Without a Robust AI TRiSM Program, AI Models Can Work Against the Business Introducing Unexpected Risks
By 2026, organizations that operationalize artificial intelligence (AI) transparency, trust and security will see their AI models achieve a 50% improvement in terms of adoption, business goals and user acceptance, according to Gartner, Inc.
Mark Horvath, VP Analyst at Gartner said, “CISOs can’t let AI control their organization. AI requires new forms of trust, risk and security management (TRiSM) that conventional controls don’t provide. Chief information security officers (CISOs) need to champion AI TRiSM to improve AI results, by, for example, increasing the speed of AI model-to-production, enabling better governance or rationalizing AI model portfolio, which can eliminate up to 80% of faulty and illegitimate information.”
Not only does AI pose considerable data risks as sensitive datasets are often used to train AI models, but the accuracy of model outputs and the quality of the data sets might vary over time, which can cause adverse consequences.
The implementation of AI TRiSM enables organizations to understand what their AI models are doing, how well they align with the original intentions and what can be expected in terms of performance and business value.
AI TRiSM Is a Team Sport
AI TRiSM cannot be led by a single business unit. “It calls for education and cross-team collaboration,” Jeremy D’Hoinne, VP Analyst at Gartner. “CISOs must have a clear understanding of their AI responsibilities within the broader dedicated AI teams, which can include staff from the legal, compliance and IT and data analytics teams.”
Without a robust AI TRiSM program, AI models can work against the business introducing unexpected risks, which causes adverse model outcomes, privacy violations, substantial reputational damage and other negative consequences.
AI Risk Management Priorities
Since AI may be seen as any other application, CISOs might need to recalibrate expectations within and outside of the team. Once the expectations are set, the CISO and their teams need to take the following five AI risk management actions:
- Capture the extent of exposure by inventorying AI used in the organization and ensure the right level of explainability.
- Drive staff awareness across the organization by leading a formal AI risk education campaign.
- Support model reliability, trustworthiness and security by incorporating risk management into model operations.
- Eliminate exposures of internal and shared AI data by adopting data protection and privacy programs.
- Adopt specific AI security measures against adversarial attacks to ensure resistance and resilience.
Learn how to manage human risk to build a security-conscious organization in the complimentary Gartner ebook 4 Ways to Achieve Secure Employee Behaviors.
Gartner IT Symposium/Xpo
Additional analysis on security and risk management will be presented during Gartner IT Symposium/Xpo, the world’s most important conferences for CIOs and other IT executives. Gartner analysts and attendees will explore the technology, insights and trends shaping the future of IT and business, including how to unleash the possibility of generative AI, business transformation, cybersecurity, customer experience, data analytics, executive leadership and more. Follow news and updates from the conferences on Twitter using #GartnerSYM.
Upcoming dates and locations for Gartner IT Symposium/Xpo™ include:
October 16-19 | Orlando, FL
November 6-9 | Barcelona, Spain
November 13-15 | Tokyo, Japan
November 28-30 | Kochi, India
About Gartner for Cybersecurity Leaders
Gartner for Cybersecurity Leaders equips security leaders with the tools to help reframe roles, align security strategy to business objectives and build programs to balance protection with the needs of the organization. Additional information is available at https://www.gartner.com/en/cybersecurity.
Follow news and updates from Gartner for Cybersecurity Leaders on X and LinkedIn using #GartnerSEC. Visit the Gartner Newsroom for more information and insights.
About Gartner
Gartner, Inc. (NYSE: IT) delivers actionable, objective insight that drives smarter decisions and stronger performance on an organization’s mission-critical priorities. To learn more, visit gartner.com
