Close Sidebar
COPYRIGHT © PROFESSIONAL EVALUATION AND CERTIFICATION BOARD 2021 ALL RIGHTS RESERVED
Now Reading
The Evolving Role of the Risk Manager in the Age of AI and Cyber Threats
Search for content, post, videos
Search for content, post, videos

The Evolving Role of the Risk Manager in the Age of AI and Cyber Threats

November 21, 2025

The Evolving Risk Manager

Prior to the development of Artificial Intelligence (AI), the general duties of the Risk Manager was to identify and assess the appropriate risks for their organization, analyze them and the organization’s vulnerabilities, propose risk treatment options and report on risk exposure to senior leadership, while developing an overall risk management strategy.

Now, with the rapid advancement of Artificial Intelligence (AI) as a recent technology across the globe, coupled with the ever-present threat of cybersecurity threats, the Risk Manager has to be ready and cognizant to adapt their approach to risk management. AI is more than a mere buzzword for both individuals and organizations nowadays.

The Risk Manager has to now be visionary, be able to learn, understand, and stay on top of any key AI developments, be in a position to create awareness and training on what really is happening with AI and how it applies to their specific environment, e.g. banking, manufacturing, telecommunication, etc., and make the link in terms of cybersecurity.

The evolving Risk Manager must consider creating a new category under the Enterprise Risk Management (ERM) framework, labeled AI Opportunities and Risks, and tailor it to your organization’s environment. The Risk Manager must take a pragmatic approach and act as a key communicator across all levels of the organization. They should be able to lead training and awareness initiatives that help colleagues understand what AI truly is, the different types and benefits it offers the company, and distinctions such as the difference between Machine Learning and Deep Learning.

AI and Cybersecurity Threats

Hackers are now using AI as the new technology to conduct Cybersecurity attacks. These are some of the following ways in which they conduct their nefarious activities:

  • AI-Powered Malware: Hackers are using AI technology to do cyber-attacks that are faster and more adept at bypassing regular security measures and launching more sophisticated attacks.
  • Deepfakes, Phishing, and Social Engineering: AI is increasingly being used to develop highly personalized phishing emails and even create voice or video deepfakes to deceive users into divulging sensitive information. A deepfake is a digitally manipulated image, video, or audio clip where a person’s face, body, or voice is altered so that they appear to be someone else, in order to spread false information.
  • Automated Vulnerability Discovery: AI tools can now scan and identify weaknesses in IT networks or systems at a speed which is impossible for humans to do, allowing for faster exploitation.
  • Threats to AI Systems Themselves: This is where the attackers can intentionally feed malicious or misleading data into an AI’s training set to corrupt its behavior and accuracy. This is also termed as data poisoning.

Some strategies to enhance cybersecurity and mitigate threats involving AI. 

AI Governance, Training, and Awareness

As an evolving Risk Manager, here are some solutions, which you can engage your leadership team to mitigate the threats of AI and Cybersecurity attacks.

First, combine your cybersecurity responses to the AI threats by combining them with implementation and continued compliance of regulatory frameworks such as ISO/IEC 27001, SOC 2, HIPAA, and NIST.

Second; if your country does not have any AI legislation in place at this time, a person can take a look at the European Union (EU) AI Act passed in 2024 and its classification of AI Systems based on their level of risk. The goal of the AI Act within the EU is to ensure that AI systems are used in a safe, transparent, and accountable manner. This legislation can assist in being a sort of a guide to create AI safety and security strategy within your organization. This requires establishing strong governance by ensuring a clear understanding of how AI relates to the organization and its environment, and by defining accountability and responsibility for the ethical and responsible use of AI systems. Ultimately, this helps senior leadership to improve their transparency and responsible use of AI decision-making, commitment, and trustworthiness.

Third, invest time and resources in cybersecurity and AI training to ensure all employees of an organization are up-to-date in terms of awareness, preparedness, and security in your organization. This will help to address any security gaps in terms of AI on the human resource or people-side of this area. Perhaps also consider taking certified training in PECB’s ISO 31000 Lead Risk Manager and/or ISO/IEC 42001 Artificial Intelligence Lead Implementer to strengthen your organization’s foundational and advanced knowledge.

Fourth, try to understand the ways in which hackers or bad actors can use AI tools to attack companies and extract information from persons and then determine the right solutions including accessing the right AI options to counteract these measures and protect your organization. For example, hackers employed AI-powered technology to mimic the voice of a CEO and tricked a senior member of the management team to send a large sum of money to a fake bank account. Another notable attack involved hackers using AI to generate malware and malicious scripts and inject them into databases to corrupt the organization’s information. In learning about the various ways hackers use AI to attack persons and companies, you can then look at potential weak points you need to improve or implement better controls to safeguard your critical assets. 

Fifth, ensure regular patching and updates on all your IT devices. This ensures that the latest security patches help to address known vulnerabilities.

Importantly, select a well-respected AI-powered security solution. In this case, the Risk Manager has to assist in advising senior leadership on utilizing the right AI technologies and tools for cybersecurity defense in this evolving landscape. AI algorithms can be utilized to detect anomalies, identify patterns, and automate threat response to have a more efficient and effective response to secure an organization’s operations and assist employees with a more meaningful threat intelligence, analysis, and response.

Conclusion

AI-powered cybersecurity attacks are going to be on the rise as hackers use this technology more frequently. As such, organizations must continue to evolve their overall security strategy to offer a multi-layer protection system to detect and counteract such advanced attacks. Many persons simply see AI as a threat to their jobs. Instead, to counteract and prevent this potential paranoia, the evolving Risk Manager has to take the time to understand how we can use AI to retrain, and perhaps support, persons in their current roles. Also, ensure that your organization’s defenses are maturing, staying up-to-date, and being proactive in terms of your security posture. Of course, always have a plan B and even C should the unfortunate situation arise with an appropriate and properly tested Business Continuity and Disaster Recovery strategy in place.

Nicholas Ramsey

Nicholas serves as the Chief Executive Officer (CEO) for N Ramsey Consultancy Ltd, which is a dynamic training and consultancy professional services company. He is a Certified Trainer and professional in the following specialized areas: ISO 31000 Enterprise Risk Management (ERM), ISO 45001 Occupational Health & Safety Management System, ISO/IEC 27001 Information Security Management System, ISO 22301 Business Continuity Management System, and ISO 9001 Quality Management System. Nicholas has over 20 years’ of experience working at various organizations such as KPMG, AT&T, Microsoft, Apple, University of the West Indies (UWI), UWI-ROYTEC, and Deposit Insurance Corporation (DIC) to name a few, across the industries of: Financial Services, Information Technology, Auditing and Consultancy, Telecommunications, and Tertiary Education. His degrees include a master’s degree in Information Technology from Georgia Southern University (GSU) and a bachelor’s degree in Communications from Florida Memorial University (FMU) in the USA. Additionally, Nicholas is a Certified IT Auditor (ISO/IEC 27001 Lead Auditor credential), a Member of The Institute of Internal Auditors (IIA), an Associate Member of The Business Continuity Institute (AMBCI), and possesses ITIL V3 certification. He is a former Tutor at the University of the West Indies at St. Augustine (UWI) and a former Lecturer at UWI-ROYTEC in Network Security, Systems Analysis & Design, Operating Systems Security, and End User Support. You can reach him at: https://www.nrconsultancyltd.com/

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Posts