images, or even music on their own, without being explicitly programmed by learning from patterns in existing data”. At least, that’s how ChatGPT defined it.

The precise role generative AI will play in the future of the average business is unclear, but those businesses that proactively safeguard against the risks of such technology will be at an advantage, according to Riskonnect’s recent New Generation of Risk Report.

Making sense of the risks

As with any new business technology, risks come with the territory. According to Riskonnect, 93 per cent of companies anticipate significant threats from generative AI.

The top fears among organisations concern the following:

1. Data privacy and cyber issues (65 per cent)
2. Employee decisions based on erroneous information (60 per cent)
3. Employee misuse and ethical risks (55 per cent)
4. Copyright and intellectual property risks (34 per cent)
5. Discrimination risks (17 per cent)

While fears around poorly understood technology often outpace the real risks associated with widespread adoption, Riskonnect explained that many concerns are well founded.

For instance, the report explained that the risk posed by ransomware and security breaches for businesses could increase with the adoption of generative AI. The technology “enables hackers to create more personalised and realistic phishing emails to infiltrate and take control of companies’ systems”, said Riskonnect.

Ransomware attacks work by locking up or encrypting certain files at the exclusion of the owner. A ransom, usually in cryptocurrency, is then demanded to restore access. The Australian Signals Directorate has an emergency response guide for dealing with such attacks.

Ransomware attacks cost an average of $4.45 million, not including the cost of the ransom itself. The cost of ransomware attacks this year is expected to be among the highest in history. Only 45 per cent of directors and executives feel very prepared to tackle ransomware and security breaches.

Another 39 per cent of risk and compliance professionals say that state-sponsored cyber attacks have a significant or severe impact on their businesses.

Though many businesses invest in cyber insurance and technology to protect against these risks, finding the right insurance is not a simple task, explained Riskonnect.

The ‘wait-and-see’ approach

Despite the many fears, only 17 per cent of surveyed organisations had formally trained or briefed their entire company on generative AI risks. Similarly, the majority (63 per cent) of organisations reported having not simulated worst-case scenarios.

Considering the widespread adoption and functionality of AI among all kinds of employees, training that caters to all business functions could help protect against unforeseen risks. For instance, 90 per cent of HR leaders and 75 per cent of employees use AI at work at least once a week.

“The lack of urgency [in training employees] likely indicates that the technology is moving so fast that companies don’t know where to start,” said Riskonnect.

“It could also mean companies aren’t yet feeling the impact of these risks, but as generative AI gains adoption, that could quickly change.”

Changes in business policy

Though many organisations have been slow to protect themselves against the risks posed by generative AI, others have been more proactive. A common approach taken by organisations has been to hire specialists in the area.

“The most noteworthy shift [in corporate strategy] is the emergence of chief risk officers (CROs),” said Riskonnect. Fifty-two per cent of surveyed companies have a CRO, compared with only 20 per cent three years earlier.

Similarly, 28 per cent of organisations reported having increased their risk management technology budgets over the past six months.

Moving forward

To improve organisational preparedness for threats posed by generative AI, the Riskonnect report recommended doing the following:

1. Get all stakeholders and executive leaders on the same page about risk.
2. Start planning for worst-case scenarios.
3. Invest in technology that helps combat the full spectrum of risk.
4. Improve visibility around risk exposure.

As noted by Chris Howard, global chief of research at Gartner, “deriving business value from the durable use of AI requires a disciplined approach to widespread adoption along with attention to the risks.

For more on the concerns surrounding artificial intelligence in the workplace, click here.