New study reveals the risks of AI and sensitive data.
Regulated data — or data that organisations have a legal duty to protect — makes up 35 per cent of the sensitive data being shared with generative AI (genAI) applications such as ChatGPT and Microsoft Copilot, presenting a potential risk of costly data breaches to businesses.
Netskope Threat Labs research reveals three-quarters of businesses surveyed now completely block at least one genAI app, as they seek to limit the risk of sensitive data exfiltration. But with under 50 per cent of organisations applying data-centric controls to prevent sensitive information being shared in input inquiries, most are behind in adopting the advanced data loss prevention (DLP) solutions needed to safely enable genAI.
The research found 96 per cent of businesses are now using genAI — the number has tripled over the past 12 months. On average, enterprises use nearly 10 genAI apps, with the top one per cent of adopters using an average of 80 apps. With the increased use, enterprises have experienced a surge in proprietary source code sharing within genAI apps, accounting for 46 per cent of all documented data policy violations.
However, there are positive signs of proactive risk management in the security controls organisations are applying. Effective user coaching has played a crucial role in mitigating data risks, prompting 57 per cent of users to alter their actions after receiving coaching alerts.
“Securing genAI needs further investment and greater attention as its use permeates through enterprises,” says Netskope chief information security officer James Robinson. “Enterprises must recognise that genAI outputs can inadvertently expose sensitive information, propagate misinformation or even introduce malicious content. It demands a robust risk management approach to safeguard data, reputation and business continuity.”
Greenwashing
Mercer fined for misleading statements Landmark case for ASIC and the financial services industry.
The Federal Court has ordered Mercer Superannuation (Australia) Ltd to pay an $11.3m penalty after it admitted it made misleading statements about the sustainable nature and characteristics of some of its superannuation investment options. “This was ASIC’s first greenwashing case brought before the Federal Court — a landmark case both for ASIC and for the financial services industry,” says ASIC deputy chair Sarah Court. “It demonstrates the importance of making accurate ESG claims to investors and potential investors.”
The court found Mercer made misleading statements on its website about seven “Sustainable Plus” investment options offered by the Mercer Super Trust, of which Mercer is the trustee. These statements marketed the Sustainable Plus options as suitable for members “deeply committed to sustainability” because they excluded investments in companies involved in carbon-intensive fossil fuels like thermal coal. Exclusions were also stated to apply to companies involved in alcohol production and gambling.
More information is available here.
Merger laws
Australia’s merger laws are under review, with the consultation period having closed in August. The Australian Consumer and Competition Commission (ACCC) chair Gina Cass-Gottlieb notes the reforms are important “to achieve a simplified merger control framework that prevents harmful anti-competitive transactions and benefits Australian consumers and businesses of all sizes”.
“We are keen to ensure the new framework does not add complexity,” she says.
The government will consult separately on the notification thresholds that determine which mergers need to be notified to the ACCC.
Research by Treasury’s competition taskforce found that an estimated 1000–1500 mergers occur in Australia each year. However, only about 330 are notified to the ACCC under the existing voluntary merger regime.
“Having the right thresholds for proposed mergers to be reviewed by the ACCC will be key to the effectiveness of the proposed new regime and its ability to achieve the government’s policy objectives of preventing mergers that pose a risk to competition, consumers and the economy,” says Cass-Gottlieb.
“The new merger regime needs to strike the right balance between ensuring that potentially anti-competitive mergers are scrutinised — and where necessary, prevented — while minimising regulatory burden for acquisitions that do not have anti-competitive effects.”
More information is available here.
This article first appeared under the headline 'Staying Safe’ in the September 2024 issue of Company Director magazine.
Latest news
Already a member?
Login to view this content