The Importance Of Cooperation In AI And Cybersecurity Compliance

0
The Importance Of Cooperation In AI And Cybersecurity Compliance

Artificial intelligence (AI) and cybersecurity regulation are poised to escalate — and companies can do more to prepare for impending changes. On October 30, 2023, the White House issued an Executive Order related to the impacts of AI evolution on cybersecurity, which signals the pressing need to take regulatory action.

A current focus is the Cybersecurity and Infrastructure Security Agency’s (CISA) proposed reporting requirements following cyberattacks. If the requirements are approved, entities would have to report cyber incidents to CISA within 72 hours and ransom payments within 24 hours.

The Department of Homeland Security, which oversees CISA, noted in a report released in May that the agency expects to develop additional strategies and invest more resources in the coming years to protect against cybersecurity and AI threats.

Close collaboration between industries and the government is essential for the security and fairness of AI applications. Here’s what companies can do to prepare for upcoming regulations and how cooperation is factoring into those efforts:

Stay Informed

It helps for companies to stay informed about evolving regulation changes. “Government websites are a crucial resource,” said Yasmin Karimli, CIO at SST Partners and former VP of cybersecurity transformation at T-Mobile, during a recent conversation with me. Continued Karimli, “It is imperative that enterprises remain informed about the timeline for proposed regulations and to prepare adequately for compliance.”

“Understanding the regulatory process enables enterprises to engage effectively, providing comments and feedback during the rule-making period. Having a robust plan in place ensures timely compliance with new requirements and minimizing disruptions to operations, while upholding the necessary security standards,” Karimli added.

SANS, a leading cybersecurity research and training organization, highlighted the need to stay informed in a cyber threat intelligence (CTI) survey released in May. The most widely used sources among survey participants included:

  • Vendor threat feeds (80%)
  • Published intelligence reports (80%)
  • Community or industry groups (79%)
  • External sources such as media reports and news (85%)

Similarly, Karimli stressed the need for companies to remain in step with industry and trade groups: “By actively engaging with these organizations, we can collectively assess the impact of emerging regulations on our enterprise and collaborate on formulating appropriate responses. This proactive approach will enable us to navigate regulatory challenges effectively and adapt our strategies to align with evolving legal frameworks surrounding AI.”

Aligned Business Units

For companies like Coca-Cola HBC, emerging AI threats and opportunities are causing cybersecurity and other business units to align more closely. The bottler, which recently partnered with Microsoft, is aiming to find the right balance between AI innovation and responsibility.

Coca-Cola HBC’s chief digital and technology officer, Mourad Ajarti, in a December interview with the beverage industry news publication, Just Drinks, noted the need for companies to pursue “responsible AI” practices that rely on multiple business functions:

“We already use what’s called cyber regulation, privacy regulation — for us to have a safety net of what we do with AI, by applying to AI what we apply to any other digital tools that we create.”

Continued Ajarti, “But at the same time, the way, for example, we’re engaging in AI is we are getting a multi-functional team — not only a technical team, but a commercial team, finance team, supply chain team — together with lawyers, people from cybersecurity, the data privacy officer, for them to look at it from different angles to make sure we are delivering a solution that we call ‘responsible AI’ before the regulation comes in.”

The Need For Vigilance

Executives recognize the importance of data privacy and cybersecurity, but companies can do more to remain vigilant. According to PwC’s 2023 Annual Corporate Directors Survey, cybersecurity was ranked second (49%) in terms of risks posing oversight challenges to a company’s board. Most boards had devoted more time in meetings to cybersecurity, with some boards noting additional up-skilling and third-party input to aid those efforts.

But only 19% of survey participants said their company had added a new board member with cybersecurity experience in the previous 12 months. Or, as CrowdStrike wrote in its 2024 Global Threat Report, “The ‘good-enough’ approach to cybersecurity is simply no longer good enough for modern threats.”

The Bottom Line

Cybersecurity regulation will play an increasingly important role for companies and being proactive and staying informed can help businesses take the best possible steps forward.

link

Leave a Reply

Your email address will not be published. Required fields are marked *