Value vs. Risk – A Thoughtful Approach to Generative AI

For CIOs and CISOs, there’s nothing new about managing internal expectations on emerging technologies, but the recent advancements in artificial intelligence have caused an increased and urgent demand for the evaluation and adoption of generative AI models. 

There is no question that these breakthrough tools, such as ChatGPT, are just the beginning, but CIOs and CISOs must temper expectations and ensure a thoughtful approach to building AI models that will add value and reduce risk. How can technology leaders collaborate to ensure the IT and security functions – along with the wider organization – are prepared for a new frontier in automation?

Recently, CIOs and CISOs in New Jersey joined a Town Hall discussion on how to develop and implement a thoughtful approach to generative AI. Community members Madhu Thekk, Cybersecurity Officer at Siemens Financial Services; Michael Mahar, Vice President, Technology at Wyndham Hotels and Resorts; Tim Green, Cyber Defense Officer at Kearny Bank; Jim Le Mon, Head of Unified Communications & Collaboration at UBS Inc.; Mary Kaye Nardone, CISO at Lakeland Bank; and Rich Menta, Senior Information Security Leader at Bausch Health served as discussion leaders. 

They led small breakout groups of executives discussing communicating and quantifying the benefits and risks of generative AI adoption, identifying and aligning business use cases for AI implementation, and balancing AI governance with existing IT and security regulations.

Governing Body Member Madhu Thekk of Siemens Financial Services kicked off the discussion by commenting on some recent findings from an Evanta survey on generative AI. He believes a key opportunity with AI is improving efficiency. That was also a finding in the survey, with 30% of executives who responded citing “improving current processes” as an opportunity with AI in the future. 

Madhu also cited some of the risks their organization is concerned about, such as fake information that is used to create phishing attacks. In the survey, the top two concerns among all Evanta executives were data privacy and security.
 

Key Takeaways from the Discussion

Data quality is key.
Several executives pointed out that – like in most areas of data and analytics – data quality is critical in exploring the potential use cases for AI. One leader pointed out that you don’t want a case of “garbage in, garbage out,” while another noted that “training a model requires good data.” 
 

Collaborate across the organization on use cases.
Many executives shared that their organizations are standing up a steering committee or group to evaluate potential use cases of AI. One CISO noted that they are trying to “capture the organization’s creativity” around use cases, including ways to improve processes and create efficiencies. Executives also felt that cross-functional working groups would help with tracking the fast-moving changes and advancements in AI.
 

Leverage your partners for help and ideas.
Other CIOs and CISOs noted that they are leveraging the strength of their partners on AI and evaluating what they are doing. One leader said that partners have been a good source in “looking at what opportunities there might be for your organization to use their trained model.” Another CIO noted that it’s important to have guardrails in place for the data the vendor might be using.
 

Security is a major concern.
As one CISO said, they have to “stay up on what the bad actors are doing, along with what’s happening with the technology.” Another executive agreed and said they have changed their training around phishing emails because the classic red flags of bad spelling and grammar are no longer characteristics of AI-generated emails, and the team has to “go to higher levels of phish recognition.” 

Overall CIOs and CISOs are excited about the possibilities of generative AI, but determined to guard against the risks to their organizations. It’s a challenge to keep up with the changes, as one CISO noted, “Everyday there are new issues or new possible regulations around the world.” But the executives also agreed that it’s “not an option to not be in the game” when it comes to generative AI. 

For more conversations with your peers on AI and other top priorities for CIOs and CISOs, find your local Evanta Community, or see when your local CIO and CISO community is gathering next here.