Understanding the impact of AI on your risk profile: Lessons from retail, leisure and hospitality

The rapid integration of artificial intelligence (AI) into organizations across diverse sectors is reshaping risk profiles, demanding risk professionals in these sector re-evaluate their risk management strategies and how they approach regulatory compliance and operational resilience. Retail, leisure and hospitality are among those sectors significantly impacted by AI.

To provide insights on how AI is influencing real business and what measures organizations can consider to navigate the risks and opportunities, below, we take a look at some practical perspectives drawn from a WTW retail, leisure and hospitality industries roundtable, held in spring 2024.

The importance of understanding the AI regulatory landscape

The regulatory framework surrounding AI is complex and varies by region. In the European Union, for example, the Forthcoming AI Act aims to regulate AI systems comprehensively, focusing on safety, transparency and accountability. This act categorizes AI systems based on their risk levels and imposes stricter requirements on high-risk applications. For businesses operating within the EU, this means ensuring AI systems are compliant with these new regulations, which could involve significant adjustments in how AI technologies are developed and deployed.

In contrast, the U.K. currently lacks specific AI legislation but is moving towards a principles-based, cross-sectoral approach to AI regulation. This approach will likely rely on existing sectoral laws to impose the necessary guardrails on AI systems. This means businesses, need to take a proactive stance to align AI practices, even before formal legislation is enacted.

The impact of AI on risk profiles and risk registers

AI technologies are set to transform traditional risk management practices.

Currently, risk registers in many organizations remain manually updated and often lag behind the rapid pace of change in business environments.

AI can automate and enhance risk registers, providing real time, dynamic risk assessments. This capability can allow businesses to respond more swiftly and effectively to emerging risks.

However, integrating AI into risk management processes also introduces new categories of risk, including ethical considerations, data privacy issues and the potential for AI-driven decisions to go awry

AI impact on business resilience and supply chain

AI can significantly enhance operational efficiency and business resilience. In supply chain management, AI-driven systems can optimize inventory levels, predict maintenance needs and identify potential disruptions before they occur.

However, this increased reliance on AI also introduces new vulnerabilities. For instance, AI systems are only as good as the data they process; inaccurate or biased data can lead to flawed decision making.

The interconnected nature of AI systems also mean a failure in one area can have cascading effects throughout the supply chain. Such exposures mean you need to regularly stress-test your AI systems against various scenarios to be assured they can withstand unexpected challenges.

AI and workforce risk management

The deployment of AI will inevitably lead to changes in the workforce. Automation of routine tasks can free up employees for more complex and creative work, potentially leading to greater job satisfaction and productivity.

However, there's also a risk of job displacement and organizations must manage this transition carefully to maintain workforce morale and avoid potential backlash.

Training and re-skilling of employees will be critical, as will clear communication about how AI will change their roles and the nature of their work.

AI cyber risk considerations and challenges

As your business increasingly deploys AI, you must also enhance your cybersecurity measures. AI systems are prime targets for cyberattacks due to the valuable data they handle and their integral role in business operations.

Guaranteeing the security of AI systems involves not only traditional cybersecurity measures but also specific strategies tailored to the vulnerabilities of AI technologies. This includes protecting against data poisoning – where criminals compromise the training dataset used by an AI or machine learning model to manipulate operations – making sure the integrity of AI-driven decisions and guarding against potential manipulation of AI systems.

The integration of AI with other business systems introduces a range of interconnected risks. A single issue in one part of an AI-driven system can quickly spread to other areas, potentially leading to widespread operational disruptions.

It’s crucial you understanding these risks and how they can impact various aspects of your business and develop processes to capture and respond to interconnected risks generated by AI use. This will include developing robust contingency plans and maintaining a flexible and collaborative approach to managing risks, which includes stakeholders from across different business functions.

Board assessments for AI implementation

Boards have a vital role in overseeing AI implementation, ensuring AI strategies align with your organization's overall business objectives, rather than the business being led by the sometimes distracting capabilities if the technology.

As a risk professional, you can support the board by providing the tools and tactics for regularly reviewing the way AI deployment is changing your risk profile, ongoing monitoring of AI-related risks and ensuring your organization maintains transparency with stakeholders regarding its use of AI.

With strong leadership which doesn’t lose sight of the business’ core purpose in the context of AI and robust risk governance, your organization can leverage AI to enhance competitive edge while effectively managing the changing risks.

To discover more on a smarter way to manage emerging risks in the retail, leisure and hospitality sectors, get in touch with our industry specialists.

Find out more about how your organization can harness AI opportunities with the appropriate risk governance.