The Insider Threat and AI

Artificial Intelligence (AI) sounds like a business’s dream. The ability to utilise software that can think like a human but process data on a scale that humans can only dream of, what’s not to love? To start, there have been reports of businesses making redundancies in favour of AI solutions. BT recently announced they were cutting 55,000 jobs with plans to replace 1 in 5 of affected roles with AI. To many businesses this could seem like a sensible option – AI doesn’t need a salary, pension contributions or sick pay and it doesn’t need time off either, so what’s the risk?

Earlier this year Samsung made the decision to ban employees from using AI solution GPT after it was identified that sensitive internal information had been leaked by an employee using AI for work related purposes. But it isn’t just the risk of confidential information being leaked online that should worry employers though. With constant reports in the press around AI replacing jobs and the possibility of redundancies, it can make employees feel vulnerable. We know that employees are more likely to commit dishonest conduct if they have the opportunity to, can rationalise their actions or have the motivation to do so. The uncertainty of redundancy may give those who are feeling vulnerable the motivation to be dishonest and a way for them to rationalise their behaviour.

So, what can businesses who are looking to utilise AI do to keep themselves safe against the insider threat? For starters, ensuring that employees have clear guidelines and processes for how they can use AI within the workplace and their specific roles i.e. clear direction on what company information can be uploaded to an AI. That way businesses can reduce the risk of accidental data/sensitive information loss by staff and ensure clear audit trails to identify where employees may have acted dishonestly.

But how do employers support colleagues as they transition to using AI to support some roles or replace others? Is there a risk of redundancy and a feeling of uncertainty which could be unsettling for employees? Employers should review their wellbeing policies to ensure employees are supported and feel they have a voice in any change process. Where risks cannot be managed by engaging colleagues it is wise to have robust controls in place to detect and prevent dishonest conduct from employees. Employers should ensure controls are regularly reviewed. Are they robust enough, particularly with the shift to home working where some employees may feel that their behaviour is more likely to go undetected if there isn’t anybody looking over their shoulder. To protect data employers should ensure they have oversight of outgoing e-mails, printing activity and where information can be saved i.e. onto USB sticks. Every business is different but the insider threat is universal and there is no time to like the present to think about how you can protect yourself.

As part of our mission to eliminate fraud and financial crime we offer Insider Threat Protect - a package of solutions to combat the risk of internal fraud. Insider Threat Protect is the only product in the UK that helps you identify and stop dishonest conduct by job applicants and employees within the workplace.

As part of the solution, we regularly hold bespoke webinars and networking opportunities for organisations to share, discuss and debate how to protect against the latest threats and trends.

And through our Fraud & Cyber Academy, we run the Internal Fraud Strategy Essentials course – a one-day online course designed for those who want to establish a strong foundation for their internal fraud knowledge and skills, as well as those who want to refresh their existing knowledge and stay up to date with the latest developments, best practice and case studies.