Seven ways businesses can manage AI risks

Many AI tools will capture the data input for their own machine-learning processes. Make sure the one you select meets client confidentiality and information security standards. The National Cyber Security Centre provides some guidelines for secure AI system development.
Include data and cyber requirements in the Service Level Agreement and consider contractual protections if your own service delivery model will rely on output from an AI tool.

When selecting third-party providers who will have access to your and your clients’ data, check their AI safeguards.

Keep a record of what data you have, its quality, value, and where it is stored.

- Is your data relevant and adequate for your needs? Is it reliable?
- Do you need additional sources and if so, which sources?
- Is the data held in silos?
- Has it been corrupted or infiltrated?

You should include a detailed data strategy in your AI risk management plan, and use a diversity of sources to mitigate the risks of bias.

- Keep accountability and governance front and centre when updating policies and procedures
- Include AI in your risk register
- Update your acceptable use documentation to specify which AI tools can be used, on what devices, and for what purposes
- Review supervision processes and ensure that AI-assisted outputs are checked by a person on a risk-assessed basis
- Test your data security regularly, using trusted independent agencies to assess vulnerabilities. Include misuse of AI in your disciplinary processes.

- Use multi-factor authentication (MFA) and digital certificates to secure communications
- Set up internal-only channels for colleagues to share documents
- For important actions like high-value bank transfers, have a process requiring the operation to be verified via a secure communication channel, that is not initiated by the requester.

- Regular training is essential for employees to help defeat breaches
- People must be familiar with the AI tools which the business has approved for use, and the associated workflows, processes and risk controls
- They should also be aware of the wider implications. When used inappropriately, AI might lead to error replication and bias reinforcement. So critical assessment skills are crucial to identify errors, hallucinations or bias. That should be on top of AI literacy and data management training
- Employees should also be wary of such innovations as deep-fakes and how criminals can use AI, as this has an impact on cyber security.

Purchasing a cyber insurance policy not only helps businesses transfer emerging risks. It gives them access to a range of associated services and expert advice to better protect themselves and, in case of an incident, recover more quickly.