In this year’s final “On Aon” episode, we take a closer look at one of the four key megatrends impacting organizations around the world: Technology. AI is driving new exposures that leaders need to identify and address. Our experts discuss the human risk in AI and the steps organizations should be taking.
Experts in this episode:
Spencer Lynch, Global Security Consulting Leader, Cyber Solutions
Adam Peckman, Head of Risk Consulting and Cyber Solutions, Asia Pacific
Additional Resources:
Evolving Technologies Are Driving Firms to Harness Opportunities and Defend Against Threats
2024 Client Trends Report: Better Decisions in Trade, Technology, Weather and Workforce
On Aon Special Edition: 2024 Business Decision Maker Survey
2024 Business Decision Maker Survey
Special Edition: Global Trade and its Impact on Supply Chain
Tweetables:
Intro:
Hi everyone, and welcome to the award-winning “On Aon” podcast, where we dive into some of the most pressing topics that businesses and organizations around the world are facing. Today, we hear from Adam Peckman for a closer look at one of the four key client megatrends impacting organizations around the world: Technology. Now, please welcome this episode’s host, Spencer Lynch.
Spencer Lynch:
My name is Spencer Lynch and I'm the Global Security Consulting Leader at Aon. In today's special On Aon episode, we're taking a closer look at a key concern among leaders, technology and specifically AI. AI is a very hot topic and for good reason. 86 percent of business leaders around the globe believe that generative AI will be transformative for their company and their industry. In fact, developments related to gen AI have the potential to add the equivalent of between $2.6 trillion and $4.4 trillion annually to the global economy. AI is driving new exposures that leaders need to identify and address, things like deep fakes, data poisoning, increased cyber attacks. With me today to discuss is Adam Peckman, the Head of Cyber Solutions in Asia-Pacific at Aon. Thanks for being here today, Adam.
Adam Peckman:
Yeah, thanks for having me along Spencer.
Spencer Lynch:
In our discussion we'll talk through several questions. How does AI increase risk exposure? How does the human element compound the risk? What can organizations do? So let's just jump into it. First question, Adam, how do you see AI increasing the cyber risk exposure?
Adam Peckman:
Unfortunately, the impacts from these recent advances in artificial intelligence have not been limited to only driving the economic and stock market outcomes. Threat actors have also been using artificial intelligence to increase the efficacy, scale, and resource efficiency of these hacking campaigns. Emblematic of this trend has been threat actors employing generative AI to improve the realism of voice or video phishing campaigns. Effectively using these AI tools to trick customers, employees, or vendors into handing over sensitive data, providing privileged access to systems, or in some instances, performing fraudulent fund transfers. This trend has only been exacerbated through the rise of shadow AI, which is a term to describe the unvetted or unsanctioned use of AI technologies by employees. Whilst there may be no bad intent from the employees using AI at work without going through the usual legal security or IT checks, it creates a new and often unsecured digital attack surface for threat actors to target. These trends are contributing to a 24 percent increase in ransomware claims and 47 percent increase in social engineering claims that we saw in quarter three 2024 on a year-on-year basis.
Spencer Lynch:
Well, Adam, that does sound like it produces some challenges, opportunities but also challenges on the human side. And I think it would be remiss of us not to also mention the regulatory side. Organizations will have to grapple with regulatory challenges. What if a data model is trained using data from certain data subjects who then exercise a right to be forgotten? Do you have to get rid of the data model? Those are the types of questions that organizations might have to grapple with. Which really brings me to my next question. With all this in mind, how do organizations manage the rapidly evolving landscape? Let's talk about the human element. How does incorporating AI into the workforce increase the risk exposure driven through the human side of the business?
Adam Peckman:
When it comes to the workforce, the broad consensus is that gen AI will help boost productivity, will allow employees to focus on more engaging and stimulative work activities, particularly knowledge workers, amongst other positive impacts. With the help of gen AI for manual repetitive tasks, the focus of many future roles could shift to being more creative and strategic. However, as discussed earlier regarding the rise in social engineering related claims, the human element remains the weakest link in defending against cyber attacks. Unlike some security issues that can be addressed through investment in new tooling or changes in processes, there are no quick fixes that can change a cyber security culture. As such, the delivery of cyber awareness training will need to adapt to address these new trends in the threat environment, such as the increased use of deep fakes, to provide employees the necessary knowledge and tools to combat these emerging technology risks. To not only safeguard themselves better, but also safeguard their organizations.
Spencer Lynch:
So with all this in mind, how can organizations manage this rapidly evolving risk landscape?
Adam Peckman:
Right, Spencer, this is a persistent challenge for companies as the pace of technology change continues to increase in velocity. And much of the experimentation and adoption of these new technologies is not yet business as usual and is often occurring at the digital frontier of their businesses. Risk leaders though cannot afford to wait until these new technology initiatives, such as the adoption of artificial intelligence, go live before investigating the risk and insurance implications. Risk leaders can play a crucial role in providing the analysis and advice to the various technology teams working on these new projects at the digital frontier of their organizations.
This can include how to adopt risk quantification techniques to better understand the financial exposure involved with implementing these new technologies through to evaluating the efficacy of the enterprise control environment to manage these new forms of risk. It should also involve exploring the role of insurance to provide effective indemnification against a range of liabilities that can emerge through the adoption of these new technologies. And lastly, risk leaders need to explore the role of their response capabilities such as incident response, business continuity, and claims protocols to minimize the operational, financial and brand impacts associated with the implementation of new technologies such as AI.
Spencer Lynch:
Great, Adam, I think that's fantastic advice for risk leaders. And going back to what we talked about at the beginning, security leaders need to be looking at what they can do to manage that. Things like testing, mapping to identify shadow IT, continuous assessment of attack paths, and education of the workforce to look for growth and development opportunities for people to take responsibility for this transition and the deployment of new technology. Well, thanks so much for joining us today, Adam. That's our show. Thank you all for listening. In the next months, we'll have more special episodes focused on the other mega-trend areas of trade and workforce. Until next time.
Outro:
Thanks for tuning in to the latest episode of “On Aon” with our episode host, Spencer Lynch, and today’s expert, Adam Peckman, for a discussion on one of the key client megatrends, technology. If you enjoyed this episode, don’t forget to subscribe wherever you get your podcasts. In the next months, we’ll have more special episodes focused on the other megatrend areas of trade and workforce. Be sure to check out our show notes and visit our website at Aon dot com to learn more about Aon.