Magazine menu Close Magazine menu

Data and privacy

The next big business challenge: How organizations are preparing to secure AI

AI will change most industries but also brings new risks and challenges. Kaspersky’s new research looks at how enterprises worldwide are approaching it.

Author

Suraya Casey

Art by

Published on

Feb 28, 2024

minute read

Share article

Art by

Share article

interconnected technologies ai, occupation, professionals, people wearing helmets, industrial

Of all investments today, artificial intelligence (AI) is transforming enterprises, enabling them to provide improved services, automate processes and make better decisions. Business leaders must invest in the right tech at the right time, and have the people and systems in place that can guarantee success.

AI will change most industries but also brings new risks and challenges in securing enterprises and safeguarding customers.

Kaspersky’s new research aims to help businesses stay ahead of the changes AI brings, published in this 2024 report, Connecting the future of business: How leaders should prepare for using and securing AI and interconnected technologies.

About the interconnected tech research

Kaspersky surveyed 560 IT security leaders in six regions – North America (US,) Latin America (LATAM: Brazil, Chile, Columbia and Mexico,) Europe (Austria, France, Germany and Switzerland,) Middle East and Africa (META: Saudi Arabia, South Africa, Turkey and United Arab Emirates,) Russia and Asia-Pacific (APAC: China, India and Indonesia.)

insight story, ethical and ai, robot communicates with people

Related article

As AI’s influence rapidly expands, here’s how business ethics must keep up

When AI can make or break your business, how do you harness its power while staying within ethical boundaries?

