European businesses have been urged to carefully assess what privacy, security and acceptable usage controls they need to place on AI tools before allowing employees to use them.
To compile its new Sapio Research Finance Pulse report, the eponymous research firm polled 800 consumers and 375 business decision makers responsible for their finance department, with respondents from the UK, Germany, France and the Netherlands.
It revealed that nearly all (93%) organizations are aware that AI carries potential risks, with data security (43%), lack of accountability and transparency (29%) and “skills gaps for safe and effective use” (29%) topping the list of concerns.
However, in reality, just 46% of responding organizations said they have formal guidance in place for acceptable AI use at work.
Read more on AI risks: IT Leaders Split on Using GenAI For Cybersecurity.
Additionally, just 48% said they have restrictions on what type of data can be inputted into AI models and tools at work. A RiverSafe study from earlier this year revealed that a fifth of UK companies has had potentially sensitive corporate data exposed via employee use of generative AI (GenAI).
This happened at Samsung, which was forced to ban the use of GenAI after staff on separate occasions shared sensitive data, including source code and meeting notes, with ChatGPT.
Sapio Research also found that less than two-fifths (38%) of European organizations have strict access controls applied to AI tooling, while only 48% limit which roles in the company can use GenAI.
Both measures could help to reduce the corporate attack surface and cyber-risk exposure.
Andrew White, CEO of Sapio Research, argued that businesses must proceed with caution, even as AI remains a top investment priority.
“Its arrival and integration into the workplace has been fast, leaving some employers in the dark about how their staff are using it, and many struggling to put the correct measures in place to govern it,” he added.
“Businesses adopting AI faster than their overall digital transformation run the risk of it fast-tracking through the backdoor and being used by employees without any formal training or guidance. This can lead to serious challenges for employers down the line when it comes to employee performance, data privacy, customer satisfaction, and more.”