The Gray Rhino in the Room: Preparing for the Risks of AI

By Mykhailo Rushkovskyi – Originally published on RUNDERC

The “gray rhino” concept describes probable events that have a high impact on society. Unlike the unpredictable nature of Nicholas Taleb’s “black swan”events, gray rhinos, which was introduced as a concept by Michele Wucker (and written about in her book “The Gray Rhino: How to Recognize and Act on the Obvious Dangers We Ignore“) are visible and well-known risks that are often overlooked until it is too late. These risks are like a herd of rhinos, which are seen in the distance, and while we are aware of their potential danger, we cannot fully perceive their dimensions or predict when they will charge.

Gray rhinos are imminent risks that organizations must be prepared to handle. They require a framework in place to manage and mitigate the risks when they occur. Sometimes, multiple gray rhinos may stampede simultaneously, leading to a “crash” of rhinos, which can be devastating to society.

The development of artificial intelligence (AI), particularly Artificial General Intelligence (AGI), presents a “gray rhino” problem. AGI has the potential to revolutionize society, but it also poses a significant risk. AGI systems would have a broad range of cognitive abilities and could learn and reason about a wide range of topics, making them potentially more powerful than a human intelligence. However, the risks associated with AGI, such as unintended consequences or AI systems acting in ways that are not aligned with human values or goals, must be addressed.

OpenAI’s GPT-4 is being considered an early version of AGI system. Microsoft researchers have tested it and concluded that it’s exhibiting signs of AGI, capable of performing tasks that exceed human ability. Some sources report that GPT-5 is scheduled to complete training this December and that OpenAI expects it to achieve AGI.

The last week open letter signed by Elon Musk, Steve Wozniak, and other tech luminaries, argues that AI systems with human-competitive intelligence pose significant risks to society and humanity. The authors of the letter call for a pause in the training of AI systems more powerful than GPT-4 for at least six months highlights the need for a comprehensive risk management framework to mitigate the potential risks associated with AGI. It is crucial that such a framework involves a collaborative effort from various stakeholders, including policymakers, industry experts, and academics. It should be continuously updated and adapted as the development of AGI progresses, ensuring that it remains relevant and effective in mitigating potential risks.

Overall, the “gray rhinos” concept has significant relevance in the context of AI development, especially in the case of AGI. These risks demand a comprehensive risk management framework that requires a collective and coordinated approach from all stakeholders. It is imperative for organizations to anticipate and address the potential risks of AGI, like “gray rhinos”, to minimize their impact and ensure the responsible utilization of AGI’s benefits.

---

The image, shown below, features a gray rhino standing in the middle of a bustling business center. What makes this image remarkable is that it was generated entirely by AI for this article, utilizing a combination of machine learning algorithms and deep neural networks.

Welcome to the Metaverse

By Alexander Larsen, Originally published in Enterprise Risk Magazine (by The Institute of Risk Management)

How Real is the Cyber Threat?

Originally published by Strategic Risk Magazine

                                                                                                                                         

                                                                                                                                         

The power of Social media in business (Internally and Externally) & how Risk Management can enhance it.

Written by Alexander Larsen, Originally published in Enterprise Risk Magazine (IRM)

There is no doubt that involvement in social media activities is the source of a great number of risks to companies. But there are also risks to not having an online presence. Companies who are not active on social media could surrender ground to competitors, fail to attract a younger customer base, and could end up either not building a reputation – or slowly losing an already strong one.

Organisations cannot avoid social media risk by pursuing a policy of non-participation. Customers, journalists, or the public in general, can easily and quickly point out major faults with a company product or service to a large number of people. With enough attention, that can severely impact brand and reputation. Additionally, tweets can be sent out instantaneously from shareholder meetings, board meetings, or from interviews, leaving little time to prepare for a response. It is vital that organisations manage social media risk proactively.

Companies generally have two main concerns about social media. The first relates to risks to the organisation. For example, an employee that uses social media badly can expose a company to intellectual property and data leakage by saying too much about products and services. Or, extreme views expressed by staff on a company’s social media platforms could be interpreted as a reflection of the company’s own values. Viruses, hacker threat, or phishing attacks can all be introduced into the company network because an employee’s work and private login passwords are identical.

The second relates to the organisation’s social media presence. Where companies are active on social media, for example by having a forum, message board or Facebook page, they are exposed to any customers, members of the public, or disgruntled staff posting negatively about the company, or hijacking company-led social media campaigns. Internally, risks can arise from the inef cient use of social media. Often companies will have a presence on social networks but rarely update them, or have inconsistent
or con icting information, such as contact details, across the various networks. This can frustrate users and lead to missed opportunities.

Understanding social media

Keeping on top of social media-related risks should be straight forward if there is an effective enterprise risk management (ERM) programme in place. With reputation risks being at the top of corporate risk registers and board agendas, there is a need for the constant monitoring of reputation risks (such as social media presence) and mitigation actions should be implemented where needed.

But, as with all risks, you can manage them best when you identify them as early as possible – preferably before you even begin to have a social media presence. The best form of prevention is to be well prepared. When entering into social media, a company needs to focus on the purpose of doing so in the first place. Is it to attract talent, or improve customer engagement, for example? Once this is established, objectives can be set for the initiative. Different objectives will require varying approaches, not only to achieve the desired success, but also in how to mitigate the risks.

