The rise of generative artificial intelligence (GenAI) in the workplace is becoming increasingly common, but many companies lack the necessary policies and training to ensure its proper use. A recent survey by tech professional body ISACA found that while nearly three-quarters of European organizations use AI at work, only 17% have a formal policy governing its use. However, the adoption of GenAI is increasing, with 45% of respondents stating that its use is permitted in their organization, compared to 29% six months ago. Furthermore, 62% of those surveyed are using GenAI to create written content, boost productivity, and automate repetitive tasks.
The survey also revealed a lack of understanding around AI. Only 24% of respondents described themselves as extremely or very familiar with AI, while 74% reported being somewhat familiar or not familiar at all. Despite this, 61% expressed concerns that GenAI could be exploited by malicious actors. Business and IT professionals identified misinformation and disinformation as the biggest risks of AI, but only 21% were confident in their ability to spot it.
Furthermore, the survey indicated a lack of attention to ethical AI standards and concerns such as data privacy and bias. Only 25% of respondents felt that organizations were giving enough attention to ethical AI standards, while just 23% believed concerns about AI were being properly addressed. However, while 38% of respondents expected job elimination through AI in the next five years, 79% believed that jobs would be modified. Digital trust professionals were more optimistic about AI’s impact on their career, with 82% expecting a neutral or positive impact.
To address these issues, ISACA emphasized the need for education and training around AI. It highlighted the importance of understanding the technology to create value and address potential risks. Companies were advised to train their personnel on AI and ensure awareness of its risks is widespread, beyond just experts. Additionally, ISACA recommended having the right experts, such as chief information security officers, privacy experts, and risk experts, who can educate the board and develop policies tailored to the organization’s specific context.