CISOs should adopt new forms of trust, risk management for AI: Report

Organisations need to embed new strategies for artificial intelligence (AI) trust, transparency, and security by 2026 so as to take advantage of the technology’s full business benefits, a new report by research firm Gartner said on Wednesday. 

Gartner found that firms that operationalise AI trust, risk, and security management (TRiSM) could reap up to a 50% advantage when it comes to AI adoption, meeting their business goals with the technology, and user satisfaction. 

TRiSM is a broad term that apples to a suite of strategies and technologies, including those that help to keep generative AI models explainable and performing as intended, as well as security applications to protect AI systems from external threats. 

CISOs that work to increase the speed of their AI model-to-production, or who enable better governance and rationalise their firm’s AI model portfolio could eliminate up to 80% of faulty and illegitimate information across the same period, according to Gartner. 

Gartner said, in such a scenario, CISOs must view AI as its own application, necessitating new strategies and complementary technologies outside of their normal workflow. 

“It calls for education and cross-team collaboration,” said Jeremy D’Hoinne, VP analyst at Gartner. “CISOs must have a clear understanding of their AI responsibilities within the broader dedicated AI teams, which can include staff from the legal, compliance, and IT and data analytics teams.” 

This is more important because a recent study found OpenAI’s generative AI chatbot ChatGPT produced incorrect answers to programming questions 52% of the time. Researchers also noted that because users tend to prefer the language style of ChatGPT’s answers, mistakes were often overlooked. 
Workforce training on the risks posed by AI, as well as ethical AI use, could become an indispensable part of the CISO’s toolbox in the coming years, D’Hoinne added. 

Not only Gartner researchers, industry experts have also spoken about the risks posed by AI and the enterprise challenges associated with it. “While it may seem that AI is taking off in the mainstream commercial market, we have only scratched the surface of this technology’s potential impact,” said Nidhi Srivastava is Vice President and Global Head, Google Cloud Business at Tata Consultancy Services (TCS).   

AI’s power is embedding itself in everyday life — but further adoption and business impacts still hinge on trust, she said, giving an example from the healthcare sector. “With a doctor’s oversight, AI-driven robots perform surgeries with amazing accuracy. But what happens when AI is the force behind genome sequencing, connected wellness and personalized treatment regimens? Will people trust a machine to take what could be a life-or-death medical decision?” she wrote in a TechCircle opinion piece. 
Explainable AI is really the X- factor for the success of the AI ecosystem,” said Kashyap Kompella, CEO of RPA2AI Research, at the Mint Digital Innovation Summit & Awards on June 9, 2023.  

“Broadly, we want the AI systems that we're deploying in the world to be accountable and to be transparent,” said Kompella, adding that this will also make AI systems more transparent and make people trust them more. 

Gartner too recommends CISOs might need to recalibrate expectations within and outside of the team and follow practices such as, ensuring the right level of explainability, driving staff awareness across the organisation through a formal AI risk education campaign, and support model reliability, trustworthiness and security by incorporating risk management into model operations.