A leading standards body has warned of a growing “AI governance gap” as business leaders rush to adopt the new technology without first putting the requisite controls and processes in place.
The British Standards Institution (BSI) made its remarks in a new report compiled from AI-assisted analysis of 100+ annual reports from multinationals and two global polls of more than 850 senior business leaders.
On the one hand, nearly two-thirds (62%) of business leaders plan to increase AI investment over the coming year, to boost productivity, efficiency and cost reduction. Over half (59%) said they consider AI critical to future growth.
However, on the other, just a quarter (24%) claimed to have an AI governance program in place, rising to only 34% of large enterprises.
Read more on AI governance: UK Firms Lose Average of £2.9m to AI Risk
The BSI study also found that only:
- Half (47%) of businesses control AI through formal processes
- A third (34%) use voluntary codes of practice
- A quarter (24%) monitor employee use of AI tools
- Less than a third (30%) have processes in place to assess AI risks and mitigations
- A fifth (22%) restrict employees from using unauthorized AI
The lack of AI governance appears to stem from senior management. Only a third of executives said they feel AI is a source of business risk. Half said they include AI-related risks in compliance programs, down from 60% six months ago.
Only 30% have a formal risk assessment process in place to check where AI might be introducing new vulnerabilities, the BSI said.
The management of data used to train large language models (LLMs) is a key source of risk, the standards body warned. Yet only 28% of business leaders know where their organization sources this data, down from 35% in February. Only 40% claimed their business has processes in place to manage confidential data used for training.
When Things Go Wrong
Just a third of responding organizations told the BSI they have a process for logging concerns or inaccuracies with AI, and even fewer (29%) have processes for managing AI incidents in a timely fashion.
The study also used keyword analysis to better understand how prominently organizations feature the idea of governance in their reports. It found that “governance” appeared 80% more frequently in reports from UK businesses than those in India and 73% more than their Chinese peers.
The keyword “automation” was also recorded as seven times more likely to feature than “upskilling,” “training,” or “education” – hinting at an overconfidence in current skill levels.
BSI CEO, Susan Taylor Martin, expressed concern over a clear AI governance gap.
“While it can be a force for good, AI will not be a panacea for sluggish growth, low productivity and high costs without strategic oversight and clear guardrails – and indeed without this being in place, new risks to businesses could emerge,” she argued.
“Divergence in approaches between organizations and markets creates real risks of harmful applications. Overconfidence, coupled with fragmented and inconsistent governance approaches, risks leaving many organizations vulnerable to avoidable failures and reputational damage. It’s imperative that businesses move beyond reactive compliance to proactive, comprehensive AI governance.”
