AI Expert Says Corporate Boards Must Rise to the Challenge of Managing Cyber Risks

By proactively addressing the unique challenges of AI, boards can not only protect their organisations but also position them to leverage AI’s transformative potential responsibly and ethically, according to a senior member of the National AI Advisory Council.

Barry Scannell, an expert in AI law, is to address senior delegates this Wednesday, March 13, at a cyber security governance event hosted by the Institute of Directors (IoD) in Ireland.

A survey of its members late last year by IoD revealed that more than half of directors and senior executives do not have a board-approved AI and cyber security strategy in place, with over 75% not aware of the extensive regulatory scope of the proposed landmark EU legislation on AI and how this will affect their organisation.

The IoD survey also found that over 60% of directors and senior executives still do not use AI in any way in their organisations.

Speaking ahead of the event, Barry Scannell, Technology Consultant at William Fry and member of the Government’s new AI Advisory Council, said:

“AI is spanning every facet of the economy and our society. It is incumbent on senior decision-makers and leaders to steer their companies and organisations through the challenges of this transformation but also embrace the opportunities AI brings. Boards, whether public or private, must act in the best interests of their stakeholders, and this now includes a responsibility to understand and govern the risks and implications of AI deployment in business and organisational operations.

“Businesses and organisations that fail to integrate AI strategies risk being left behind. The legal landscape surrounding AI is rapidly evolving, with new regulations and standards emerging, such as the AI Act, which will regulate AI risk, in addition to existing AI-related obligations under legislation like the GDPR. Boards need to ensure that their companies comply with these regulations.

While the future might seem daunting both in a regulatory and operational context, the potential for growth, efficiency, and new opportunities is limitless, so it is vital business leaders are informed, adaptable, and prepared for the challenges and opportunities AI presents.”

IoD Ireland CEO Caroline Spillane CDir added: “AI is having a transformative effect across business in Ireland, and it opens up the conversation around cyber security. Having an incident plan in place is not just a compliance exercise; it is a cornerstone of sustainable business practice in the digital age.

From our research in this area we were made aware of the desire by directors to learn more about this technology – how to use it safely and reliably in everyday business to drive performance. We are continuing to use these results to tailor guidance, learning and development with the aim of supporting the integration of best-in-class AI governance and cyber security awareness into the overall governance architecture of companies.

The IoD ‘Cyber Security Governance’ event, sponsored by Accenture, will also feature panel contributions from Dr Valerie Lyons, Company Director and Chief Operating Officer at BH Consulting Kevin Buckley, Senior Development Advisor at Enterprise Ireland, and Board Member of Cyber Ireland.

Topics to be addressed include the role of boards in collaborating with executives to assess cyber security threats, the impact of artificial intelligence on cyber security, and the impact of legislation such as the Digital Operational Resilience Act (DORA).

As part of IoD Ireland’s remit to support members in ensuring high standards of cyber security, it developed a short programme taking into consideration recommendations from the government’s National Cyber Security Centre (NCSC). The short programme titled Cyber Security Fundamentals for Directors is led by Chief Information Officer Expert Bill McCluggage and will run over four sessions in April and May 2024.

The programme will cover governance, tech and cyber risks, regulatory compliance, legal matters, cyberculture, and incident response planning.

As part of IoD Ireland’s aim at enhancing best in class standards in this area, the body also has MOUs with Cyber Ireland and the Global Cyber Alliance.