Seven ways businesses can manage AI risks

Practical measures that businesses should implement to mitigate the emerging risks of using GenAI

Seven ways businesses can manage AI risks

Cyber

By

This article was created in partnership with QBE.

by Jaini Gudhka, Senior Risk Manager, QBE Europe

For businesses, Generative Artificial Intelligence (GenAI) is both exciting and daunting. Users of GenAI reached around 77 million in the two years following the November 2022 release of ChatGPT – which is more than double the rate of uptake for mobile phones at the height of their user adoption.

Undoubtedly, GenAI can give a competitive edge, by speeding up operations for instance. But this fast-evolving technology poses new risks to data privacy, intellectual property or sound decision making. While businesses are increasingly looking to engage with the new opportunities that AI offers, many are simultaneously grappling to understand and manage the full risk landscape that it operates within.

Research from Riskonnect revealed that although 93% of surveyed companies were aware of AI-related dangers, only 17% have briefed their workforce or implemented any training – and only 9% said that their organization was prepared for these risks.

While uncertainty around AI might lead some to try a ‘wait and see’ approach, risk managers should examine how GenAI applications are being applied to internal and external business operations in more detail. Short- and long-term planning should combine a robust risk management framework alongside structured scenario testing to address potential dangers.

 For entrepreneurs who want to experiment with GenAI in a safe way, we have compiled a seven-point checklist to mitigate those risks:

  1. Choose your tool

Many AI tools will capture the data input for their own machine-learning processes. Make sure the one you select meets client confidentiality and information security standards. The National Cyber Security Centre provides some guidelines for secure AI system development.
Include data and cyber requirements in the Service Level Agreement and consider contractual protections if your own service delivery model will rely on output from an AI tool.

  1. Do your due diligence

When selecting third-party providers who will have access to your and your clients’ data, check their AI safeguards.

  1. Detail your data

Keep a record of what data you have, its quality, value, and where it is stored.

  • Is your data relevant and adequate for your needs? Is it reliable?
  • Do you need additional sources and if so, which sources?
  • Is the data held in silos?
  • Has it been corrupted or infiltrated?

You should include a detailed data strategy in your AI risk management plan, and use a diversity of sources to mitigate the risks of bias.

  1. Polish your policies
  • Keep accountability and governance front and centre when updating policies and procedures
  • Include AI in your risk register
  • Update your acceptable use documentation to specify which AI tools can be used, on what devices, and for what purposes
  • Review supervision processes and ensure that AI-assisted outputs are checked by a person on a risk-assessed basis
  • Test your data security regularly, using trusted independent agencies to assess vulnerabilities. Include misuse of AI in your disciplinary processes.
  1. Beat breaches
  • Use multi-factor authentication (MFA) and digital certificates to secure communications
  • Set up internal-only channels for colleagues to share documents
  • For important actions like high-value bank transfers, have a process requiring the operation to be verified via a secure communication channel, that is not initiated by the requester.
  1. Educate your employees
  • Regular training is essential for employees to help defeat breaches
  • People must be familiar with the AI tools which the business has approved for use, and the associated workflows, processes and risk controls
  • They should also be aware of the wider implications. When used inappropriately, AI might lead to error replication and bias reinforcement. So critical assessment skills are crucial to identify errors, hallucinations or bias. That should be on top of AI literacy and data management training
  • Employees should also be wary of such innovations as deep-fakes and how criminals can use AI, as this has an impact on cyber security.
  1. Take cover

Purchasing a cyber insurance policy not only helps businesses transfer emerging risks. It gives them access to a range of associated services and expert advice to better protect themselves and, in case of an incident, recover more quickly.

By taking these reasonable steps, businesses should feel confident enough to experiment with GenAI, rolling out the innovations that are right for them and their clients.

Find out more on how QBE can help elevate your business here.

Related Stories

LATEST NEWS

Lloyd’s to end Dive In Festival after 2026
DIVERSITY & INCLUSION

Lloyd’s to end Dive In Festival after 2026

Low-carbon power is becoming a catastrophe risk class
INSURANCE NEWS

Low-carbon power is becoming a catastrophe risk class

Hormuz blockade forces marine brokers to rethink risk across world’s trade chokepoints
MARINE

Hormuz blockade forces marine brokers to rethink risk across world’s trade chokepoints

AI as an inclusion tool: James Potter on broking, transformation and the human edge
TRANSFORMATION

AI as an inclusion tool: James Potter on broking, transformation and the human edge

Momentum delivers double-digit growth with £20.6 million turnover
INSURANCE NEWS

Momentum delivers double-digit growth with £20.6 million turnover

Keep up with the latest news and events

Join our mailing list, it’s free!