Why regulation is the cornerstone of AI development
By now, we're very familiar with the game-changing potential of AI. The rapid rise of ChatGPT has shown us just how quickly the technology has gone from concept to the palm of our hands.
AI has the ability to dramatically accelerate workflows, and subsequently free up businesses to focus on strengthening their security and build customer trust. Why then is the UK's security industry so short on confidence when it comes to using it? One reason: a lack of regulation.
AI's regulation gap and what we stand to lose
There's no doubt that UK businesses recognize the opportunity of AI when it comes to security. According to Vanta's The State of Trust 2023 report, 77% currently use, or plan to use AI/ML, to detect high-risk actions, unsecured cloud storage, unassigned compliance responsibilities or unrevoked access privileges. However, with businesses continuing to grapple with existing regulation such as GDPR, more than half (54%) of respondents are concerned that secure data management will become more challenging with AI adoption. While 51% say that using GenAI could erode customer trust.
It's important to note that leadership across the UK and the EU isn't standing still in its efforts to fix this. Europe's Artificial Intelligence Act was the first piece of legislation of its kind, hoping to pave the way for 'trustworthy' AI. While in the UK, there has been the introduction of the AI Safety Institute – putting a globally recognised research team at the heart of the British government, as part of its plans to rapidly speed up regulation.
However, the pace of regulation is still lacking and failure to invest quickly enough and find new ways to cover off the technology's blind spots will lead to a drop in the UK's AI sentiment. What's more, it'll mean UK businesses get left behind in the long run as their international counterparts harness the technology's power to perform. AI is needed, but so too is customer trust and currently the two aren't compatible enough in the eyes of security and compliance professionals.
So, when over half of UK leaders (56%) say they are more likely to invest in AI if it is regulated, where do we start?
How we plug the gap
In security and compliance, collaboration, accountability and transparency have long formed the bedrock of our profession. And now we must bring this approach to how we use AI. Because when the technology can dramatically accelerate security workflows, enabling teams to focus on strengthening their security posture and building customer trust, the benefits of using it are clear.
There is a strong argument for collaboration here. The general consensus is that if governments take the lead on regulation, they will stifle innovation. While if individuals take the lead, they will neglect protection. The solution then is a more collaborative approach – to innovation, but also to safety.
This requires governments, academics and business leaders to work together to create the optimum environment for businesses to shape norms around the technology's use – whether sharing research, insights or concerns.
However it's important to remember that this can't just be regulation for the sake of it. It has to be thoughtful and helpful. Especially when 37% of UK leaders rank 'keeping up with evolving regulation' as their top security concern – more than the US (31%) and significantly higher than France (27%) and Germany (26%).
But by recognising our duty to work together and pool our insights and experiences to benefit regulation, we can build a future where AI can be used to its potential, in a way that safeguards, not stifles and keeps customer trust intact.
Restoring trust in AI – and ourselves
A cursory glance at the headlines in some quarters, and it seems that AI has almost become a by-word for panic; panic about jobs, futures and security. But regulation can solve this, and help us to return to the root of why the technology excited us so much in the first place.
There is no future of UK business without AI. It is pivotal to keeping pace, driving productivity and sharpening strategy – whether in the UK or throughout the world. Security compliance in particular is a sector filled with manual-heavy tasks that can take up hours of professionals' time. But when the level of cyber threats is only increasing, the focus of our teams needs to be on strategy, not admin.
AI is evolving daily, and so too must our security mindset. Otherwise any possible future of work with AI benefits will remain intelligence-free, and purely artificial.