Security, privacy and trust: Leaders must address regulation-related concerns around GenAI
PwC’s 2024 Digital Trust Insights provides a deeper understanding of the potential of GenAI in the Middle East, where data privacy, cyber-attacks, and ethical use are critical considerations for governments and enterprises.
While GenAI is being recognised as a game-changer for innovation in the region, empowering enterprises by automating routine tasks, enhancing customer experiences and assisting in critical decision-making processes, more than half of the regional respondents of the survey (60%, compared to 52% globally) strongly agreed that it can lead to cyber attacks within the next 12 months. The view is endorsed by 67% in KSA and 74% in the UAE, highlighting that GenAI models have made it easier and cheaper to carry out phishing attacks. This makes Arabic-speaking countries, such as Saudi Arabia, particularly vulnerable. Attackers can now generate well-written, seemingly trustworthy phishing emails and messages in Arabic, which was not possible earlier.
Despite the challenge, respondents were confident about GenAI's potential to strengthen cybersecurity measures. Large language models can be powerful tools to detect cyber threats and simplify complex data and security engineering processes. A staggering 83% of Middle East respondents (including 92% in the UAE and 87% in the KSA) said their organisation would deploy GenAI tools for cyber defence within the next 12 months, compared to 69% globally. Similarly, 34% of regional respondents (33% in KSA and 45% in the UAE), almost the same number as global, agreed that their organisation understood cyber risks associated with GenAI, and included them in their risk management plan, continually updating it. Around 28% said their organisations monitored GenAI risks, almost the same as the global average. So although it could take some time before we see broad-scale use of GenAI in cyber defence, the three most promising areas, for now, include threat detection and analysis, cyber risk and incident reporting and adaptive controls.
Our survey has revealed that GenAI-driven processes are expected to increase employee productivity within the next 12 months, with 83% of regional respondents showing positive business expectations of GenAI. By automating creative processes and facilitating customised learning and development tools, GenAI is enabling organisations to respond to market changes, reduce time-to-market, and improve organisational outcomes.
Among the regional respondents, 97% of respondents in KSA and 89% in the UAE believe that GenAI will help their enterprises develop new lines of business within the next three years. Similarly 90% of respondents in KSA and 95% in the UAE believe that GenAI-driven processes in their organisation would increase employee productivity within the next 12 months.
While organisation leaders are keen to use GenAI to increase efficiency and drive innovation, it is also critical to understand the need to implement GenAIi responsibly and ethically without risking reputation. In order to realise the full potential of GenAI, it requires a well thought out approach, balancing the excitement for innovation with ethical use and pragmatic considerations around regulations. In the region, 83% of survey correspondents (including 93% from KSA and 87% from the UAE) have revealed that organisation leaders were focused on the ethical and responsible use of GenAI tools, compared to 77% globally.
With increased implementation of GenAI, organisation leaders must be aware of ethical risks where the use of private customer or employee data to generate content can create ethical dilemmas. There is the need for more stringent regulations in place, especially from governments and organisations ensuring that a lot of these uncertainties are smoothened out. In the absence of established external regulations, 84% of Middle East respondents said they were comfortable allowing the use of GenAI in their organisations, as long as there were internal policies and controls in place. 87% respondents in the KSA and 95% in the UAE also endorsed this view. But the survey also highlighted that an almost equal number in these countries (87% in KSA and UAE) were comfortable deploying GenAI tools in their organisations even before having internal policies for data governance and quality in place.
There are a number of ways that organisations can promote the responsible use of GenAI and mitigate potential risks.
We would recommend a holistic approach which considers the entire GenAI lifecycle supported by the right frameworks, templates and code-based assets to embed the required controls. This can include:
Setting priorities on GenAI risks by adjusting/establishing GenAI risk management frameworks that stakeholders can use to give the greatest attention to the greatest risks.
Incorporating cybersecurity, data governance and privacy controls to help mitigate the risks of malicious GenAI systems inferring private data, unravelling identities or conducting cyber attacks.
Ensuring that GenAI’s ability to connect and generate data from its vast datasets does not breach any regulatory requirements pertaining to privacy and security.
Teaching employees who may need to use GenAI the basics of how it works, when and how to use it and the different ways in which they can identify intellectual property violations and other related GenAI risks.
Generative AI holds tremendous promise, opening frontiers in business and cyber defence. However, it also raises regulation-related concerns, such as the proliferation of deep fakes and harmful content. According to a blog report by the World Economic Forum, 26 percent of smaller and 38 percent of large companies globally experienced deep-fake fraud in the past year, resulting in losses of up to $480,000.
It is crucial for leaders to understand the urgency of implementing regulations and working with governments and partners to create alliances that can design and develop effective and resilient regulations. With many organisations comfortable using GenAI tools even without data governance policies, it is a clear call to action for leaders to take the lead in responsibly harnessing GenAI.
Oliver Sykes
Partner, Blockchain, Technology, Cybersecurity, PwC Middle East