Artificial Intelligence and Cybersecurity Balancing Risks and Rewards 2025

The negative impacts caused by the compromise of AI technologies may go beyond those associated with traditional cyber risks. Key novel risks of AI-enabled business 1. Limited fairness due to inherent bias in products 2. Limited explainability of AI model, leading to reduced potential for human scrutiny 3. Unreliable outputs that decrease confidence and impede the ability to check the system reliability 4. New exploitable attack surface with limited controls 5. Privacy risks relating to personal data exposure via pattern-of-life generation 6. Exposure of confidential data through (possibly accidental) inclusion in AI training datasets These risks can lead to negative impacts to the business, including reputational damage, loss of market position, loss of revenue, and legal and regulatory violations.Assessing potential negative impacts to the business Technical impacts of AI compromise can lead to business impacts FIGURE 4 1 2 3Technical impacts Business-application impact Business applications e.g. customer-relationship management system; accounting software; cyber-physical systems etc. Business processes Depends on types of business process involvedPropagation to dependent internal business processes External impacts Individual users Client organisations Societal functions Lack of explainability or traceability may affect ability to mitigate impacts and reduce harmsIntegrity and reliability of data input Integrity of business- process outputs Availability of business- process outputs (Depends on extent to which human oversight versus full automation affects level of impact on business processes)(Depends on extent to which internal business processes are interdependent) (Depends on extent to which internal business processes impact on external processes)Integrity of application output Availability of data input Availability of application outputBusiness-process impact Impact propagationCompromise of the integrity or availability of data fed from AI models into business applications Breach of confidentiality of the data, business-process-related IP , or AI models Abuse of an organization’s AI models by an adversary (e.g. using them to disseminate harmful content) Business impacts Explainability or traceability of data input Explainability or traceability of application outputHarmsStep 4 Artificial Intelligence and Cybersecurity: Balancing Risks and Rewards 17