We’ve all heard about the dangers of artificial intelligence in cybersecurity and the ways in which AI is turbo-charging cyberattacks.
But, being aware isn’t always enough – new research from CyXcel reveals nearly a third (31%) of UK businesses don’t have an AI governance policy in place, and a further 29% have only just implemented their first AI risk strategy.
AI isn’t the only concern though – and to try and help organizations manage these threats, CyXcel has launched a Digital Risk Management platform –TechRadar Pro sat down with Megha Kumar, CyXcel’s Chief Product Officer and Head of Geopolitical Risk, to find out more.
Regulatory compliance
In fact, there are seven categories of risk tracked on the platform; Cyber, Geopolitics, Technology, Regulations, Supply Chain, AI Governance, and Corporate Responsibility – with 190+ risks across these metrics
The platform categorises risks and outlines your businesses exposure, as well as the probability and severity of the impact.
“At CyXL we combine expertise in cyber, legal, technical, and geopolitical risks in a seamless way because the risks are interconnected. So whatever controls, remediations, and management processes a government or a company is going to put in place needs to be intersectional.”
Kumar gives me a demonstration of the platform, which is pretty user friendly and easy to navigate, even for someone who’s not particularly familiar with risk management platforms (like me!).
“Severity times probability gives you a risk rating,” Kumar explains, “You can see all the perils in supply chain on that heat map in one go, you can see the nature of losses that would occur if those risks materialized, and you can explore individual perils and their severity and their probability across EU, US, and UK.”
The user can set their preferences to as many or as few ‘perils’ as they want, so if you’re in the cybersecurity team, you don’t have to wade through the many and growing geopolitical risks just to assess your exposure (even if it might be relevant!).
“So if you’re head of procurement, you may not be interested in the other verticals of the DRM and you only want to explore the supply chain – have at it. The supply chain module will give you a heat map. A heat map is based on a risk evaluation of severity times probability.”
But how are the risks calculated? Well, it’s essentially a 12 month forecast, assembled by a “team of interdisciplinary experts” who work with external independent analysts to produce a sector agnostic rating. Once an exposure is identified, the platform offers a questionnaire for the user, which determines the exposure score.
In your corner
CyXcel is a division of Weightmans, one of the UK’s leading law firms, and the risk management platform also comes with bespoke technical remediation plans and premium plans offering one-to-one conversations with experts in each 7 fields.
Because CyXcel is a legal service, these conversations fall under client privilege, so you can assess your vulnerabilities in entirety without fear of further exposure.
“We believe in our methodology and our expertise so much,” Kumar explains, “we are willing to stand next to you in court to justify it. How much more guarantee can I provide to you? That is how far I’m willing to go to stand up for it.”
If you’re in the UK, CyXcel offers legal support for regulatory enforcement, litigation, and dispute resolution through Weightmans – in the US they have a partner network to provide these services, as well as additional support in 55 other countries.
“No cybersecurity is 100%. Everybody knows that. I would be a fool to offer that to anybody. What I can offer is the best resilience on the basis of the company, your investment, your ability to implement the changes. And if you still do get breached, we can be very confident you will recover faster, that damage will be less.”
Organisations at risk
It’s difficult to talk about anything in the tech space without mentioning AI, and as an important part of the DRM, CyXcel recognizes although AI presents opportunities, it also presents serious dangers. Kumar explains; “because everybody can use AI, head of HR to head of finance to reception, that means that the exposure surface is very wide.”
There’s a “critical gap” that puts businesses at risk, with CyXcel research finding that nearly a fifth (18%) of UK and US companies surveyed are not prepared for “AI data poisoning” – putting them in danger of data breaches, reputational harm, disruptions, and regulatory fines.
“You can mislead it [a chatbot], you can poison its data well with so much harmful or misleading or incorrect information that its view of the world gets a little bit warped basically,” explains Kumar.
That’s not all though, with data extraction attacks, biometrics, and even deepfake attacks which are estimated to cause up to $40 billion in losses by 2027. This makes safe and secure AI adoption and use even more important.
“All sensible, responsible companies constantly check for harmful behavior and the safety guardrails and for harm,” Kumar concludes.
