Risk briefing: how to take advantage of AI, whilst also managing risks

The rapid growth of artificial intelligence has governments, regulators and businesses working to assess the risks it may pose.

However, Philippe Cotelle says that while the risks need to be recognised it cannot be at the expense of ignoring the potential opportunities it will deliver.

As chair of FERMA’s digital committee and head of insurance risk management at Airbus Defence & Space Cotelle is ideally placed to consider the impact of AI in businesses of all shapes and sizes.

“Society is in a constant state of change,” he explains. “Artificial intelligence is another development which is driving this change. It is a rapidly evolving risk and as risk managers it is therefore imperative that we understand and manage this risk.”

He stresses while every technological breakthrough brings risks, they also bring opportunities.

“AI has the potential to improve business operations,” Cotelle explains. “As such we have to ensure that we can identify the opportunities that this new technology can bring, while mitigating the potential exposures it creates.

“The technology is new, but organisations have had to implement many new systems in the past and we have successfully identified the associated risks and created the systems to manage those risks.”

Cyber threats remain

Cotelle adds the threat of cyber-attacks remains and it is a risk which comes with a high degree of uncertainty and exposure.

“We only have to look at the recent CrowdStrike event to understand what the potential impacts to businesses are,” he adds. “Such events have the potential to affect organisations across any market.

“We also have to take into account that the risks continue to evolve as threat actors launch new forms of attacks on companies’ systems. The challenge is the speed of innovation.

“We have seen a rise in the number and sophistication of new threats”

Cotelle says generative AI in particular is improving the attacker’s toolbox and is therefore creating new threats for businesses.

“We have seen a rise in the number and sophistication of new threats such as the use of deep fake, where we cannot be certain whether the person on the other end of a video call is actually real,” he says.

“AI is also reducing the time and cost of these attacks. That brings with it a new threat for SMEs as with a lower cost of attack, they are now under greater threat particularly as they have less sophisticated cyber security measures in place.”

New protection opportunities

Companies can benefit from artificial intelligence in terms of its ability to enhance the way in which they can protect themselves and identify threats far earlier.

Cotelle says: “We are in a race… For the risk manager the effective management of AI and cyber risks requires a similar approach to any other risk which challenges the business.

“What we need to do is ensure that we are upskilling our staff. We have to put in place steps to enable them to understand the IT systems in place and ensure they have the ability to identify the steps needed to maintain security and reduce risk.”

An evolving regulatory landscape

Regulation is moving at pace as many nations looking to how they can regulate the use of AI and with it the risks.

The European Artificial Intelligence Act came into force on 1 August. The Act aims to “foster responsible artificial intelligence development and deployment in the EU”.

It was designed to provide developers and deployers with clear requirements and obligations regarding specific uses of AI while reducing administrative and financial burdens for businesses.

The act introduced a uniform framework across all EU countries, based on what the EU described as a forward-looking definition of AI and a risk-based approach.

“As businesses we need to make sure we know the rules in the countries in which we operate and how they may differ”

Cotelle says: “We encourage every company to identify someone who is tasked with ensuring that they are compliant with the new AI act.

“It is likely some companies may not have considered the need to understand the implications of the act for their businesses. It is therefore important that someone is given the responsibility to ensure that compliance is achieved.”

He adds it may well prove to be more a challenge for a European company that has international subsidiaries. For instance, at present the European Union and the United States have different systems.

“As businesses we need to make sure we know the rules in the countries in which we operate and how they may differ,” he continues.

How FERMA is responding to cyber threats

With a month to go before European risk managers meet in Madrid for the Ferma Forum Cotelle says: “The risks around cyber and artificial intelligence will certainly be on the agenda of the Forum in Madrid.

“Ferma has been proactive on the issue of new technology, AI and cyber risk. We have produced a number of publications on these risks and how best to manage them.

“We will be discussing the use and risks around technology in Madrid, but we will also be looking at the opportunities.”

He adds there will also be a focus on risk engineering and how to improve and optimise the use of AI.

“It is important that we get the risk management right, and it should be approached as we would any other risk facing the business.”

On what risk managers can and should do in the face of the rapid introduction of AI within business operations Cotelle says: “It is important to remember that AI is in fact a technology system.

“Understanding the threats to the security of that system is a big part of the journey. AI systems should be managed with a risk-based approach that has a focus on the data.

“Compared to other areas of our risk management strategy, the way we approach and protect the data is a major component of what we do. Technology continues to have a dynamic effect on how companies operate, and we simply cannot afford to ignore artificial intelligence.

“It is important that we get the risk management right, and it should be approached as we would any other risk facing the business. However, we also have to make sure that the way we manage AI enables the business to make the most of the opportunities it can deliver.”