Artificial Intelligence (AI) and Machine Learning (ML) are revolutionising the business landscape and driving unprecedented changes across industries. Businesses are leveraging these technologies to create scalable solutions, improve production processes, automate tasks, and optimize customer service. However, this digital transformation is not without its challenges. It brings with it a host of reputational, regulatory, and legal risks.
The Risks of AI in Business
As AI becomes more prevalent, instances of its application violating social norms and values are rising. Prominent examples of reputational risks associated with AI include the Cambridge Analytica scandal that plunged Facebook into crisis, and accusations of gender bias against Amazon’s Rekognition face search technology.
Reputational risks can damage a company's brand image, customer loyalty, and market share. They can also lead to negative media coverage, public backlash, and boycotts. To avoid these consequences, businesses need to ensure that their AI systems are aligned with ethical principles, such as fairness, transparency, accountability, and privacy.
Regulatory risks are also a significant concern. With the changes in regulations like the EU’s General Data Protection Regulation and the California Consumer Privacy Act, businesses must navigate a complex legal landscape to ensure their AI applications are compliant. These regulations aim to protect the rights and interests of consumers and citizens in the digital age. They impose strict rules on how data can be collected, processed, stored, and shared.
Regulatory risks can expose a company to fines, lawsuits, sanctions, and loss of licenses. They can also hamper innovation and competitiveness by creating barriers to entry and limiting market access. To mitigate these risks, businesses need to adopt a proactive approach to compliance, such as conducting data audits, implementing data governance frameworks, and obtaining informed consent from data subjects.
Legal risks arise when AI systems inadvertently breach laws or contracts. For instance, Goldman Sachs faced regulatory investigation for allegedly discriminating against women by granting larger credit limits to men than women on their Apple cards. Another example was Uber's use of Greyball software to evade law enforcement officials in cities where its service was banned or restricted. Legal risks can also result in litigation, arbitration, or mediation costs. They can also damage a company's reputation and trustworthiness.
Mitigating Risks with Insurance in Australia
Australia does not currently have specific laws regulating AI or ML in business, however the Australian government has proposed a three tiered system that would classify AI tools as low, medium or high risk with increasing obligations for higher risk classifications. The Office of the Australian Information Commissioner (OAIC) emphasizes the importance of data protection regulation and governance in addressing potential risks of AI. The OAIC seeks to ensure global policy alignment where appropriate.
The insurance industry is evolving in response to these relatively new challenges, and we can anticipate a range of more specifically tailored solutions to become available locally in time. Insurers are already investing heavily in their Cyber Insurance products, which, in line with eventual government policy changes, will help transform the industry.
Moreover, insurers themselves are leveraging AI to improve their operations. Predictive analytics can help insurers assess risk more accurately, while virtual agents can streamline customer service. AI-powered insurance can offer dynamic adaptation to risks, providing businesses with tailored coverage based on real-time data. For example, some insurers adjust a company's premium based on its current risk profile, which is in turn determined by analysing data from its AI applications.
So what now?
In Australia, as elsewhere, considering how you protect yourself in relation to your use and application of AI and ML can be a game-changer. Different policies may offer varying degrees of safety net against the potential pitfalls, while allowing companies to harness the power of AI to drive innovation and growth.
However, it's crucial for businesses to understand that insurance is just one piece of the puzzle. Companies must also invest in building robust data governance frameworks, prioritizing transparency and fostering an organisational culture that values ethical AI practices. Businesses should consider seeking assistance from a technology advisor who can help with setting up risk mitigation strategies, policies around IT use, staff and systems use.
Your action plan should include:
- Speak with your insurance provider about what will be covered and what will not, to avoid operating with incorrect assumptions.
- Talk with your IT provider to assess the potential impact of failure. Take stock of how you are utilising AI - categorise based on a high, medium, and low criticality rating so you can then implement insurance and protection measures accordingly.
- Assign human oversight over business-critical decisions, rather than solely relying on automated systems.
- Perform exercises to account for failures in AI systems and assess the outcomes.
- Revamp security practices and update incident response plans.
While AI offers immense potential for businesses, it also brings significant challenges. Balancing these two aspects is key to harnessing the power of AI responsibly and sustainably. And in this balancing act, it is vital to consider what you can do yourself to mitigate the risks, what level of risk you’re willing to accept (and what you cannot), and what risk you wish to pass on to an insurer.
Written by Peter Gatt, Business Development Manager – Majestic Computer Technology
Peter Gatt, Business Development Manager
Majestic Computer Technology is an Australian Family Business that has been successfully building and delivering IT solutions in Australia for decades. Established in 1992, Majestic provides advisory, outsourced IT and business automation services to various small and medium-sized clients across multiple industries, including manufacturing, professional services, construction and engineering, health and life sciences and NFP sector. In addition to being a partner and member, Majestic is also the IT service provider for FBANZ. www.majestic.com.au
The views expressed in this content are those of the author, who is also responsible for any errors and omissions. Family Business Association provides this article for your information only. The content of the article should not be taken as advice. If you wish to explore this topic, please consult an advisor who you consider to have the expertise to provide specific advice in relation to your family business.