As businesses increasingly embrace generative AI (Gen AI) for transformative solutions, concerns about potential cybersecurity risks are escalating. John Farley, Managing Director of Cyber at Gallagher, sheds light on the evolving cyber landscape, AI-related risks, and offers advice to businesses on effective cybersecurity measures.
Evolution of Cyber Risks:
Over the past decades, cyber risks have evolved from viruses and system glitches to sophisticated threats like ransomware. The landscape shifted towards data theft, social engineering, and regulatory challenges, with many organizations now facing multiple compliance obligations. Today, non-compliance poses significant legal and reputational risks.
AI Cyber Risks Identified by Gallagher:
Data Bias: Inaccuracies in AI training data can lead to unfair assumptions or discriminatory practices.Misinformation Campaigns: Malicious actors may exploit generative AI for misinformation, requiring careful consideration before relying on AI-derived advice.Regulatory Risk: As AI regulations are in their infancy, increased scrutiny is anticipated, extending to contributors and users.Privacy Liability: Privacy laws related to personally identifiable information (PII) apply to AI usage, necessitating legal compliance considerations.Intellectual Property Liability: Organizations must be cautious about IP liability risks when AI incorporates intellectual property.Cybersecurity Landscape in 2024:
Ransomware Evolution: New ransomware variants, higher ransom demands, and broader impacts across industries are expected. Double extortion trends, involving data encryption and exfiltration threats, will persist.Regulatory Landscape: Heightened regulatory risk, especially in privacy laws and data collection compliance, may impact various industry sectors.AI Adoption Challenges: AI adoption may introduce unintended consequences such as data bias, privacy concerns, risks related to intellectual property, and professional liability.Advice for Businesses:
Implement robust cybersecurity controls, including multi-factor authentication, EDR tools, patch management, data backup practices, VPNs, and PAM programs.Develop an incident response plan and conduct tabletop exercises to test preparedness for cyber incidents.Be aware of the patchwork of privacy laws and regulatory requirements, seeking legal advice for compliance.Consider purchasing cyber insurance to cover costs associated with crisis management, cyber extortion, business interruption, data restoration, and third-party lawsuits.As businesses navigate the intricate relationship between AI adoption and cybersecurity, Farley emphasizes the importance of proactive measures, collaboration across sectors, and ongoing vigilance to mitigate emerging risks. The evolving landscape demands a holistic approach to cybersecurity in the era of AI.
