Data-Driven Defense: AI as the New Frontier in Business Security

By on
Read more about author Prasad Sabbineni.

Major business setbacks due to risk management failures happen every year. They are also some of the costliest, adding up to millions of dollars in regulatory fines, lawsuits, payouts, and lost brand value. Leaders want to avoid these types of issues and rely on sound internal data management to mitigate risk and maintain confidence and trust with their stakeholders.

Yet according to Thomson Reuters Regulatory Intelligence’s 2023 Cost of Compliance Report, 45% of leaders say they don’t monitor their cost of compliance with regulations across their organizations. Why? It’s still overwhelmingly difficult to do well.

But perhaps, soon enough, it won’t be. Businesses have long utilized traditional AI/ML processes to enhance operations. The emergence of next-generation generative AI technology (GenAI) presents a significant opportunity to revolutionize predictive capabilities and content generation, promising a transformative impact on businesses.

This piece explores how businesses can protect their organization – and their capital – by embracing AI’s most valuable features. Business leaders who may be nervous about integrating GenAI into their operations should consider the quantified value of efficiencies this technology can produce in risk management alone. AI’s most powerful value is to assist human workers, adding value, helping to govern the organization more efficiently, and empowering employees to make strategic decisions instead of spending time on inefficient manual tasks. 

AI Streamlines Siloed Business Operations

If the past several years of post-pandemic digital transformation have taught business leaders anything, it’s that an organization’s ability to share data and work cross-functionally is critical to keeping pace as a modern enterprise. Siloed structures may solve short-term problems, but they hamper an organization’s successful navigation of larger issues like business risk. 

GenAI solves for siloes through its power of integration: businesses can train large language models on vast amounts of unstructured and historical data to synthesize a more complete, streamlined view of the business. This poses a clear benefit for risk managers and leaders alike, who must contend with the consequences of complex and interconnected threats to their business daily.

By integrating various data sources, GenAI can overcome these silos and provide a holistic view of risk across the organization.

The Boeing 737 MAX crisis serves as a poignant example of how fragmented enterprise insights can culminate in a major crisis. Due to the siloed organizational structure of Boeing’s separate engineering, manufacturing, and safety oversight divisions, paired with the complexity of building the MAX aircraft, Boeing inherently made mistakes with severe consequences. This culminated in a crash in 2018 shortly after takeoff. Investigators found design flaws and pilot concerns during training that went unreported. 

Though oversights by quality control engineers played an equally significant role in the failures at hand, had AI been more available, sophisticated, or utilized by the Boeing team in a risk setting, it’s possible that more effective controls would have been established – and constantly monitored – to catch the types of risks, oversights, and frontline reports from pilots in training. NLP algorithms in use today have the capabilities to process vast amounts of text data from pilot reports, maintenance records, and safety-related documents, to detect early signs of safety concerns, alerting risk managers to mistakes in the dataset. This example underscores the importance of integrated risk management processes, which GenAI could have helped streamline and avoid if those solutions were available at the time.

AI Monitors and Alerts Changes to a System

The only constant in business is change. Leaders bear the responsibility of staying on top of all business changes, big and small, which is increasingly hard to do given the rapid pace of digitalization. In the world of risk, regulatory changes are among the toughest to track.

Regulatory changes happen on a massive scale and in huge volumes and it’s impossible for one person, or even one team, to keep up. Large global businesses employ thousands of people, aided by antiquated technology, to keep up with regulatory changes and monitor business and customer information for breaches of compliance. Failure to comply can result in fines or worse: a serious risk event that could lead to devastating reputational damage.

Take Wells Fargo, one of the largest U.S. banks, which in 2016 was caught opening millions of unauthorized accounts without customers’ knowledge or consent. This violation of multiple regulations including the Dodd-Frank Act eventually resulted in heavy regulatory sanctions against the bank and its management team and a huge hit to its stock price and profits. In the end, experts calculated $3 billion paid in penalties and the bank reported a 50% loss in profit for the quarter following the event. 

