Why Gen AI Misuse Across Borders will Increase Data Breaches
Gen AI adoption has brought many benefits to the enterprise: increased efficiency, greater automation to free up employees for value-driven tasks, improved data analysis, better customer service and improved creativity.
It’s why the pace of uptake has been so rapid – according to one Gartner survey published in 2024 respondents from businesses in the US, Germany and the UK said Gen AI is the most frequently deployed AI solution in their businesses, acting as a catalyst for the expansion of AI in the enterprise.
Elsewhere, McKinsey found that 65% of organisations were regularly using Gen AI in 2024 - up from 33% in 2023 - and part of a larger increase in AI adoption that reached 72% in 2024.
But such a pace brings its challenges.
According to Gartner, Gen AI’s swift adoption has outpaced the development of data governance and security measures.
It says this raises concerns about data localisation (the practice of storing and processing data within a specific geographic location) due to the centralised computing power needed to support Gen AI technologies.
Because of these challenges, the consulting firm predicts that 40% of AI data breaches will come from the improper use of Gen AI across borders by 2027.
Lack of standardisation increases risk
“Unintended cross-border data transfers often occur due to insufficient oversight, particularly when Gen AI is integrated in existing products without clear descriptions or announcement,” says Joerg Fritsch, VP analyst at Gartner.
“Organisations are noticing changes in the content produced by employees using Gen AI tools. While these tools can be used for approved business applications, they pose security risks if sensitive prompts are sent to AI tools and APIs hosted in unknown locations.”
Gartner points to the existing lack of consistent best practices and standards for AI and data governance.
It says the greater market fragmentation that happens as a result of this environment exacerbates challenges by forcing enterprises to develop region-specific strategies.
This limits their ability to scale and maximise the opportunities that Gen AI brings.
Joerg explains that the complexity of managing data flows and maintaining quality due to localised AI policies can lead to operational inefficiencies: “Organisations must invest in advanced AI governance and security to protect sensitive data and ensure compliance,
“This need will likely drive growth in AI security, governance and compliance services markets, as well as technology solutions that enhance transparency and control over AI processes.”
Protecting the Gen AI enterprise
To mitigate future risk from data breaches, organisations should focus on the appropriate governance models and controls – Gartner predicts that by 2027, AI governance will become a global mandate, meaning those businesses that haven’t integrated governance into their business may be at a disadvantage.
Several strategic actions can help protect from cross-border Gen AI misuse and the potential data breaches it brings.
Organisations should ensure compliance with international regulations, for example, and extend data governance across AI-processed data.
Data security should be strengthened through the adoption of advanced technologies, encryption and anonymisation to protect sensitive or business-critical information.
Gartner also says enterprises should create AI governance committees focused on enhancing transparency and oversight, risk and compliance management and reporting.
Beyond application and data breaches, third-party access to sensitive data and erroneous decision making remain core priorities for cybersecurity leaders adopting AI.
Gartner says that “through 2025, Gen AI will cause a spike of cybersecurity resources required to secure it, causing more than a 15% incremental spend on application and security.”
CISOs can maximise the potential of Gen AI adoption for their organisation in the future by evaluating the technology to assess whether it creates new risks, defining what ‘good’ looks like to understand how Gen AI can improve existing security metrics, focus on training and communication and ensuring targeted use cases and experimentation.
Explore the latest edition of Cyber Magazine and be part of the conversation at our global conference series, Tech & AI LIVE and Cyber LIVE.
Discover all our upcoming events and secure your tickets today.
Cyber Magazine is a BizClik brand
