Artificial intelligence has embedded itself into the business landscape. No longer the purview of Big Tech companies alone, firms across various industries are actively integrating AI into their processes, acquiring tech startups and scouting opportunities to deploy the technology in the near future. COVID-19 has only accelerated this trend as businesses have had to contend with plummeting revenue and workforce restrictions.
But as companies increasingly look toward AI to solve business challenges and increase their profitability, what risks will they face? How might they mitigate such risks? What else should business leaders take into consideration?
Balancing Public Health and Individual Liberty
Despite the substantial benefits that the technology promises, AI deployment without safeguards poses risks at all levels of business, especially for traditional, non-tech companies. To limit severe financial and reputational harm, it is crucial that companies weigh the many benefits of AI use against the risks intrinsic to its use, as well as associated concerns from the broader community. Consider, as one particularly pertinent example, the myriad ways wherein AI has been deployed in response to the global pandemic: from contact tracing to enhanced infection risk profiling, those who develop and use such cutting-edge techniques must carefully balance the dual imperatives of public health and individual liberties.
Defending the Decisions of Algorithms
Given the self-learning and automated nature of AI, a well-known concern associated with the technology is that of “explainability,” especially with public-facing “black box” AI models that make decisions on sensitive or consequential issues such as job recruitment, credit risk assessments and medical diagnoses. A lack of transparency and traceability, particularly when using externally procured applications, exposes businesses to significant reputational harm.
For instance, numerous controversies in recent years have shown us that AI systems can inadvertently generate biased and potentially discriminatory outputs that exacerbate or even perpetuate inequalities. Organizations, especially when such adverse outcomes to customers and staff are possible, must be able to explain and defend algorithm-based decision processes and their output to a range of stakeholders, including subject-matter experts and even the legal community in cases of alleged malpractice. Big-name tech firms with dedicated AI specialists on hand have long struggled with this issue; non-tech companies are also at risk of intense public scrutiny and brand damage.
Cybercriminals Exploiting AI
Cyber risk is also a significant threat to companies using AI, especially with the rush toward digitization during the COVID-19 lockdowns. In fact, participants in a survey of more than 12,000 business executives rated cyber risk as the top risk for doing business in the U.S., the U.K., and Canada — among other developed economies — over the next decade. The growing use of AI in critical business operations will only increase vulnerability to cybercrime as hackers can gain control of entire systems simply by manipulating their underlying algorithms. AI can moreover directly enhance the arsenal of cybercriminals who can now cause disproportionate levels of harm by leveraging the speed of decision-making enabled by automated programs. Smarter cyber threats, coupled with industry’s growing reliance on digital capabilities, only escalate the risks to operations and revenue streams.
Given the complexity of the technology and the pervasiveness of its potential perils in all aspects of operations, a multifaceted and dynamic approach to governance is required to manage AI risks.
Beyond such technical hazards, businesses that adopt AI solutions, also risk reputational harm and revenue erosion if consumer data is used inappropriately or otherwise exposed. Some major tech companies have drawn sharp criticism over the last few years for allegedly misusing sensitive voice data recorded by their AI-powered digital assistants. Given Big Tech’s enduring ability to generate insights from big data and exploit personal profiles in ways that consumers have not anticipated or accepted, such scrutiny will surely persist. This public outcry for data privacy will no doubt extend to non-tech firms in the future.
Lack of Holistic Governance Standards
Finally, due to the emergent nature of this technology, companies may find themselves deploying AI in rapidly evolving regulatory environments, complicating compliance efforts. The global fragmentation of data standards creates additional regulatory discontinuities across jurisdictions. Non-tech firms that are less familiar with international differences in AI-specific legislation may struggle to align their use of AI with shifting regional mandates, thereby necessitating decentralized, and often difficult and costly, policy rollouts.
These are just some of the threats to which businesses expose themselves should they attempt to realize the benefits of AI without implementing effective and holistic governance measures. Given the complexity of the technology and the pervasiveness of its potential perils in all aspects of operations, a multifaceted and dynamic approach to governance is required to manage AI risks. It is important that businesses evaluate their use of AI technology across five areas:
- Intent: Using data in a principled manner and verifying that AI design and implementation processes are ethically aligned and appropriate.
- Fairness: Ensuring that the processes and outputs of AI systems do not unwittingly discriminate against any group or individual.
- Transparency: Verifying that AI processes are explainable and repeatable.
- Safety/Security: Establishing robust capabilities in data governance, threat protection, and user privacy so as to better defend against malicious incursions.
- Accountability: Undertaking rigorous audit and compliance assurance processes to assuage the concerns of various stakeholders — lawmakers, auditors, customers, business partners and shareholders, among others.
To activate effective governance aligned with these principles, organizations must additionally implement supporting infrastructure and processes, including an oversight committee, a risk register and testing and analytics. Training should also be provided for staff involved in development and management of AI such that they can proficiently handle the dynamic risks that this technology presents.
By framing the management of their AI solutions around the five dimensions outlined above and instituting proper governance mechanisms, businesses can ensure that they do not expose themselves to undue risk, or worse, inadvertently cause harm to broader society. In doing so, they will be able to rest easier when procuring, developing and implementing new AI solutions.
A version of this article originally appeared on NACD BoardTalk blog.