Tim ZylaWith AI beginning to find widespread use across BPO and IT operations, companies are grappling with how to best face customer demands without running into regulatory or cybersecurity risks.
Security and compliance experts for years have stated that security and speed can be mutually exclusive with the proper framework, but companies still fall victim to rushing products out the door.
Lawsuits against top companies have run the gamut, with headlines often referring to “ransomware” situations or regulatory complications. In 2022 and 2023, the industry seemed to have a peak in legal activity against some of the top service providers — but compliance experts warn the risks haven’t completely subsided.
The World Economic Forum released a report last year detailing the landscape of global cybersecurity at tech-facing companies, and found many operations are woefully underprepared to face growing security threats.
“While 66% of organizations expect AI to have the most significant impact on cybersecurity to come, only 37% report having processes in place to assess the security of AI tools before deployment,” the report reads.
The study, co-penned by Accenture’s Global Security Lead Paolo Dal Cin and WEF Managing Director Jeremy Jurgens, says ransomeware attacks are still some of the most feared among those in the global business services realm. Due to the lucritive nature of cyber crime, the WEF noted that traditionally “violent” crime groups across the globe are beginning to explore the creation of cyberattack operations.
Susana Sierra, CEO of BH Compliance, has repeatedly warned of reputational risks that can come from a single security event that draws large media attention or even accusations.
“The real danger is often not committing a crime, but being accused of one,” she said.
That push for velocity is reshaping buyer expectations across IT services and BPO. While cost remains important, speed and predictability are increasingly driving sourcing decisions. At the same time, faster delivery models are exposing areas for cyber threats.
That risk was a central theme earlier this month at the Global South Cybersecurity & Data Privacy Summit 2026, a four-day virtual event hosted by the Global South Professional & Economic Network that brought together technical teams and executive leadership from across the Caribbean.
The summit focused on what organizers described as the “Legacy Trap” — organizations layering artificial intelligence and automation onto aging systems without upgrading security and governance frameworks, making them prime targets for ransomware and data-privacy breaches.
“The Caribbean is under-resourced and over-targeted,” said Douglas Davidson, co-founder of GSPEN. “Cyber threats are no longer just an IT issue. They require cross-functional collaboration from the boardroom to the server room.”
Discussions at the summit highlighted a growing tension facing nearshore providers and their clients: AI-driven speed without governance can amplify risk as quickly as it boosts productivity.
Sessions addressed AI governance, data sovereignty, and crisis response, alongside a keynote on “Breach Economics” from Niel Harper, Chief Trust Officer at Hugo. Regional cybersecurity leaders including Godphey O. Sterling, Director of the Jamaica Cyber Incident Response Team, and Kellye-Rae Campbell, Group Head of Privacy at Digicel Group, emphasized that emerging markets face increasing exposure as digital transformation accelerates.
Add comment