Despite the hype, many organisations are yet to jump on board with AI and big data
Artificial intelligence (AI) and big data solutions are important drivers for organisations seeking a competitive advantage. However, our survey indicates that many organisations are yet to jump on board.
Only 25% of respondents reported that they currently use, or intend to implement in the next 12 months, AI or big data solutions.
Of those survey respondents who are using, or who plan to implement, AI or big data solutions, only a few told us that they have undertaken a privacy impact assessment or security risk assessment of those solutions. A thorough understanding of the privacy and security impact of these new technologies will be an increasingly important aspect of understanding an organisation's cyber risk profile.
The fourth industrial revolution: at the crossroads of current and developing data-related rights
With many organisations now exploring the potential of AI, big data and the Internet of Things, the security of data as a right and an asset, as well as a liability and a cost, has taken on an increased significance. Regular, day-to-day activities that in the past would not have involved digital interaction may now leave both individuals and organisations exposed.
Organisations cannot afford to be complacent about cyber risk. They need to implement robust data governance arrangements and strategies for managing and protecting data. These should be developed with a customer-centric approach to data use.
“At a time when the law cannot keep up with the pace of technological change, it is incumbent on organisations to develop their own set of baseline privacy and data protection rules.”
The time to act is now.
Taking strong, decisive and consistent action is the best defence against a potential attack.
This means:
- developing, implementing and properly resourcing a formal cyber resilience strategy, which is regularly tested and updated
- developing and implementing tailored data breach response, business continuity and disaster recovery plans, which are regularly tested and updated
- regularly training all staff (not just IT staff) in order to embed a culture of cyber awareness and data protection across the organisation, and to ensure that everyone understands their roles and responsibilities in the event of a cyber incident
- undertaking privacy impact and security assessments when planning to adopt new technologies, AI or big data solutions
- developing governance and ethical guidelines and frameworks for the implementation and use of data
- capturing lessons learned and monitoring global developments in privacy and data protection, in order to continually assess and improve the organisation's cyber posture.