One of the mistakes many companies make when developing a social media plan is that it is often left to a single department, such as IT or marketing, rather than to a multi-disciplinary team.

Best practice indicates that representatives from risk, legal, compliance, management and any other affected departments should all be involved with the process. Having such a team in place will allow for proper preparation in terms of understanding the risks of using social media, and how to mitigate them, without having a negative impact on the initial objectives of the plan. Once a robust plan is ready, senior management should be informed, educated and commitment must be obtained.

Mitigating risks

Some companies have a total ban on employee access to social media. Others may decide that only certain sites are appropriate, and could help with the company’s online presence. If a business bans specific social media sites, it should consider the consequences of creating an unhappy workforce. An alternative is to have a completely open social network policy, but with an opt-in programme, whereby staff agree
to “friending” the organisation on their social media sites in return for being able to access it from work.

If employee access is given, there are some common steps companies can take to mitigate social media risk. First, the company should develop a social-media policy and train staff in its use. A social media policy can be short and sweet, or quite long and detailed. A company should consider having one for employee use of social media as well as a corporate social media policy (for those working with social media on behalf of the company). These should include an outline of the do’s and don’ts when posting online, information on the safe use of social media, off-limit subjects or data, as well as the consequences of being in breach of the policy. The legal department should be of use here.

Second, a company should monitor the comments and behaviour of staff on an ongoing basis in order to avoid reputational damage, or even from being held liable for comments made by employees. When using social media sites, there is a risk that staff will upload sensitive data, perhaps by accident, or that they download files which can contain viruses. IT will often restrict downloading or uploading on company computers,
as well as securing sensitive les. Enforcing virus and malware protection is another way that IT tends to protect a company but this needs to be con rmed by the team. This is another reason why having a multidiscipline team that includes IT is so effective.

Finally, dealing with customer complaints in an appropriate manner is vital. Companies should avoid directly deleting comments or negative posts, as well as avoiding aggressive or negative responses. Instead, a company should try to bring the conversation to another platform and try to deal with the complaint directly. Training will be a key element to successful complaints handling on social media.

Force for good

Something that risk managers may overlook with regards to social media is the potential benefits it can bring to risk management. Used in the right way, social media can be a strong tool for managing risks and opportunities, allowing risk managers to tap into an organisation’s most valuable resource – its employees.

Google is a prime example of using social media tools to minimise risk and maximise opportunity.
For example, Google Moderator allows project leaders, R&D teams and top management to post their ideas, initiatives or innovations for

anyone within the organisation to challenge or ask questions about. Voting within the tool allows many of the questions most relevant, or most concerning, to employees to be pushed to the top of the pile.

Not only does the use of such a tool involve the workforce, and thus increase staff morale, but it can drive the success of major change management initiatives (for example after a merger) if everyone feels that their voice is being heard and considered. It can also potentially highlight key risks to a product launch that may not have previously been identified by a project team working on its own. It was so highly thought of that the Obama administration used it when transitioning into office to make the process of change more successful.

A couple of other initiatives that Google has implemented include Google’s weekly all-hands meetings, where employees ask, through social media tools, questions directly to the company’s top leaders and other execs about any number of company issues. Again, this concept can be used by risk managers to capture risks and opportunities from across the organisation.

Perhaps a more obvious risk tool for risk managers would be to implement something similar to the Google Universal Ticketing Systems – GUTS – which allows users to report issues, and is then reviewed for patterns or problems. Adapting this to a more risk-based solution could really support an organisation in identifying risks or trends before they happen. It can allow the reporting of risks from anyone in an organisation, bypassing more senior employees who may try to stop these risks from being reported. Such a tool could serve as a tool to escalate risk past local management.

Continuity

Business continuity can benefit greatly from social media by, for example, connecting stakeholders to internal staff during an incident. Many countries are already using social media, such as Twitter or Facebook, to issue hurricane and tsunami warnings to citizens on top of the more traditional alarms. This not only informs the local population who are in immediate danger, but also allows family members or friends who are signed up to the service to receive these notifications.

A similar approach should be considered by companies when it comes to spouse management during a major incident. Companies who operate in dangerous locations such as war zones, politically unstable regions, or on offshore oil platforms, should consider offering employees’ spouses the opportunity to connect to a specific company emergency social media page. This page can be the main hub of communication for spouses should an emergency occur. Not only will they get regular and factual updates, but they can post questions and even comfort each other by having a community of people in similar situations as themselves. This could be extended to include sites for connecting with stakeholders during an incident whether it be suppliers, clients or even the media.

Social media has already been used successfully during earthquakes in Japan. Pages were set up on Facebook to keep the public up to date, whilst Microsoft worked with partners to create local applications such as J!ResQ – a smart phone application for emergency contacts– to help people and family and friends and to aid relief efforts with aid agencies. Looking more internally, business continuity plans will have steps that include informing staff of job status, whether to stay at home, work from home, work from an agreed second location, or even return to work. Using an internal social media tool can greatly improve the efficiency of this message compared to more traditional methods such as a phone call to every staff member.

Getting over initial worries about the use of social media can turn many of the risks associated with these technologies into opportunities. By carefully working through the threats and mitigating risk, risk managers can help their businesses benefit from these powerful tools.