Board Decisions on the General Use of AI

Much like the Internet itself artificial intelligence (AI) and machine learning (ML) are already becoming ubiquitous tools in many organizations. In 2021, private investment in AI totaled around $93.5 billion— nearly double the investment in 2020. Also, as with the Internet, the use of AI and ML tools can provide dramatically enhanced business opportunities in terms of efficiency, innovation, and customer service. At the same time, the use of AI and ML can create vast new risks in terms of cybersecurity. The National Security Commission on Artificial Intelligence found that “AI applications are transforming existing threats, creating new classes of threats, and further emboldening state and non-state actors to exploit vulnerabilities in the US open society.

Just as with the flip side of many other risks, certain applications of AI and ML tools can be used to enhance an organization’s cybersecurity and lessen its risks. It is critical that the board work with management to understand the risk-reward balance of the specific uses of AI/ML their organization should embrace. This toolkit consists of two lists of questions to help guide the board’s oversight of these advanced digital techniques. The first list is for the board’s overall consideration of using various AI/ML techniques. The second list focuses on the specific issues in the use of AI for cybersecurity.