  • Artificial intelligence
  • min read
    • We live in a world where algorithms can make decisions and data fuels innovation. It means ethical considerations are more critical than ever for business. They must balance using new technology to increase competitive advantage while preserving integrity and protecting customers. In our podcast Insight Story, experts Tomoko Yokoi (Switzerland,) senior business executive and researcher at Global Centre for Digital Business Transformation, IMD Business School and Andy Crouch (UK,) consultant and co-founder of ethical-AI natural language processing company, Akumen, outline how AI biases can impact business and what steps they can take to ensure its fairness. Kaspersky Global Research and Analysis Team's Dr. Amin Hasbini expands on the privacy and responsible data use implications. Not all AI is created ethically equal Andy's company Akumen found a problem that needed solving. "Scores out of five are useful, but we wanted insight from written responses like product reviews, and there was no way to do it. The team created an AI solution to identify meaning like topics, emotions and sentiment. Sentiment measures opinion – positive, negative or neutral – but emotions drive behavior. It works on text feedback anywhere, which might be about consumer goods, healthcare or anything else." Their approach uses AI differently from generative AI tools like ChatGPT. "Our AI is rule-based, human-created and human-curated. It's completely transparent and there are no algorithms as with large language models. We can dive in and make rules more nuanced if we recognize bias. With large language models, that would be complex and expensive." Andy expands on generative AI's limits for truly understanding people. "We asked ChatGPT how many emotions humans experience – it said 138,000. That doesn't help us understand what drives behavior. Our platform has 22 emotions – enough to see what drives behavior. Through our partner, Civicom, we're helping the UK's national health service (NHS) to understand what patients and staff experience." And that understanding can improve lives: Larger language models use big data pools, but there are also more contained, enterprise-level tools like ChatGPT Enterprise that businesses can furnish with their own data and control how they use it. Tomoko sees enterprise-level tools as useful but notes they can't do what big data can do. "Organizations are developing new functions around AI, like data annotators, who clean data before it goes into models. But is it foolproof? The beauty of using data from everywhere is it gives you insights you otherwise wouldn't get." Choosing ethical suppliers Luckily for companies using AI ethically, more businesses are adopting digital responsibility policies and choosing ethics-first suppliers. Tomoko gives an example. "Deutsche Telekom has been a pioneer in AI ethics. They've trained all employees to ensure AI ethics are distributed throughout the organization. At the same time, they have about 300 suppliers and ensure it's in all their contracts. So it goes beyond the boundaries of the company." But many businesses don't know where to start. Tomoko says, "Over 250 companies have committed to AI ethics, but codified mechanisms only help if they change behavior. How can we live these principles and ideals? External experts can help, and there's a case for individuals taking responsibility, which will have a collective impact." She suggests how companies frame AI ethics matters. "You can see AI ethics as value or as compliance. If it's compliance, it will be cost- or risk-driven. But AI ethics could also be a competitive advantage." Andy compares AI ethics to health and safety. "If you have a health and safety director, it's only one person's responsibility. Change won't happen unless everyone understands health and safety's importance, and especially that it drives productivity and revenue." The competitive advantage is real. McKinsey research found 72 percent of customers considered a business's AI policy before making an AI-related purchase. Tomoko highlights the importance of backing up policies with action. Which AI issues should companies care about? Tomoko outlines three places to look. "First, consider the software development lifecycle. If you're considering developing an AI product, think of how it's designed. Look for bias in the data. "Second, once it's being developed, although many companies say they're implementing AI ethics, people developing AI-driven products don't know how to apply those principles. So, look at how people use ethical principles in day-to-day software development. "Third, we test products in controlled environments. Once it launches, ask who is monitoring it and how we ensure it doesn't gather bias and that people use it correctly." Tomoko is part of IMD Business School and knows that what future executives learn about AI ethics will shape future companies' ethical behaviors with AI. She says, "First, we say everyone has a responsibility to these issues that goes beyond the company. You need to be aware of this responsibility, but also be able to make others in your team aware." Secondly, "What type of organizations do we want to build? We coach people to be able to handle multiple goals – not only profit but also social, environmental and ethical goals. We want them to walk away thinking of the future." Andy drills down into the data AI is using. "Understand how the AI model is built. Is the data you're analyzing through that AI model ethically sourced, and are you using it ethically? The lack of transparency over large language models is rife for ethical risk and bias." AI training data bias can have life-threatening impacts. Poor AI translations have been found to be jeopardizing asylum claims. Andy sees retrieval-augmented generation (RAG,) which uses more proofed datasets, as part of the solution. Can we have secure and well-regulated AI? Dr. Amin Hasbini. Head of Research Centre, Middle East, Turkey and Africa for Kaspersky Global Research and Analysis Team, thinks AI ethical standards are needed. "AI won't self-define its ethics. They must be programmed with ethical standards." Since there is almost no way the public can evaluate, critique or improve AI ethics, regulation must play a part, according to Amin. "We need security and safety by design, and continuous verification of it. That would require transparency, especially from big tech vendors, and letting the public influence how these technologies develop." He likens the challenge to that of regulating social media. "We're asking people to adopt technologies that can do much damage without giving them ways to ensure that doesn't happen. The same has happened before with social media, with it being used for data leaks and fake news. European Union regulation is moving fast around AI, but AI could be much more dangerous than social media – we need rules now." For improved ethical data use, Amin recommends asset management controls. "If well deployed, asset management controls allow data to be classified, including which is available to AI, which can be shared publicly and which needs to stay inside the organization." Andy says regulation is hard in this fast-moving space because no one knows what's coming next. "I question anyone saying they know what will happen in the next six months or beyond. But there's a lot of fear and lobbying going on – so go slow. If your AI-driven capability can't deliver because it's non-compliant, ethically or otherwise, it will be damaging." However, he believes regulation is necessary. "It will be interesting to see how they regulate something that's not easily defined and morphs quickly, but we must protect those who need protecting." Kaspersky has recently proposed six principles for ethical use of AI in the cybersecurity industry with transparency at the core. Getting started with AI ethics Our experts have straightforward advice for those business executives yet to approach AI ethics. Tomoko says, "As a mindset, remember the analog and digital worlds are the same. Your analog-world values should extend into the digital world." Andy highlights the need for both widespread knowledge and deep expertise. "Get your whole team conversant with AI, but have a well-informed friend who lives and breathes this stuff to call when there are challenges." With headlines about AI taking our jobs and AI founders like Geoffrey Hinton sounding the alarm on unregulated AI perils, it's easy to write off AI ethics as a problem too hard to fix. But these complex issues need priority. There are green shoots of change. In December 2023, the AI Alliance launched to focus on developing AI responsibly, including safety and security tools. Its 50 members include Meta, IBM, CERN and Cornell. The message may be, 'Let's not move too fast and not break things.' With OpenAI, creators of ChatGPT, not invited to the party, could the tortoise of collective corporations beat the nimble hare of innovation? AI gives business potential for great gains but comes with great risks to reputation, security and privacy. With strong ethical AI policies translated into action and widespread knowledge among employees, businesses can have more confidence to take advantage of AI's many benefits.

Respondents were either aware of or involved in cybersecurity decisions about interconnected tech such as AI, web 3.0, data spaces, digital twins, augmented reality (AR,) virtual reality (VR,) 6G and internet of things (IoT.) They worked in organizations with at least 1,000 employees across many sectors. Kaspersky asked how they’re introducing and securing AI and other interconnected technologies. Here’s what the research revealed.

AI is organizations’ significant focus for the next two years

These new technologies are an evolution that started with business intelligence then evolved into data science. We keep finding new ways to gain intelligence from data, and Generative AI is an example of this.

Head of Cybersecurity at a leading bank in Brazil

AI is becoming a cornerstone for organizations striving to stay ahead thanks to its ability to foster innovation. In cybersecurity, AI offers predictive analytics and greater adaptability. Goldman Sachs says global investment in AI will reach 200 billion US dollars by 2025.

AI is more than a technology. It’s a strategy that lets organizations navigate today’s complex business environment.

AI adoption

Nearly all organizations surveyed have already adopted (54 percent) or plan to adopt AI within two years (33 percent.)

Respondents see Generative AI (GenAI) as valuable for improving security technologies’ performance. Goldman Sachs economists Joseph Briggs and Devesh Kodnani say GenAI could boost global labor productivity by more than one percentage point yearly once its use becomes widespread.

