Managing AI risks in the Public Sector

Abstract

Ensuring organisations are safe from cyber-attacks requires the contribution of every staff member and this also applies to AI risk mitigation. Organisations must assess and implement strategies that ensure AI risk mitigation is not just the responsibility of the cybersecurity team (who are always in short supply), but the entire organisation from the front-line staff who need to classify documents correctly, to the cybersecurity engineers who implement technology solutions to mitigate risks, and top management who drive and implement effective AI strategies, policies and investment prioritisation. In this study, we examine how the distributed digital leadership (DDL) framework can be used to enable agencies across government to mitigate AI risks in the public sector. We conducted semi-structured interviews with cybersecurity practitioners from public sector agencies and determined that AI risk mitigation is indeed everyone’s responsibility – spanning people, process, technology and data controls. Using the distributed digital leadership (DDL) framework, we provide actionable suggestions on how collective, and collaborative risk mitigation strategies can be implemented across the public sector by making everyone competent in their respective job role responsibilities. We suggest that a well-aligned DDL can help cushion the skills shortage risks in cybersecurity and the overall management of AI risks in the public service.