ISACA identifies gaps in AI knowledge, training and policies
Thursday, 09 May, 2024
According to a new ISACA pulse poll of 3270 digital trust professionals, only 15% of organisations have AI policies, and 40% of organisations offer no AI training at all. These gaps are concerning given that 70% of respondents say staff are using AI, and 60% say employees are using generative AI (such as Microsoft CoPilot, Google Gemini and OpenAI’s ChatGPT).
The poll showed the most common uses of AI are:
- Increasing productivity (35%)
- Automating repetitive tasks (33%)
- Creating written content (33%)
A full 60% of respondents are worried or very worried that bad actors will exploit generative AI, with 81% saying the top AI risk is misinformation/disinformation. Yet only 35% say AI risks are an immediate priority for their organisation.
Respondents believe jobs will be significantly impacted by AI, with 45% saying many jobs will be eliminated over the next five years and 80% saying many jobs will be modified.
Jo Stewart Rattray, Oceania Ambassador, ISACA, said there is no doubt AI is shaping the future and redefining the very nature of work and future IT jobs.
“Despite workplaces experiencing a staggering increase in AI usage among staff, I’m not surprised that only 15% have AI policies in place and 40% offer no training to staff,” she said. “This technology has crept up on organisations in Australia and New Zealand quickly, and is changing rapidly, leaving little time and capacity for companies to develop and implement organisation-wide policies and procedures that will remain relevant.
“At the very minimum though, organisations should prepare a policy around AI usage to not only ensure consistency and accuracy of brand messaging and content, but to support security efforts.
“And as companies begin to expand job descriptions to include AI competency, prioritising diversity and inclusion is key. This not only broadens the talent pool but provides a strategic edge for organisations, as gender-balanced tech project teams promote diverse thinking and innovation.”
According to ISACA’s survey, those digital trust professionals working in fields such as information security, governance, risk and privacy are more optimistic about their own jobs with 78% saying AI will have a neutral or positive impact on their careers.
To achieve that neutral or positive impact and retain or advance their careers, 85% say they will need to increase their AI skills and knowledge within two years.
“AI is moving at a speed we haven’t seen before, with its use in organisations outpacing the policies, training and skills that are absolutely critical for making sure it is used securely,” said Shannon Donahue, ISACA Chief Content and Publishing Officer. “AI is quickly becoming a business imperative, and ISACA is fully committed to providing the tools, resources and training to help individuals and enterprises thrive in an AI world.”
ISACA is releasing a series of on-demand AI training, with three courses:
- AI Essentials: Explores foundational principles and applications of AI and provides a comprehensive overview of core AI concepts, algorithms and application of AI.
- Auditing Generative AI: Strategy, Analysis and Risk Mitigation: Explores generative AI, including considerations of usage, associated risks and its impact on auditing processes, with emphasis on security, ethical considerations, data governance and compliance with regulations.
-
AI Governance: Principles, Strategies and Business Alignment: Explores how governance practices apply throughout the AI lifecycle, from development and implementation to ongoing monitoring and maintenance, ensuring consistent and effective governance at every stage.
To access these and other ISACA resources around AI, visit www.isaca.org/ai.
Tenable launches autonomous patch management tool
The new Tenable Patch Management add-on allows teams to prioritise and even automate the...
Veeam launches updated Veeam Data Platform
The newest release of the Veeam Data Platform introduces capabilities such as a recon scanner for...
CrowdStrike to buy Adaptive Shield
CrowdStrike is augmenting its SaaS security capabilities through the acquisition of Israeli-based...