Webcast: Managing cyber and privacy concerns of GenAI

Insights for family businesses and family offices

Hear from PwC specialists as they discuss the benefits and risks associated with generative AI (GenAI), and what family businesses and family offices can do to integrate GenAI into your business strategy with confidence. Learn what you can do to adapt industry leading practices and realize the benefits of GenAI while safeguarding your data and privacy from potential risks.

By accessing this webcast, you will:

  • Hear real-world examples of GenAI trends that are transforming industries
  • Gain a deep understanding of what cyber and privacy risks to watch out for as it relates to GenAI
  • Learn industry leading practices to safeguard your family enterprise from potential risks associated with GenAI

Speakers:

  • John Boles, Principal, Cyber Security, PwC US
  • Danielle Valkner, Partner, Family Office Leader, PwC US
  • David Shaw, Publishing Director, Family Business Magazine (Moderator)

Playback of this video is not currently available

1:01:42

Key questions and timestamps:

  • What is generative AI? (GenAI): 02:35
  • General use cases: 07:07
  • Benefits of AI: 12:49
  • Risk of AI: 14:13
  • How to protect your personal data: 25:37
  • Examples of bad actors: 39:11
  • Leading practices: 30:20
    • Policing online presence: 30:20
    • Promoting a family business while protecting personal data: 31:58
    • Protecting company data: 36:41
    • Acceptable use policies: 38:40
    • Workforce education: 48:39
    • End-to-end encryption: 51:51
  • Q&A: 34:24
    • Should a company have an AI internal watchdog?: 34:24
    • What makes an acceptable use policy?: 35:39
    • What are the cyber insurance options for companies and families?: 55:05

Responses to live Q&A

Could a live video on your cell phone be faked?

While the video platform in the case study we discussed in the webinar was not identified, it was a live video call using video deepfakes of senior execs in the company. The use of the deepfake video is not dependent on any specific platform and can be successful on any of the common apps. In addition to the fake videos, this incident highlights a couple other security concerns; the threat actor may have compromised a company email account to send the meeting invite and host the call—or could have “spoofed” the email to make it appear as if it came from the company’s email legitimately. Both risks have their own mitigation strategies that should be part of Family Office BAU practices.

What are suggestions for resources to use when developing an acceptable use policy?

We recommend consulting with your IT resources on an acceptable use policy. Your policy should conform to your policies and procedures regarding firm approved software and tools, applicable laws and regulations and data privacy. For acceptable use of AI, we would recommend that the policy include the following attributes, as applicable (representative, not all-inclusive):

  • Definition of AI tools, capabilities and risks (e.g. bias, hallucinations, fairness and non-discrimination, etc.)
  • Approved software and tools
  • Applicable laws, regulations and industry standards (reference current policies/reminders)
  • Transparency and disclosure requirements when using AI tools
  • Applicable user consent and control
  • Accountability and responsibility of users
  • Data privacy and security (reference current policies/reminders)
  • Ethical decision making
  • Continuous learning and improvement (resources)
  • Firm monitoring
  • Reporting and accountability, including internal resources and where to go with questions

Do we need to purchase cyber insurance?

The cyber insurance market has changed in the past few years and continues to evolve. It’s important to understand your company’s risks and your own risk appetite when considering insurance. Cyber insurance has become considerably more expensive, but it also provides many benefits, including pre-vetted first-response panel service providers (e.g. forensics, breach coaches, ransom negotiators, public relations specialists, etc.). If you do decide to purchase a cyber policy, it’s also important to understand what it will and what it won’t cover.

Is there a concern with Personal Identifiable Information (PII) being exposed when uploading Trust documents?

Yes, this is a risk and should be covered within the data privacy section of your policy. There are controls and methods available to protect PII, such as anonymizing and masking data and developing a secure enterprise solution within your firewall, which should be evaluated and considered as part of your risk assessment, policy and approach to using AI tools.

Contact us

John Boles

Principal, Cybersecurity and Privacy, PwC US

Email

Danielle Valkner

Family Office Leader, PwC US

Email

Follow us