According to a recent report by McKinsey, “Generative AI has the potential to change the anatomy of work” and will “substantially increase labor productivity across the economy”. At the time of writing, they have identified 63 Generative AI use cases spanning 16 business functions, which gives you some idea of the level of potential transformation. Of course, productivity, efficiency and effectiveness are the holy grails for organisations who want to achieve long-term success in a changing world, so this news has been met with great excitement.
However, amidst the excitement, one word rears its head time and again: risk. Generative AI is still in its very early days, after all. And so, businesses need to think carefully about how it is deployed in their organisations – and what the potential outcomes could be. “This comes down to risk tolerance and risk appetite,” says Quentyn Taylor, Canon EMEA’s Senior Director – Information Security and Global Response. “For example, are we willing to accept an AI responding to customer queries, when it will very occasionally get it wrong?” This is just one way in which GenAI could be used to increase efficiency, but as Quentyn points out, what is the reputational risk when a customer receives incorrect information? It very much depends on the product and the customer, and this is the big challenge for businesses – having a clear understanding of the places where Gen AI can add true value, and those where there is no level of acceptable risk. In order to even begin to make these judgements, it’s therefore critical to understand just what the risks could be.
Protecting Intellectual Property and commercially sensitive information
This is the area which has been most immediately addressed by most organisations, with some putting a blanket ban on the use of any Generative AI tools and services to protect and preserve their corporate privacy. Essentially, everything you enter into a GenAI model becomes training data. So, if you were to ask it to write a speech for an exciting product release, supplying all details of that product in the request, then you’ve essentially just uploaded business critical, embargoed information to a globally used tool. If your business lives and dies by its IP, then this is a level of unacceptable risk. “On the other hand,” says Quentyn, “if you used Generative AI to write 300 slightly varying descriptions for existing products, is that a problem? Probably not.” Another perspective to consider is the effort of policing the issue versus outcome: “Is stifling the use of GenAI an effective use of our time? Can we fully block access when there are thousands of new tools being released every day?” he asks.