Artificial intelligence (AI) is transforming business at an unprecedented rate. Generative AI in particular has far exceeded experts' expectations, compressing decades of predicted progress into just a few years. By 2028, 62% of business leaders expect AI to be integrated into all parts of their organizations. But while 45% see AI as a great opportunity, 56% worry about the cybersecurity and privacy risks associated with this rapid adoption.
Generative AI amplifies many of the cybersecurity risks that organizations have faced for years, such as social engineering, data breaches and regulatory gaps (governance gaps). Nearly half of the leaders surveyed say data security concerns are holding back further investment in AI. The risks are tangible. For example, the child care benefit scandal in the Netherlands, caused by an early machine learning algorithm, led to thousands of innocent families being wrongly flagged as fraudulent. The consequences were financial hardship, public outrage and even loss of life. This example highlights the reputational, legal and ethical risks that arise when there is not proper oversight of AI systems.
Other challenges include a growing attack surface, ethical issues such as bias and over-automation, and inadequate governance. As AI technologies evolve and often move faster than regulation, legislation such as the EU AI Act becomes increasingly important.
"While risks around data, privacy and model bias (model bias) are real, we must also consider the broader impact on work dynamics, adoption and potential over-dependence on AI. Thoughtful planning that integrates technology with human capital and change management can significantly accelerate the return on AI investments."
- Rocco Galletto, National and Global Cybersecurity Leader, BDO Canada
To keep pace with technological change and changing legislation, organizations must establish AI governance committees with representation from multiple disciplines. A cohesive governance approach includes:
AI must be integrated into existing risk, compliance and governance frameworks, with safeguards throughout the lifecycle.
"We recommend having an AI strategy, someone responsible for AI and an AI governance committee made up of multiple stakeholders. This ensures that it is not a vulnerable component that can shut down the entire system when it fails."
- Jason Gottschalk, Partner Cybersecurity, BDO UK
Risk often arises from a lack of understanding. By fostering a culture of awareness, organizations can turn unknown risks into manageable challenges. Nearly half of organizations already provide training to employees on safe and ethical AI use, and 46% deploy AI-specific security tools.
To address current risks, organizations need to:
AI is expected to have the greatest impact in the areas of cybersecurity (55%), compliance monitoring (52%) supply chain management (50%). Now is the time to take action.
Organizations that embrace a "fail fast, learn faster" mentality are better positioned for successful AI integration. AI adoption is not only about innovation, but also about building resilience and agility in a dynamic business environment. As the technology evolves, it is essential to set clear goals, continuously monitor AI performance, update key risk indicators and anticipate regulatory changes. This approach enables organizations to build resilient governance that grows with AI, rather than resisting change and risking exposure to emerging threats.
AI offers tremendous opportunities, but without a strategic approach, it also carries significant risks. By putting governance, risk management and awareness at the center, organizations can deploy AI safely and responsibly. This will not only build trust, but also accelerate innovation and return on your AI investments.
Curious about all the insights? Download the IDC survey and discover how organizations are integrating AI into their strategy while managing risk.
