Thai businesses leaders are encouraged to strategically prepare for the integration of AI, with emphasis on data protection and cybersecurity as technology continues to transform operations, according to PwC Thailand.
Rishi Anand, Consulting Partner at PwC Thailand, discusses the impact of AI on cybersecurity and data governance. AI is significantly transforming various sectors in Thailand, enabling companies to automate business processes. While some discuss efficiency improvements, others test large models and agentic AI. Although adoption is underway, it's essential to remain vigilant about potential risks.
"Thai businesses adopting AI technologies, especially GenAI, face heightened risks related to data protection and privacy," Rishi said.
"With agentic AI, these risks extended to vulnerabilities within the agents, account takeovers, weak authentication, lack of governance, supply chain issues, data manipulation and, more importantly, cyber attacks," he said.
PwC's article 'Building trust in AI from the ground up: How you can secure the data behind it' indicates that data protection and trust have become paramount for business leaders, with 48% ranking them as their top cyber investment priority, surpassing technology modernisation at 43%.
AI models can produce misleading insights, create compliance risks and compromise sensitive information if the data is inaccurate and left exposed to security gaps. The PwC article suggests that businesses should address key data risks before unlocking AI's full potential. These risks include:
- Data quality: AI models trained on unstructured, redundant or outdated content may generate unreliable outputs, leading to poor decision-making.
- Data protection: Uncontrolled access to sensitive data, when combined with AI tools, can increase the likelihood of unauthorised access and data breaches.
- Data compliance: Without proper classification and oversight, AI-driven automation may process sensitive data in ways that violate privacy regulations.
- Data exposure: AI tools lacking adequate access controls can heighten the risk of insider threats, unauthorised data sharing and data leakage.
Managing data risks isn't just about minimising vulnerabilities; it's about building trust, improving decision-making, and ensuring AI compliance with regulations. Implementing robust governance and security measures can enable businesses to fully leverage AI's potential while mitigating risks, Rishi stated.
Adapting data governance amidst regulatory changes
Thai businesses must adapt their data governance strategies in response to increasing data volumes and evolving regulations. Many companies are now expanding frameworks to manage the role of AI in operations. However, outdated practices may lead to broader security challenges, such as weak encryption methods and inconsistent access control protocols, Rishi said.
"AI governance helps to establish trust among stakeholders. Trust begins with sound model design and development and extends through transparency, fairness, safety, and privacy considerations. At the core of AI integrity is the data itself, requiring vigilant protection to ensure security throughout its lifecycle," he said.
To establish robust AI governance, businesses should take the following actionable steps:
- Develop clear policies for AI model development and deployment
- Ensure transparency by documenting AI decision-making processes
- Conduct regular audits to assess compliance with privacy regulations
"Thailand's business landscape is poised to transition from basic AI applications to sophisticated, end-to-end solutions. We're seeing AI-powered processes and technologies making a substantial impact on client experiences, operational efficiency, and risk management. Sub-areas where AI can be applied include data and financial analysisspanning both reactive and predictive analyticsknowledge management, monitoring, and more," Rishi said.