With the rise of artificial intelligence (AI) rapidly revolutionizing how we do business and live our everyday lives, Chief Internal Auditors are becoming increasingly concerned that cyber-criminals are likely to weaponize the technology to commit bigger, more sophisticated and more dangerous crimes.
New research has found that 78 percent of chief internal auditors / chief audit executives believe AI will negatively impact cybersecurity and data security, while 58 percent say it will exacerbate fraud. The survey of 985 Chief Internal Auditors across Europe reflects the views of internal audit and risk management experts and underscores the growing concern amongst business leaders about the risks associated with AI.
These results come at a time of increasing media reports and wider public concern around AI-powered cyber-attacks, financial scams and the recent emergence of deep-fakes being used to influence voters during the current U.K. election campaign.
“AI is evolving rapidly, and as with all new technologies it can be used for positive and negative reasons,” says Anne Kiem, chief executive of the Chartered Institute of Internal Auditors. “Our research has shown that chief internal auditors are alert to the threats, and this should bring some comfort to those organizations that have a strong focus on risk control, risk mitigation, and having a well-resourced internal audit function. Internal auditors remain a force for good.”
Chief Internal Auditors reported that the top five risks most negatively impacted by AI for business leaders to consider are as follows:
1. Cybersecurity and data security (78 percent)
2. Fraud, bribery and the criminal exploitation of disruption (58 percent)
3. Digital disruption, new technology and AI (55 percent)
4. Human capital, diversity, talent management and retention (48 percent)
5. Communications, reputation and stakeholder relationships (41 percent)
Focus on Internal Controls
The results indicate that the boards and senior management of organizations should harness the skills and expertise of their internal auditors and seek independent internal assurance that the controls used to mitigate and manage AI-related risks are working effectively. Where controls are found deficient or ineffective internal audit can make recommendations for management to implement corrective action to address control weaknesses, helping to enhance business resilience and performance.
Organizations are being advised that in preventing AI-powered attacks they will increasingly need to deploy the same AI tools as part of their cyber defenses, with the best defense against AI-powered cyber-crime often being AI-powered cybersecurity solutions. For example, some AI cybersecurity tools can detect ransomware in seconds. Internal audit can play a key role in supporting boards and senior management to raise the AI cybersecurity bar across the organization by making recommendations and advising on improving cyber controls and defenses. 