IT companies worldwide are upskilling their workforce and undertaking GenAI pilots to avoid falling behind. IT giants Accenture pledged three billion US dollars to data and AI investment, while French tech firm Capgemini is putting two billion Euros towards GenAI over the next three years.

No previous technology wave has captured the attention of leaders and the general public as fast as GenAI […] Companies will need to reinvent how they operate with AI at the core.

Julie Sweet, Chief Executive Officer, Accenture

Securing AI

49 percent of organizations said they were extremely well, or well prepared, to secure AI. Almost 50 percent think AI is slightly or not at all hard to secure.

Compared with securing other interconnected technologies, most organizations felt more prepared to secure AI. In responding to Kaspersky’s survey, the head of cybersecurity at a Brazilian bank said, “I mostly don’t find security problems with GenAI. We already understand how to run and train it.”

While many organizations feel confident in their ability to secure AI, a little over half felt less than well-prepared to secure AI. These businesses need to do more to prepare for the inevitable scale-up of AI-based technologies.

AI makes digital trust and data compliance indispensable

AI introduces new challenges and complexities in protecting sensitive data and maintaining digital trust.

Digital trust is an aspect of customer trust. In Kaspersky podcast Insight Story, emerging tech security expert Malek Ben Salem described digital trust as, “Our confidence that our privacy is protected and secured, the reliability of digital transactions and how sure we are of the identities of those we engage with.”

Tech researchers McKinsey’s 2022 Digital Trust report said 70 percent of people trust companies to protect their privacy, but most companies aren’t meeting their expectations.

Data breaches, unauthorized access and privacy violations can erode digital trust and lead to reputation damage, lost business and regulatory consequences. Building digital trust takes time but is essential to users’ confidence in AI.

How AI impacts digital trust

AI lets organizations collect and store more data about customers, operations and interactions. This wealth of data helps gain insight but also means more risk of breaches.

AI facilitates sharing data between devices, networks and organizations. Data sharing aids collaboration, efficiency and innovation but also means more opportunities for unauthorized access.

As it is relatively new, organizations may struggle to be clear about their practices and security around AI. Without clear communication, trust may break down.

Top ways organizations are improving digital trust and compliance

Adopting zero-trust frameworks is organizations’ top response to the need to improve digital trust, with 81 percent already using or planning to adopt zero-trust within two years. Other actions include pursuing data privacy and cyber resilience regulations (74 percent) and digital sovereignty initiatives (73 percent.)

Kaspersky’s research found companies introducing zero-trust frameworks are better prepared to secure AI and other interconnected technologies: 51 percent of zero-trust framework early adopters said they were extremely well-prepared or well-prepared to secure these technologies, compared with just 27 percent of the rest.

The zero-trust canvas: Painting the future of cybersecurity

The rise of AI is opening the door for organizations to break with all traditions that don’t work for today’s tech realities. Traditional cybersecurity is vulnerable to insider attack because it relies on trusting those within a network’s perimeter while viewing outsiders as suspicious.

Enter: Zero-trust frameworks. The head of IT at cloud provider Searce said, “The zero-trust security model is the only framework that works. The traditional security model can’t do the job, especially for interconnected technologies.”

Under zero-trust frameworks, every user and device must undergo continuous multi-factor authentication (MFA) and authorization, regardless of their trust level. Users and devices get the minimum access needed for their tasks, with constant monitoring of user activity, device behavior and network traffic.

Regulation and compliance

With each territory having different data protection and privacy legislation, global organizations find it hard to achieve consistent standards around AI.

62 percent of leaders find compliance certification hard. They want to see standardized compliance processes across regulations and say online tools and platforms, with clear guidelines, would further simplify certification.

Handling growing challenges and preparing to secure AI

With the scale of change AI will likely bring, organizations must have a strategy to prepare themselves to adopt and secure it.

Kaspersky research uncovered four effective strategies to ensure readiness to secure AI and other interconnected technologies: Adopting security by design principles, training and upskilling your workforce, upgrading your cybersecurity solutions and meeting regulation and standards. The full report, Connecting the future of business, details each strategy.

Interconnected technologies like AI bring huge business opportunities but also a new era of vulnerability to serious cyberthreats. With more data collected and transmitted, cybersecurity measures must get stronger.

Organizations can use effective strategies to safeguard critical assets and fortify customer trust amid a growing interconnected landscape. Leaders must also resource cybersecurity well enough to enable access to improved cybersecurity solutions that can meet oncoming challenges.

Keywords

Research: Connecting the future of business

How leaders should prepare for using and securing AI and interconnected technologies

Download report

About authors

Suraya Casey

Suraya Casey is a freelance writer, editor and content strategist based in New Zealand. Her interests include cybersecurity, technology, climate, transport, healthcare and accessibility.

More articles by Suraya

Suggested articles

by Innovating leaders.
Innovative tech.
About Secure Futures

Secure Futures magazine is your go-to business guide for opinions, trends and insight into the world of technology and cybersecurity. We help your business to bring on the future. Brought to you by Kaspersky, the global cybersecurity experts.

  • For all other countries