Board-Level AI Crisis Preparedness Dinner
Archive
NACD Northern California
Contact Us
Lisa Spivey,
Executive Director
Kate Azima,
Director of Partnerships & Marketing
programs@northerncalifornia.nacdonline.org
Find a Chapter
About The Event
NACD Northern California board directors gathered for an evening of strategic dialogue and crisis preparedness on the various risks that boardrooms are facing when it comes to the use of AI.This interactive session was led by industry experts from Foley & Lardner, GHD Digital, Heffernan Insurance Brokers, and Joele Frank.
Although the groups discussed many ideas relating to the specific scenarios, below are some general key takeaways from the evening:
Incident Response Protocols:
Boards should ensure that management has crisis communication protocols in place with defined escalation paths for different levels of AI-related risks. Boards should have an incident response team and a phone tree/key contact list for key stakeholders, including law enforcement and external counsel, in place before an incident occurs.
- Do we have a crisis communication plan in place specifically for AI-related incidents? If not, what steps are we taking to develop one?
- Have we established a clear escalation protocol for AI crises? How quickly can we be briefed in the event of an AI-related security breach or public relations issue?
- Has the C-suite clearly outlined their incident response protocols for AI-related crises (are these protocols aligned with the board's expectations)?
- Have we designated an internal incident response team, including our legal counsel and external advisors, to manage AI-related crises?
AI Crisis Management:
With AI integration in company systems and networks, boards must understand the unique risks AI poses to a company’s operations, customer trust, and public image and where the company is exposed and try to mitigate these risks before a crisis takes place.
- What AI integrations do we have, and where are the vulnerabilities in the company's systems?
- Are we conducting tabletop exercises to simulate AI-related crisis scenarios and ensure our teams are prepared?
- How frequently are we revisiting and updating our communication and incident response plans to ensure that we remain prepared for emerging AI risks?
Materiality and Regulatory Compliance:
Boards should have an understanding of what constitutes a material incident for their business, particularly in a highly regulated environment where incidents could quickly escalate in significance.
- What constitutes a material incident in the context of AI? How do we assess and determine materiality when it comes to AI risks?
- Are we confident that our compliance policies are updated to address AI-related risks, especially in healthcare or regulated industries?
Insurance:
Boards should engage in proactive conversations about their insurance coverage, especially when related to cybersecurity concerns and what new risks AI may introduce to the company and ensure the right insurance is purchased.
- Have we discussed with our insurance carriers how AI risks are covered under our current policies, particularly in the event of a crisis?
- Is our cybersecurity insurance policy updated to reflect the specific risks introduced by AI integration in our operations?
Collaborative Networks and Crime Response:
AI crises may escalate to crime scenes (e.g., a cyberattack). It’s critical to engage with law enforcement and other partners in advance of an incident to ensure they understand your business and you have an open dialogue with them already. Having an audit/risk committee chair actively involved in managing these crises is crucial, along with designating a negotiator and getting financials in order.
- Do we have pre-established relationships with law enforcement or other key partners in place to manage an AI-related crisis effectively?
- Is the board actively involved in ensuring that the risk and audit committees are prepared for AI-related crises?
Financial Considerations in Crisis:
Boards need to be prepared for decisions about paying for ransom or other demands during an AI-related crisis. Financials should be reviewed in advance to understand the pros and cons of these decisions.
- Know what regulations apply to the crisis and whether there is an obligation to disclose the incident.
- Do we have clear guidelines for deciding whether to pay any ransom or financial demands during an AI crisis? What financial resources have we set aside for such scenarios?
- Are we aware of the legal obligations related to disclosure in the event of an AI-related crisis, and which regulations would apply?
This event was generously hosted by: