Share this article on:
As a purpose-driven organization, BSI believes AI can be a force for good, changing lives, making a positive impact on society, and accelerating progress towards a sustainable world. In this essay, Mark Brown sets out how AI can be used to address cyber vulnerabilities, shape trust and partner with individuals and organizations on their digital journey.
Journeys worth taking often carry an element of uncertainty – and the digital journey is no exception, throwing up a number of cybersecurity considerations around personal data and who has access to information. As AI accelerates the road to digital transformation and Society 5.0, shaping how we work, rest and play, it has the potential to be a force for good for those who are well-prepared and focused on building digital trust before setting out.
You could be forgiven for thinking that AI was new on the scene, given the extent of global coverage of developments such as ChatGPT. Analysis using the Signal monitoring tool suggests coverage in top media titles of AI rose 286% in the first half of 2023 compared to the preceding six months1. In fact, it’s been revving up for years and has long been a regular discussion point at major global events such as the G7, G20 and the World Economic Forum (WEF), as shown by the latter’s 2018 Future of Jobs report2.
What’s new is that AI is now crossing over from small, contained environments into mainstream technology at a consumer level, as McKinsey’s research shows3. This brings added risk. Importantly, it offers added opportunity to drive progress across society – for those who know how to unlock it. AI has the potential to positively shape our future, including when it comes to making us more cyber-secure.
Bridging the societal gap
Clearly, AI is here to stay – in BSI’s Trust in AI Poll4 38% (vs 23% in Australia) of people around the world said their job involves AI on a daily basis, and it’s already firmly embedded within business operations and everyday consumer interactions such as targeted information and recommendations from the likes of Google5 and Amazon6. As our research indicates, the speed of this shift means that there could be a gap between the pace of change and the public’s understanding of it. For example, when we asked people about everyday items, we found low levels of awareness of how they currently interact with AI. For instance, 62% (vs 53% in Australia) use curated playlists based on past listening or viewing habits (e.g., Netflix, Spotify, Amazon) - yet only 30% (vs 27% in Australia) know these use AI.
Awareness is key here – helping people to understand that when they put data into systems and use certain technology, it is likely to be used by AI with the intent of providing benefit to the consumer – but there is also the potential for it to be used for other purposes, for example to sell them something.
It’s worth noting that whilst figures suggest the number of data breaches is going down7, the number of records being breached is going up8 as big tech firms – with huge volumes of aggregated consumer data – increasingly find themselves being targeted. Now is the moment to upskill the public - and fast. Mass societal education is critical to ensure AI can be a positive force for society.
AI as the cybersecurity gatekeeper
Major enterprise organizations already utilize SIEM tools (security information and event management) to monitor activity and remain alert to threats. At BSI alone, in line with other organizations of our size, we average around 150 million security log events per month (these are events related to security, such as login attempts, object access, and file deletion)9. For humans this is very much needle-in-a-haystack territory and that is the security opportunity for AI - to provide real-time data analysis based on a set of algorithms and rules which are predetermined by the controls that we operate as an organization.
The potential improvement is clear – shifting these tasks to AI could allow issues to be identified far quicker and without taking up employee time and energy10. With the right tools in place, there’s the prospect of the AI analysis presenting an opportunity to take remedial action before an incident even becomes significant. This could be advantageous to organizations in all sectors.
There is, of course, a critical role for humans here. In fact, our research found that people remain cautious about the use of AI for cybersecurity purposes, with 47% (vs 43% in Australia) saying they would need to have complete or a lot of trust in AI to take on the responsibility of, for example, identifying unusual or spam email activity. In the future, the ideal situation will be cybersecurity managed as a partnership between people and AI.
Assessing the risk appetite
Against this backdrop, organizations can assess their risk appetite – do they view security as a bare minimum cost? Or, as set out by McKinsey, do they see it as a route to engaging the trust of employees, partners, consumers and institutional investors, thereby creating a competitive advantage through digital trust?11
Organizations that take the long-term view may well see that, with additional investment, AI can enable them to enhance their cybersecurity, privacy or digital risk landscape and act as a proactive as well as preventative tool in their armoury. The average time to detect a breach is more than six months, according to IBM12. Yet the company’s annual Cost of Data Breach report found that AI or automation cut breach lifecycles by 108 days. In other words, AI can be a game-changer.
