ARTICLE 3
Artificial intelligence: what we’ve learned so far
Businesses are increasingly exploring AI-driven solutions to achieve operational efficiencies, innovation, and differentiation in highly concentrated markets. A recent McKinsey survey revealed a surge in AI adoption in the past year, with 72% of respondents reporting implementation in at least one business function, compared to 55% in 2023.
Organisations that have adopted AI in at least 1 business function (% of respondents)1
Source: McKinsey & Company
While the opportunities are vast and ever evolving, risks related to AI implementation are also becoming clearer. For example, in March 2024, the US Securities and Exchange Commission (SEC) charged two financial advisors for making false statements around their use of AI. This incident was the first-ever enforcement action against “AI-washing”.[1]
Another emerging concern is AI-hallucinations, in which Large Language Models (LLMs) generate outputs that are inaccurate (Moffatt v. Air Canada) or fictious (Mata v. Avianca). In such an event, businesses using such tools could be exposed to potential reputational damage, regulatory scrutiny, loss of trust, and financial loss.
Although there are various uncertainties associated with AI, it is here to stay, and we are yet to scratch the surface. Lockton has taken part in various conferences and events around this topic, exploring the different perspectives of businesses considering or currently deploying AI across industries. Here are some of the key takeaway messages and lessons learnt so far.
01
AI is not a single technology.
AI and Generative AI are often used interchangeably. However, AI is an umbrella term referring to various subcategories. These include, but are not limited to, Gen AI, Machine Learning, LLMs, Natural Language Processing (NLP), neural networks and more. All have unique functions and capabilities.
02
AI is not the solution to everything.
AI-driven solutions may not always be viable, cost-efficient or suitable for a business. Identifying the problem before seeking the solution is critical, as it narrows the scope of search and ensures effectiveness and alignment with business needs. Without thorough assessment and consideration, businesses may overpromise or misrepresent the role of AI in their offering, facing the risk of AI-washing.
03
Monitoring the changing regulatory landscape is essential.
With the introduction of the EU AI Act, the first formal AI regulation, new responsibilities are imposed on businesses developing and/or deploying AI systems. The Act classifies AI according to the levels of risk, imposing stringent obligations on high-risk AI systems. Other jurisdictions are following suit, and it is crucial that businesses stay on top of latest regulatory developments to ensure compliance.
04
Integrating AI considerations into your corporate governance is fundamental.
Establishing a holistic governance approach that empowers the organisation and promotes ‘responsible AI’ as a form of best practice.[1] This creates consistency across the organisation, as well as establishes guidelines to mitigating the potential threats, whilst reaping the benefits. Governance policies should be reviewed and updated regularly.
05
Critically assess the source of risk.
Even if not utilised internally, businesses could be exposed to AI-related risks from external sources (i.e. suppliers, customers/clients, third-party vendors etc.). So, assessing your context and implementing the appropriate controls to enhance resilience against unanticipated events is critical. Especially for ensuring operational continuity and development in times of continuous uncertainty.
06
Embed robust risk management strategies across the entire AI-lifecycle.
Assessing risks throughout your AI journey is crucial, from initial stages of planning and data collection to model development and deployment. There are various threats to consider at each stage, which can jeopardise the performance, accuracy, and in certain cases, the safety of your model. Also, addressing the interconnectivity of risks is critical, as the occurrence of one event may exacerbate the likelihood or impact of another. For example, overreliance on AI for fulfilling your strategic objectives will raise the stakes if a major business interruption event occurs. Especially with the increasing costs associated with deploying and managing AI solutions.
07
Empower your people and establish a risk-aware culture.
Upskilling and training your talent are critical for ensuring smooth application and effective management of AI. Transparent communication of objectives and intentions of application will also strengthen employee confidence and trust, reducing the likelihood of loss of key personnel. The battle for AI talent is increasing, creating a shortage in specialised skills. Hence, it is crucial to retain and develop your existing talent throughout your technological transformation.
08
Examine the impact on existing risk mitigation strategies, including risk transfer arrangements (i.e. insurance).Integrating AI considerations into your corporate governance is fundamental.
Any change within the business might trigger a shift in your risk landscape. So, continuously monitoring and reviewing the effectiveness of existing controls is crucial. Additional controls must also be assessed and implemented to specifically mitigate the impact of AI-risks. Seeking both internal and external assurance can support this process. In addition, as these technologies continue to evolve, we anticipate more momentum in the insurance market in evolving existing products to include AI-risks (e.g. endorsements to include losses triggered by the use of AI). Or, developing new AI-specific insurance products (e.g. third-party liability coverage).
Our understanding and approach to managing AI-risks (opportunities and threats) will continue to evolve and change over time. So, it is fundamental for businesses to stay up to date with all developments and concerns relating to AI. As well as, integrating these changes into current and future risk management activities.