Breakdown: CX Leaders Spooked By GenAI Data and Compliance Snafus

Decision makers in the CX space are almost entirely sold on generative AI (GenAI). Nevertheless, many can’t shake off the nightmare scenarios that the technology could bring in matters of data security and compliance.

The big spooks: Data security and compliance are the issues of most concern for CX leaders seeking to deploy GenAI in their organizations, according to a recent survey by Everest Group and TELUS International. 

• 43% of the business leaders surveyed said they were worried about public GenAI tools like ChatGPT exposing their organizations to data leaks or other security threats.

• 39% expressed concern about data security and privacy.

• 37% said they worry about regulatory compliance.

Still diving in: Despite their misgivings, more than half of the CX leaders surveyed plan to spend at least US$1 million in GenAI this year.

• The technology is expected to be, most of all, a tool for greater personalization and customization in customer interactions. 

• Cost reduction, higher efficiency and automation were also top reasons mentioned for the implementation of GenAI.

• The most potential for the tool is seen in text generation, followed by code and audio generation. 

Shopping elsewhere: 76% of respondents said they plan to leverage third-party partnerships to implement GenAI into their CX operations, this mainly due to a lack of resources and in-house expertise.

Risky play: We’ve seen a couple of high-profile cases in which major companies were hacked through their third-party partners. 

• “Exploiting vulnerabilities in the cyber defenses of third-party partners to hack into the systems of larger companies is a common and increasingly concerning tactic used by cybercriminals,” commented Nic Adams, CEO at cybersecurity firm Orcus.

• “This method capitalizes on the interconnected nature of business operations today, where companies often rely heavily on third parties for various services, including cloud storage, payment processing, customer service and more,” Mr. Adams added.

Dangerously new: New technologies come with new pitfalls. Since the latest AI explosion, there’s been an abundance of reports pointing to potential compliance threats and new vectors of attack opening thanks to the implementation of AI. The risk is particularly high in the services sector.

• “Cybersecurity is a critical topic for the services sector”, commented Delfina Chain, CEO at risk and compliance platform Chaindots, in a previous interview. “Some will have to pay more attention to certain practices. In the case of software services, there are three major ones: cybersecurity, data privacy and third-party risks.”

Put it on paper: Given the relative newness of GenAI, companies are still trying to figure out how to tackle the risks that come with it. For now, covering their bases in writing seems to be the preferred way to go in third-party contracts.

• “The main concerns of the clients when it comes to AI are around confidentiality and intellectual property,” Adriana Sosa, General Counsel & Board Secretary at Fullstack Labs, told NSAM previously. “They put things on paper around matters of privacy, IP and confidentiality. That’s how most of them are currently handling AI.”

Far from steady: Most of the companies surveyed (46%) said GenAI is still in the piloting or deploying stage within their organizations. Only 21% assured they’ve reached the scaling-up stage.

• Text generation is the use-case which has advanced the most. Even then, only 7% have managed to apply GenAI in a steady manner for text generation. 

NSAM’s Take: CX providers have very good reasons to be concerned about data security and compliance issues. Beyond the reputational damage, data leaks and regulatory violations can turn into an administrative nightmare for even the biggest and most consolidated players in the market. Google’s lawyers have spent months in court dealing with alleged AI snafus that could prove very costly. Stories of AI chatbots ill-advising customers into wrong interpretations of company policies or even the law have become worryingly frequent.

Even then, it’s clear that the GenAI train is going full steam ahead. Business leaders are by now convinced of the transformative potential of the technology. Whether results will measure up to the hype doesn’t really matter anymore. Everyone seems to be jumping on the train, and no one wants to be left behind, even when they’re not entirely sure of the destination.

In such a context, the role of cybersecurity vendors and compliance officers will only grow more relevant within the services sector. Several CIO and CFO surveys already point to security being a top priority in tech spend, and top brass in Fortune 1000 companies seems to be paying more attention to matters of ESG and data compliance. We see a near-future in which tech leads and executives involved in the development and deployment of GenAI products are very familiar with the ins and outs of cybersecurity and compliance issues. 

Like any other disruptive technology, GenAI is expected to steamroll through business operations, transforming much of what’s in its path. In spite of their misgivings, CX leaders will have a single option: deploy the bots, but keep the leash relatively short.