UK risk managers divided on ownership of AI risk

There is no clear consensus among UK companies as to who should be responsible for managing the risk of artificial intelligence (AI), according to recent research.

A study produced by the UK’s risk management association Airmic found that an equal number of its members (24%) believe the responsibility should be on either the chief executive or the chief security officer.

The chief risk officer was chosen by just 7% of respondents, raising questions about the management of what is a rapidly developing, technology-based corporate risk.

The majority of respondents (41%) opted for a variety of job roles covering technology and legal executives such as chief technology officer, chief compliance officer, legal counsel and transformation director.

The survey comes at a time when UK lawmakers are seeking to develop best practice for AI cybersecurity.

The Department for Science, Innovation and Technology is currently seeking views from industry on its draft code of practice on AI cybersecurity. Last week, another Airmic poll found 74% of UK risk managers think the code, voluntary in its draft form, should be mandatory

According to Airmic CEO Julia Graham, the code would be most effective if it sits within the “globally respected” UK Corporate Governance Code published by the Financial Reporting Council.

“This would crucially frame AI cyber security as a business subject, rather than a purely technological subject.”

Airmic has made its own submission to the government, following a roundtable held in August, stressing the importance of seeing AI as not solely a technology risk.

“The government has rightly framed the code with pro-business, pro-innovation aims in mind, so as to strike a good balance with the need for better regulation for AI risks,” said Hoe-Yeong Loke, head of research, Airmic.

“This means the business as a whole should be considered as the stakeholder, rather than just the IT team, crucial as their role is. Only then can the code get the buy-in of board directors and the C-suite.”

Back to top button