A recent study conducted by Blackberry has revealed that 75% of global businesses are either currently implementing or considering bans on ChatGPT and other generative AI applications within their workplaces. The decision to ban these applications is primarily driven by concerns over data security, privacy, and corporate reputation. The research included insights from 2,000 IT decision makers across North America, Europe, Japan, and Australia, and found that 61% of companies view these bans as long-term or permanent solutions.
The release of the OWASP Top 10 for LLMs last week has further emphasized the security and safety challenges associated with large language models (LLMs), which many generative AI chatbots are built on. This, coupled with the rapid growth and adoption of generative AI technology, has prompted organizations to acknowledge the need for specific generative AI security policies. Additionally, there is growing concern about whether generative AI is ushering in a new era of shadow IT.
Despite recognizing the potential for generative AI applications to increase efficiency, innovation, and creativity in the workplace, a staggering 83% of IT decision makers expressed concerns that unsecured generative AI apps pose a cybersecurity threat to their corporate IT environment. These concerns have motivated organizations to enforce complete bans on these applications. Interestingly, 81% of respondents still support the use of generative AI tools for cybersecurity defense, as a means to avoid falling victim to cybercriminals. Furthermore, 80% believe that organizations have the right to control the applications used by employees for business purposes.
Shishir Singh, CTO cybersecurity at Blackberry, advises organizations to adopt a cautious and dynamic approach when implementing generative AI applications in the workplace. While banning these applications may eliminate potential business benefits, Singh suggests that as platforms mature and regulations take effect, there is room for flexibility in organizational policies. The key lies in having the right tools in place to ensure visibility, monitoring, and management of workplace applications.
For CISOs (Chief Information Security Officers), developing appropriate security policies that both support business adoption of generative AI and effectively address associated risks is of utmost importance. The challenge lies in striking a balance between security and innovation without stifling the latter. Waiting to develop a security policy that caters specifically to the widespread use of generative AI may prove detrimental, as was the case with shadow IT. Businesses were slow to react from a security policy standpoint when personal technology started being used for corporate activities.
The findings from this research indicate a growing awareness and concern among organizations regarding the potential risks associated with generative AI. While there is recognition of the benefits this technology can bring, ensuring data security, privacy, and reputation protection remains a top priority. As generative AI continues to evolve and become more prevalent, organizations must proactively address these concerns through the development of robust security policies that strike the right balance between risk management and fostering innovation.