NO CONSENSUS AS TO WHO SHOULD OWN AI RISK

29th August 2024

Most organisations are divided between CEO and CISO owning AI risk

Equal numbers of respondents (24%) in this week’s Airmic Big Question said the CEO is the primary owner of risk around artificial intelligence (AI) in their organisation, compared to those who said that role goes to their Chief Information Security Officer (CISO). The results point to a lack of consensus on a key question of governance today – as to who in the organisation should be the owner of AI risk – as the UK’s Department for Science, Innovation and Technology (DSIT) seeks views from industry on a draft Code of Practice on AI cyber security.

Julia Graham, CEO of Airmic, said: “For such a Code of Practice on AI cyber security to be most effectively adopted, we have proposed that it should sit within the globally respected UK Corporate Governance Code published by the Financial Reporting Council. This would crucially frame AI cyber security as a business subject, rather than a purely technological subject.”

Yet other respondents in the Airmic survey said the primary owner of AI risk in their organisations is the Chief Technology Officer (CTO), the Chief Compliance Officer (CCO), legal counsel and – in one instance – the Transformation Director.

Hoe-Yeong Loke, Head of Research, Airmic, said: “The government has rightly framed the code with pro-business, pro-innovation aims in mind, so as to strike a good balance with the need for better regulation for AI risks. This means the business as a whole should be considered as the stakeholder, rather than just the IT team, crucial as their role is. Only then can the code get the buy-in of board directors and the C-suite.”

In partnership with the Global Cyber Security Capacity Centre (GCSCC) at the University of Oxford, Airmic held a roundtable in early August to solicit views on DSIT’s draft code, following which it made a submission to the government.

Leigh-Anne Slade, Head of Media, Communications and Interest Groups, Airmic, said: “The regulation of AI today is a pressing issue that calls for more dialogue. Associations such as Airmic can play a major role in bringing all stakeholders to the table – risk professionals, business leaders and regulators – to ensure the regulatory landscape for the fast-evolving space that is AI is fit for the future.”

If you would like to request an interview and or have any further questions, please let me know.

We will be sharing the results of the Airmic Big Question with the press weekly.

You can also find the results here.

Media contact: Leigh Anne Slade
Head of Media, Communications and Interest Groups, Airmic
Leigh-Anne.Slade@Airmic.com
07956 41 78 77