The Potential and Pitfalls of AI: The Boardroom Balancing Act

Steve Jennings, Underwriter - International Management Liability

The artificial intelligence (AI) revolution is having widespread consequences in every walk of life. In boardrooms, we are seeing how AI and machine learning has the potential to shape decision-making and company policy.

In Summer 2022, AI robot Mika was appointed to the position of Chief Executive at Polish spirits company Dictador in a world first.¹ Whilst her role is to lead the rum production company, she has also made speeches at industry conferences and at a global UN summit. Mika oversees the strategic direction of the company, and constantly learns and improves in order to optimise her CEO-style. She boasts that she takes no salary or vacation, saving the company thousands in salary costs.

Whilst Mika is only one of a handful of examples where companies have given AI a ‘seat’ in the boardroom, and it is unlikely we will see AI CEOs becoming commonplace, her appointment challenges our fundamental understanding of what computers can achieve and how the AI revolution will impact company decision making and governance. In a recent report, as many as 48% of CEOs from the world’s leading public companies have already adopted the use of AI to some degree within their businesses², and 98% of CEOs said there would be an immediate business benefit from implementing AI and machine learning.³

The potential risks

Whilst there is clearly a multitude of benefits to a company from using AI, Directors and Officers (D&O) could face a higher risk of litigation in their capacity as a D&O if they do not fully consider the impact it has on their business.

Whilst one of the largest appeals of AI to enterprises is to increase automation of routine tasks and bring down internal costs, these same traits could be equally as attractive to those who are looking to exploit security vulnerabilities. Large Language Models are already being used to generate phishing emails. If senior management haven’t considered the rise in AI-related cybercrime, and therefore implemented a robust cyber security system to defend against it, then an increase in phishing attacks could bring a halt to a company’s operation if a ransomware attack were successful. If D&Os don’t take the necessary steps to protect their assets, then shareholders could bring a lawsuit alleging that they breached their fiduciary duty for failing to install adequate security measures.

Cyber criminals can also take Generative AI one step further than text based phishing scams. Deepfakes, that use AI to produce fake media by altering existing audio or visuals, could lead to a rise in social engineering incidents. Whilst employees may feel technologically ‘savvy’ enough to avoid email phishing attempts, the more sophisticated audio/visual ‘requests’ for employees to transfer company funds to criminals could be harder to spot and therefore have a higher success rate. Whilst internal procedures should mitigate against this, in 2018 a claim was filed against the former CEO of FACC, a company that had been the victim of a successful phishing scam and cost the company up to EUR 52m. This claim named the CEO in the proceedings and alleged that the defendant had fail to set up internal controls at the company to protect their assets.⁴

The boardroom balancing act

Whilst the above are just two examples of the external threat of AI, which a strong external cyber defence should prevent, D&O’s also need to be fully aware of the policies and procedures they will need to implement internally to their own employees. In early 2023, Samsung announced to staff that they were banning use of ChatGPT after an employee had posted classified intellectual property into the Large Language Model.⁵ If this had had a material effect on the company’s financials or performance, it wouldn’t be too farfetched to foresee plaintiff’s queuing at the door to bring litigation against the D&Os for failure to protect their largest asset: their IP.

Finally, whilst future applications of AI and its potential benefits may still largely be unknown, it’s clear that companies are investing a lot of capital in its deployment. Whilst these could be exciting times for companies to grow top line as they explore more opportunities and at the same time reducing costs, management will need to be careful to not mislead shareholders that they’re not over-promising and under delivering, and that the benefits from implementing AI correctly outweigh the initial costs to introduce it into their business.

In a world where AI is evolving every single day, we are only just scratching the surface of the potential benefits that it can provide to companies, their management and their employees. However, the alarming truth is that this statement rings true on the other side of the fence, and that the current unregulated world of AI has the power to provide as many threats as it does opportunities. Whilst we don’t yet know exactly what this new world will bring us, what we can be certain of is the extra due diligence Directors and Officers will be expected and required to do to truly comprehend the impact AI will have on their business and to respond appropriately and effectively.