Leaders need more clarity on UK AI regulation
As the UK government shows signs of accelerating the regulation of AI locally, Vanta has released new data from its State of Trust study revealing that over half of UK leaders (56%) say they would be more likely to invest in AI if the technology was regulated.
In the security space in particular, respondents believe the biggest transformation potential of AI will be improving the accuracy of security questionnaire responses and eliminating manual work (43%).
However, as businesses continue to grapple with existing regulation, such as GDPR, many leaders (57%) are concerned that secure data management will become more challenging with AI adoption, more than the global average. As a result, UK leaders rank ‘keeping up with evolving regulation’ as their top security concern – more than the US (31%) and significantly higher than other parts of Europe such as France (27%) and Germany (26%).
Assessing the impact of AI on companies’ security
The findings were discussed at a roundtable on 24th April 2024 at the Gherkin in the City of London.
Jadee Hanson, Chief Information Security Officer of Vanta commented: “We found that only 9% of the average UK company’s IT budget is dedicated to security, with companies trying to do more with less at a time when the risks are higher than ever. AI adds another layer of complexity to this equation. However, while AI offers both new opportunities and new risks, when done right, it can dramatically accelerate security workflows, enabling teams to focus on strengthening their security posture and building customer trust.”
Sarah Armstrong Smith, Chief Security Advisor at Microsoft noted: “A lack of AI regulation in the UK does not mean organisations should avoid it entirely. At this stage, companies can prioritise engaging with tools and organisations that have published an AI code of conduct or commitments to how they are using it transparently and ethically. Many of the AI tools that are available are built on these principles, particularly at larger technology companies. Crucially, IT and security teams must ensure that there is a strong line of communication with other teams in the organisation that may be experimenting with AI and vice versa to ensure that there is a constant awareness of the AI tools being used within an organisation so that IT teams can effectively vet these tools.”
Simon McDougall, Chief Compliance Officer at ZoomInfo comments: “Never has the role of security compliance and data management been so important for businesses. At a time when technology is evolving so quickly, companies need assurance that their own security posture is watertight in the face of increased risk and threats from bad actors. However, many teams cannot afford to give the time to compliance, faced with reducing budgets and resources. It is for this reason that security compliance is ripe for disruption from AI. If companies can successfully balance the risk and reward of AI, they will drastically improve their security posture in the long run and become proactive vs reactive to security threats.”
Accelerating the future of trust for the enterprise
Hot on the heels of this roundtable discussion, Vanta will launch a host of new AI features to help protect businesses. On 1st May 2024, Vanta will launch Vanta AI and Questionnaire Automation in Trust Centres, enabling enterprises to proactively and reactively demonstrate their security and compliance, automatically.
Vanta Trust Centres significantly reduce the manual, repetitive tasks hampering enterprise security and sales teams by unifying their security program management and accelerating the security review process, all from within Vanta. Available on 1st May in beta, Vanta AI-powered Trust Centres provide prospects with not only the documentation they’re looking for, but answers they need. Visitors to an organisation’s Trust Centre can ask questions through a conversational interface, and Vanta AI will generate answers based on the rich foundation of resources already available in the Trust Centre.
While Trust Centres reduce the time and steps needed for organisations to share their security posture with customers, teams are still bogged down by the manual drain of lengthy security questionnaires that often ask for the same security and compliance information in slightly different ways.
Questionnaire Automation in Trust Centres harnesses the power of Vanta AI to save time by generating suggested responses for security teams to review and approve, rather than starting from scratch each time. By analysing previously submitted questionnaires – along with existing security documentation – Vanta creates a comprehensive knowledge base to draw from and generate responses, updating in real-time even as policies evolve. Whether it’s a form, a spreadsheet, or third-party portal, Vanta can export questionnaire responses in whatever format prospects require.
Vanta doubles down on international momentum
This roundtable discussion also comes at a time when Vanta is doubling down on its international momentum. This week, Vanta hosted its first UK user conference, VantaCon UK bringing together security leaders, AI experts and investors, and Vanta customers to discuss where the future of trust is headed. This comes just 18 months after Vanta went global with the opening of its EMEA headquarters in Dublin and APAC headquarters in Sydney.
The international team has grown almost 300% year over year, and Vanta is continuing to expand its global footprint this year with the addition of a local presence in London.
Vanta has also made product investments to meet the compliance and security needs of its international customers, including opening its EU data centre, localising product capabilities, and launching support for Cyber Essentials and ISO 42001.