Compliance, long considered a growing cost center for large businesses, has the potential to revolutionize with GenAI. These AI tools are improving in their ability to proactively identify, assess, and address patterns and changes to a system, such as compliance risks. In the future, banks could use GenAI to help prevent regulatory violations, improve transparency, and rebuild trust with customers, regulators, and investors through real-time insights and predictive analytics brought about by properly trained LLM capabilities. 

AI Anticipates and Detects Threats to Business Security

For data professionals, the lingering threat of cybercrime is always top of mind. Risk experts have long predicted that cybercrime will continue to rise as sophisticated digitalization grows. The damaging costs of cybercrime will also continue to grow: one report anticipates the total global cost of cybercrime damage is expected to reach $10.5 trillion annually by 2025, up from $3 trillion just a decade ago.

Threat actors will learn to leverage new iterative AI tools like GenAI to make cyberattacks and threat actions more efficient at a greater scale. Organizations, then, need equally powerful GenAI tools to feel empowered to construct intelligent, secure, and automated systems capable of real-time threat detection, prevention, and preemption. 

In a recent example of the importance of robust data security, AT&T disclosed a major data leak impacting over 70 million current and former customers. The leak included sensitive information like social security numbers. While the source of the leak is still under investigation, this incident underscores the critical role AI can play in data security. GenAI’s ability to analyze vast amounts of data can help identify suspicious activity and prevent data breaches.

In October 2023 MGM Resorts, one of the world’s largest gambling firms, was hit by a major cyberattack that put consumers’ personal data at risk and ultimately shut down casino operations to mitigate the damage. It was one of the biggest cyberattacks of the year, with operational disruptions incurring a reported $100 million hit to MGM’s quarterly results. What put MGM at such risk? The hackers succeeded in breaching an IT security vendor’s systems through sophisticated phishing methods – and this was not this group’s only high-profile cyberattack. Though MGM reacted as fast as they could, the attack still caused a devastating and costly outcome for the casino group.

Today, this type of attack could be even more sophisticated – but twice as preventable with the right digital tools. From NLP to automated workflows, machine learning, and face detection, companies can build or contract with GenAI that encompass a range of features, including automatic threat detection. To strengthen a risk management approach, leaders need to turn to security-focused efficiencies AI provides, including prioritization, analytics, and continuous monitoring across multiple nuanced cyber frameworks.

The Future of AI in Safeguarding Businesses from Risk

In all these examples, the cost of risk, compliance, and security can be staggering when a critical event happens. What’s more, risk events do not stop – they grow and get increasingly complex. 

Of course, protecting capital is not the only benefit of leveraging AI. Looking at the cost of compliance alone is a narrow viewpoint when GenAI can do so much more for businesses through the efficiencies it creates in risk management. Frequently, companies duplicate efforts in parts of their risk management strategy, and undertest in other areas. GenAI can quickly identify gaps and duplicates in internal controls, helping leaders keep their governance, risk, and compliance (GRC) efforts seamless.

GenAI is a promising technology for GRC functions because its capabilities can help leaders generate reports more easily, simulate threat scenarios, anticipate risks and act faster, ultimately leading to a capital net benefit. Anticipating risks means a clearer path to avoiding costly problems.

The upfront costs of implementing GenAI may seem daunting: Businesses will have to use their own data to properly calibrate LLMs for specific functions or invest further in developing their bespoke algorithms.  However, the potential to streamline operations, proactively identify threats, and ensure regulatory compliance far outweighs the initial investment. By leveraging AI’s analytical prowess, businesses can not only save money but also gain a significant competitive advantage. The future of risk management is undoubtedly tied to GenAI and may perhaps hint at a future where artificial general intelligence (AGI) plays a greater cognitive role alongside human risk managers – and businesses that embrace this technology will be well-positioned to weather future storms and achieve long-term success.