Despite being excited about AI and all the possibilities it can bring to our personal and working lives, we need to make sure we don’t get carried away in the hype. For underneath its shiny exterior, lie new risks that cannot be ignored.
AI is currently a big talking point and is destined to remain so for the foreseeable future thanks to its seemingly infinite possibilities. We’re seeing that repetitive and routine work can easily be replaced by AI and robotics which is creating a shift towards automation in many industries. From healthcare to logistics, customer relationship management to law firms, AI is proving it can save time and make services and work processes more efficient. What’s more it is also creating new jobs and, when applied correctly, it can lead to an enormous savings for businesses.
$3.05m average reduction in data breach costs for organizations with fully developed security AI and automation – by far the leading factor in reducing the overall costs of data breach. (IBM)
Some uses for AI in different industries:
But is this new shining AI hero all it is cracked up to be?
AI pitfalls
Despite being excited about AI and all the possibilities it can bring to our personal and working lives, we need to make sure we don’t get carried away in the hype. For underneath its shiny exterior, lie new risks that cannot be ignored. The primary thing we should not forget is the human component behind the technology. With humans writing the code and humans selecting what data is used to train an AI programme there comes lots of room for error, such as machine learning bias. We must monitor its use closely to foresee and manage new risks that might not have been anticipated in all the excitement. Let’s take a closer look at ChatGPT, the world’s most popular AI, to provide an example of what companies and private individuals should consider when using any AI or machine learning based tool:
ChatGPT undoubtedly makes our lives easier – if we need to generate some content or if we have questions about a certain topic, it can invariably write some text for us or provide us with a plethora of answers. However, if the question posed is ambiguous or not precise enough, ChatGPT encounters difficulties which can skew its response. This is because it can only provide answers based on the amount of data available to it and the existing patterns it has formed as it learns. This often means the answers it provides are not 100% correct.
Furthermore, from a data protection point of view, one of the biggest concerns with ChatGPT’s model is that any data entered is used to train the tool. Initially this might seem like an ingenious idea. However, what happens if we inadvertently include sensitive data? There is the potential that this data could be presented to somebody else searching for answers to similar questions; and before we know it our sensitive dwata is unintentionally spread far and wide! We therefore need to use it with caution and ensure our employees are using it prudently too.
AI tools open the door to the next generation of digital fraud
Many of us use AI as a language tool to help create beautifully written emails without any grammar mistakes, or to perfectly craft their replies to emails in any language they want. The problem with this is that hackers are now using this tool to generate exact replicas of business emails, such as an HR department requesting your social security number, for example. With the AI learning from us with every single input it can create perfectly written phishing templates for hackers, meaning it is not so easy for us to spot phishing emails. AI is essentially making the cyber criminals’ jobs easier and turning the rest of us into an easy target.
And it doesn’t stop there. Deepfake, data poisoning and threats to physical safety are also new concerns to be considered. We’ll look briefly at each in turn:
We’ve all seen or heard about the videos of famous people fluently speaking nine different languages, or the one where Taylor Swift endorsed Donald Trump which was shared 4.5m times (February 2024). These are examples of deepfake, the next generation of digital fraud using image, video, or audio representations of people to mimicking them. Criminals are using deepfake to fool businesses into granting access to systems, authorising purchases, or transferring funds to name but a few. Deepfakes are becoming a powerful disinformation force, and so it essential we all double check what we believe online and what we share.
Data poisoning is becoming a common occurrence. Hackers deliberately and maliciously contaminate data to compromise the performance of AI and ML systems. This latest threat lowers the accuracy of the model or targets the model’s integrity by adding a “backdoor” – it’s a complicated form of hacking and has serious consequences. Simply explained, a backdoor is a form of embedded pattern in the training data which can change the answers an AI gives. Hackers often embed these backdoors with a trigger which then skews the output given. If the trigger isn’t activated, then everything runs as normal. As a result, they are often not detected for a long time.
We also need to consider our physical safety. With more and more systems such as self-driving cars, manufacturing and construction equipment, and medical systems using AI our physical safety could also be under threat. For example, if a self-driving car has a security breach and the hacker takes over the car’s steering, it’s not only a risk for the passengers but also for anyone else on the road or pavements nearby.
How can we minimise the risks?
There’s no getting away from it, AI is here to stay, but we should proceed with caution before implementing it into our organisations. Before storming ahead, we must analyse our business strategies, core values and cultures and assess how AI could help to achieve defined goals within these. To do the reverse of implementing AI and then defining the business strategy to fit with the AI spells danger and leads to uncountable risks. We need to identify which applications and tools are really needed, for what purposes, and what the consequences are of using it. For example, if a company employs chatbots, there is a lot of data being collected, including sensitive data. The company therefore needs to ensure it is meeting GDPR regulations and should seriously consider taking out cyber insurance to provide financial security in the face of any cyber-attacks.
Education and training for all employees is also key because over 90% of breaches are caused by human error. Employees are the first line of defence when it comes to cybersecurity. It doesn’t matter how secure the whole IT system is if employees are not properly trained to spot possible attacks.
In addition, ensuring we understand the data is important because if we put garbage in, we’ll get garbage out. If any of the data we add into the AI is not correctly entered or organised in the best way, it can’t help us because the technology can only use what’s there and if it’s the wrong data, it will result in the wrong solutions.
Everything is connected so it is not enough to simply take care of our own companies. We also need to check our supply chains. A sensible precaution would be to include data breach notification requirements within a specified timeframe in contracts with all suppliers and business partners.
A business continuity plan should also be in place but not simply one that somebody downloaded from the internet and is left forgotten in a file. It is necessary for us all to evaluate the impact of a disruption on everything from the people to the supply chain and deal with anything unexpected. Furthermore, it is particularly important to regularly test, maintain, and update the plan.
Cyber insurance is the last essential piece in a company’s defence against AI induced cybercrimes because it offers financial security against the damage caused by cyber incidents, and covers expenses from investigations, potential legal responsibilities, and other costs associated with data breaches. What’s more it can provide compensation for business interruption, loss of revenue and computer system restoration, as well as helps businesses navigate the complicated legal system around cyber events. Many businesses see cyber insurance coverage as a way to stand out because it highlights their dedication to safeguarding client data and shows that they are proactively taking steps in case there is a cyberattack.
We are living in an era of digitalization which means there is more and more technology around us which in turn means ever increasing cyber risks. We must face this challenge together with effective communication and transparency, to build up cyber resilience to protect electronic data and systems from cyberattacks, as well as to resume business operations quickly in case of an attack.
Anita Molitor
Cyber Specialist
T +43 664 962 40 08
Related articles
Insured by Algorithms
The insurance industry is undergoing a profound transformation, driven by the rapid adoption of AI and predictive analytics.
Beyond Moving Cargo: Why Employee Well-Being Is the Real Asset in Logistics
In today’s employee-driven market, especially for Gen Z talent, benefits aren’t just perks – they’re strategic tools for attraction and retention
The New Edition of FORWARD Magazine Is Now Available
GrECo is proud to present the latest edition of our client publication, FORWARD Magazine—now live and ready to explore.
