Artificial intelligence

Cybersecurity: the new frontier of corporate responsibility

by Ivano Maccani

Protezione dei dati. (Adobe Stock)

3' min read

Translated by AI
Versione italiana

3' min read

Translated by AI
Versione italiana

The enthusiasm surrounding the spread of artificial intelligence within businesses risks overshadowing a fundamental question. Who is held accountable when an algorithm makes a mistake? Cybercrimes and offences committed using IT tools are not a marginal category, but now represent one of the most dynamic and pervasive areas of corporate criminal risk, which is set to grow with the recent introduction of new offences to penalise the failure to implement security measures in artificial intelligence systems, cases of deep fakes and the unlawful dissemination of content generated or altered using artificial intelligence systems.

These are all issues that are already taking on increasing importance within companies’ boards of directors and audit functions.

Loading...

Indeed, as companies step up their investment in automation and intelligent systems, it is becoming increasingly clear that the real challenge lies in the ability to govern the decisions made by machines, understand their logic and take responsibility for them.

Cyber risk can therefore no longer be confined to the IT department. It has become a strategic issue that directly affects corporate governance and the company’s exposure to financial, reputational and criminal liability.

In this context, cybersecurity inevitably ceases to be a matter reserved solely for IT specialists and becomes a central element of business management.

It follows that senior management must not only formally approve the organisational model, but also make a concrete commitment to its implementation.

At the same time, 231 models can no longer be limited to identifying risks and setting out formal control measures; they must be able to demonstrate that these controls are genuinely effective, up to date and integrated into the organisation’s day-to-day management. Prevention thus becomes an ongoing process that requires the involvement of operational functions and supervisory bodies.

In this regard, artificial intelligence offers extraordinary tools to strengthen this capacity for control. Advanced monitoring systems, behavioural analysis, automatic anomaly detection and platforms capable of processing enormous amounts of data make it possible to identify risk signals with a speed that would have been unthinkable just a few years ago. However, at the same time, technological developments are introducing new challenges, such as the phenomenon known as ‘algorithmic opacity’.

If an organisation is unable to reconstruct the logical sequence of steps that led an artificial intelligence system to reach a particular decision, it becomes difficult to assign responsibility, verify any errors and demonstrate the adequacy of the controls put in place. In other words, there is an increased risk of creating areas of unaccountability that are incompatible with the fundamental principles of modern governance. Moreover, formally correct systems can cause serious problems if incorporated into decision-making processes that are not properly managed.

Cyber risks may also arise from suppliers, business partners, consultants or other third parties who access the company’s systems or data. The remit of supervisory bodies, risk management functions, and those responsible for cyber security and data protection must therefore extend beyond the company’s boundaries. It is therefore essential to introduce due diligence procedures, contractual security clauses and verification mechanisms such as audits, questionnaires and certifications. It is necessary to establish who may access the systems, with what credentials, under what authorisations and subject to what controls, as well as to ensure coordination between cyber security measures and the Supervisory Board, including through the timely flow of information, particularly in the event of cyber security incidents, data breaches, failed phishing simulations, whistleblowing reports, regulatory changes or measures taken by the competent authorities. At the same time, the Supervisory Body can and must carry out specific checks on the effectiveness and comprehensiveness of cybersecurity training.

Technological progress therefore requires a balance between innovation and human oversight, which remains an essential element in ensuring that the use of artificial intelligence is consistent with the principles of transparency, accountability and sound organisation that form the foundation of the corporate compliance system.

Copyright reserved ©
Loading...

Brand connect

Loading...

Newsletter

Notizie e approfondimenti sugli avvenimenti politici, economici e finanziari.

Iscriviti