By Joe Logan, CIO, iManage
AI promises transformational power, but there are some things CIOs need to focus on to avoid any pitfalls, unlock its value, and best position the organisation for success.
1) Separate the hype from reality
Here’s what hype looks like: using AI to “radically transform the way you do business” or to “accelerate comprehensive digital transformation” or – heaven forbid – to “completely change our industry.” These are big statements – and absolutely dripping with hype.
Getting real with AI requires identifying specific use cases within the organisation where a particular type of AI can be deployed to achieve a specific goal. Maybe you want to reduce customer churn by 20% and have identified an opportunity to use chatbots powered by large language models to provide more effective customer service. That’s what reality looks like.
In separating the hype from reality, organisations gain the added benefit of clearing up misconceptions – at any level of the organisation – about what AI can and can’t do, thus performing an important “level set” around expectations.
2) Understand the implications for cybersecurity
On one side, any AI tool you’re using has access to data, and that means access needs to be controlled like any other system within your tech stack. The data needs to be secured and governed, and issues around privacy, sovereignty, and any other regulatory requirements need to be thoroughly addressed.
Organisations also need to be aware of the security measures required to protect the AI model itself from bad actors trying to manipulate that model. For example: prompt injection – inputs that prompt the model to perform unintended actions – can affect the model and its responses if not carefully guarded against.
The other side is understanding how to apply AI to cybersecurity. There are a growing number of use cases here where AI can help identify risks or vulnerabilities by analysing large amounts of data, helping organisations to prioritise the areas they need to focus on for risk mitigation.
While any usage of AI will require you to “play defense” on the security front, it will also enable you to “play offense” more effectively. In that sense, AI has multiple implications for cybersecurity.
3) Focus on the right kind of ROI
Regarding ROI for any AI investments, don’t narrowly focus on absolute numbers when it comes to metrics like time savings or cost savings. While well-suited to industrial workplaces that are churning out widgets every day, absolute numbers can be an awkward fit when applied to a knowledge work setting.
The advice here for any finance enterprise is: Don’t get hung up on the idea of actual dollars and cents or a specific number – instead, look for a relative improvement from a baseline. Rather than saying “We’re going to reduce our customer acquisition costs by $100,000 this year”, focus on reducing existing customer acquisition costs by 10%. Likewise, don’t focus on each junior associate in the organisation completing 5 more due diligence projects per calendar year; look to complete due diligence projects in 30% less time.
4) Give change management its due
Change management has always mattered when it comes to introducing new technology into the enterprise. AI is no different: Successful adoption requires a focus on people, process, and technology – with emphasis on those first two items.
A major challenge is educating the workforce intending to improve their AI literacy – enabling them to understand what’s possible and how they can apply AI to their daily workflows.
Know that a centralised model of control that dictates “this is how you can experiment with AI” is probably going to be ineffective – it will be too stifling for innovative individuals in the organisation. Far better to provide centers of excellence or educational resources to those people who are most inclined to take the initiative and move forward with AI experiments in their team or department.
One caveat: It’s essential to have guardrails in place as teams and individuals experiment with AI, to prevent misuse of the technology. That’s the tightrope that CIOs need to walk when introducing AI into the organisation: striking the right balance between “total control” and “freedom to explore, but with appropriate oversight and guardrails”.
The future of AI depends on what CIOs do next
The promise of AI is massive, but only if CIOs adopting the technology focus on the right areas – and that means filtering out the hype, keeping security implications top of mind, redefining ROI, and guiding change with a steady hand. By paying attention to these areas, CIOs can safely navigate a path forward with AI – and ensure that it isn’t just a technology with promise and potential, but one that delivers actual enterprise-wide impact.