Not all data sets are equal
As we seek to better understand the opportunity around AI, acknowledging that there are different types of data sets can be key to unlocking their true potential.
One question to consider is: Is this data complete, or is it evolving? Identifying whether you are dealing with a fixed data set (not updated automatically, such as ChatGPT), a generative data set (which learns on the go, such as Google or Amazon) or a transient data set (relevant for a limited time period such as BBC Sport live scores) means that we can assess it on its merits. Generative data, for example, may well include missing or incorrect information. The concern is that misinformation seeps through the system and gets picked up by generative AI tools13 – so it’s important someone is taking the time to validate it. There’s an opportunity for AI here to act as a filter, helping to exclude missing or incorrect information, thus driving positive progress through the dissemination of accurate information.
Organizations that put building greater digital trust at the heart of their strategy are ideally positioned to thrive on the rapidly evolving digital journey. As we accelerate towards Society 5.0, AI can play a central role in tackling cyber risks – acting as a force for good by making us safer and more secure as individuals, organizations and society.
The above article was taken from BSI's Shaping Society 5.0 Essay Collection. In these essays, BSI’s experts look at the real-world impact of AI and share insights from the BSI Trust in AI Poll, which brings together the views of 10,000 people in nine countries. Learn more here: www.bsigroup.com/en-GB/our-services/digital-trust/shaping-society-5-0/ BSI will also be co-sponsoring the Australian Cyber Conference in Melbourne on 17-19 October 2023 (www.cyberconference.com.au). BSI will be running a series of workshops on information security and supply chain resilience. Learn more about the workshops here: https://cyberconference.com.au/images/pages/program/pdf/AISA-CYBERCON-2023-MELBOURNE-Workshop-Program.pdf?v=1210 or visit: www.bsigroup.com/en-AU |
About the author
Mark Brown joined BSI on 1st February 2021 in the role of Global Managing Director of the Consulting Services, Digital Trust business and has over 30 years of expertise in cybersecurity, data privacy and business resilience. He has previously held global leadership roles across industry organizations and professional services, including tenures as Global CISO at SABMiller plc, and Global CIO/CTO at Spectris plc, as well as leadership roles as a Senior Partner at Wipro Ltd., and was also a Partner at Ernst & Young (EY) LLP.
Mark is internationally recognized as a leading authority on information resilience with a focus on cybersecurity and data privacy, presenting a focus on the way IT can enable business strategies. He works extensively with both the UK and US Governments currently on determining proportionate and pragmatic legislation and guidance on the safe use of Artificial Intelligence (AI) and how it aligns with existing cybersecurity and privacy legislation.
About BSI
BSI is the business improvement and standards company that enables organizations to turn standards of best practice into habits of excellence, ‘inspiring trust for a more resilient world’. For over a century BSI has driven best practice in organizations around the world. Working with over 77,500 clients across 195 countries, it is a truly global business with skills and experience across all sectors including automotive, aerospace, built environment, food and retail and healthcare. Through its expertize in Standards and Knowledge, Assurance Services, Regulatory Services and Consulting Services, BSI helps clients to improve their performance, grow sustainably, manage risk, and ultimately become more resilient.
1 Figure based on a Signal search of articles where artificial intelligence was detected as a topic in publications identified as 50 of the most influential, comparing H2 2022 with H1 2023. In H2 2022, there were 2,743. in H1 2023, there were 10,594.
2 The Future of Jobs Report 2018, WEF, September 2018
3 The economic potential of generative AI: The next productivity frontier, McKinsey, June 2023
4 BSI partnered with Censuswide to survey 10,144 adults across nine markets (Australia, China, France, Germany, India, Japan, Netherlands, UK, and US) between 23rd and 29th August 2023
5 9 ways we use AI in our products, Google, January 2023
6 How Amazon uses AI to prevent damaged products from arriving on your doorstep, Amazon, July 2023
7 Data breaches declined by almost half in Q1 2023, study finds, TechInformed, May 2023
8 Cost of a data breach: behind the numbers of a cybersecurity response plan, Secureworks, July 2021
9 Figures from internal BSI data for year-to-date 2023
10 Stay Ahead of Cybersecurity Threats by Leveraging AI, Aabyss, June 2023
11 Why digital trust truly matters, McKinsey, September 2022
12 Cost of a Data Breach Report 2023, IBM, July 2023
13 How AI will turbocharge misinformation — and what we can do about it, Axios, July 2023