7 minute read 16 Dec 2019
Robotic arm painting

Four ways that companies can protect themselves from AI risk

Thanks to digital, human decision-making can be replicated in a fraction of a second. But do you understand the ethics of the algorithm?

Artificial intelligence (AI) has come to occupy center stage in the world of business: it is at the heart of digital transformation and business management.

It has also become the new front line of companies’ ability to defend themselves from external and internal threats. As such, it should be a central pillar in a company’s risk management strategy.

But what are the “ethics of the algorithm,” the compliance risks, that companies need to consider as they deepen their dive into digital transformation?

The quandaries of data management

At the root of AI is a new generation of data management. Data is a commodity that can be bought, sold, rented, hired, borrowed, stolen and disposed of. Never has the ownership of data been more valuable than it is now.

However, AI also raises a multitude of complex questions: Who owns the data, hosts it, collects it, “harvests” it and benefits from it? How can it be safely stored, exchanged, transferred and disposed of? To whom does data really belong, and how is ownership transferred among stakeholders?

Underlying AI is the algorithm, the building block of information technology (IT) systems, acting as the set of instructions for performing calculations, data processing, automated reasoning and also, other tasks. The result or output can be used on its own or used as an input into another algorithm — meaning that AI is usually made up of strings of algorithms.

With computing speeds reaching new heights, algorithms are capable of replicating human decision-making in a fraction of a second. If the observed human behaviors that dictate how an algorithm transforms input into output are flawed, it risks setting in motion processes, the outcomes of which may not be the ones intended. With some algorithms even able to create their own algorithms through “self-learning,” the risk of unforeseen and potentially harmful outcomes increases exponentially.

The fallout from a case of ethical blindness can be just as damaging as a high-profile lawsuit, in terms of brand identity and reputational damage.

Facing tough questions

In the world of AI, data can assume a life of its own. In today’s world, the origin of data, the assumptions underlying it and the scrutiny which it has traditionally undergone in a company during decision-making are all now concealed within the algorithm.

Constant, high-profile media coverage about improper use or misuse of data collected by companies is now the norm. Personal or proprietary data is passed to third parties, either deliberately or by accident. There are hacks, leaks and security breaches, and decisions come to light that display racial or gender bias. In short, data security appears to be broken.

Regulators and consumer supervisors are now asking some tough questions to businesses: How do companies manage data for their own benefit and growth while respecting individuals’ rights to privacy and other companies’ intellectual and data property? Will they self-regulate? And if they will not, how can they be constrained? And with such questions rising, governments everywhere are gearing up for a new wave of regulation, the likes of which we have not seen since the last financial crisis.

What to do

For companies, the complexity of this shifting landscape means that a sharp-eyed focus on legal compliance is the bare minimum investment that a company should make. But the bigger issues are that the law is often not clear and the public is pushing for companies to have greater accountability toward society. The fallout from a case of ethical blindness can be just as damaging as a high-profile lawsuit, in terms of brand and reputational damage.

How can companies protect themselves from AI risk?

  • Firstly, they need to make sure that they are legally protected. The legal framework in which companies operate may be in a flux, but companies can still structure their contractual relationships so that employees, clients and third-party business partners have “signed up” to safeguard the information that is proprietary or subject to privacy rules.
  • Secondly, data management systems need to be highly sophisticated. Algorithm monitoring and auditing systems, and advanced data analytics are required to understand where a unit of data is coming from and where it is going. Today, AI needs to be devised and developed in order to audit and monitor the AI that is already in use.
  • Thirdly, companies need to invest in human resources. All employees, and especially company leadership, need to be aware of how AI affects both the business and stakeholders. The ambition to succeed in managing AI will be achieved only by the companies’ ambition to recruit a team of the right calibre to make this happen.
  • Fourthly, companies are not islands. There are a number of interesting platforms in which these issues are being actively discussed from both the business’ and society’s point of view. By pooling resources and brainpower, companies are likely to find commercial applications for AI faster and more efficiently, without compromising their corporate values and integrity.

This article was first published on FT BrandSuite.


The law is often not clear and the public is now pushing for companies to have greater accountability and transparency in society. In response, companies are now focusing on legal protections, highly sophisticated data management systems, human resources and partnerships to combat risks.

About this article