Three-quarters of global businesses are currently implementing or considering bans on ChatGPT and other generative AI applications within the workplace due to risks to data security, privacy, and corporate reputation. This data is based on research conducted by Blackberry, which found that 61% of companies deploying or considering generative AI bans view these measures as long-term or permanent.

Blackberry’s findings are derived from a survey of 2,000 IT decision-makers across North America, Europe, Japan, and Australia. The results come in the wake of the publication of the OWASP Top 10 for LLMs, which outlines the key security and safety challenges associated with large language models (LLMs) commonly used by generative AI chatbots.

As the growth and adoption of generative AI technology increases within businesses, organizations are recognizing the need to establish specific generative AI security policies. Furthermore, concerns surrounding data security have been a driving force behind the inclination towards implementing complete bans.

Although the majority of IT decision-makers acknowledge the potential for generative AI applications to increase efficiency, innovation, and creativity in the workplace, 83% of them express concerns about the cybersecurity threats posed by unsecured generative AI apps. This has led to a favorable response towards organizations controlling the applications used by employees for business purposes.

According to Shishir Singh, CTO cybersecurity at BlackBerry, organizations should approach the use of generative AI applications cautiously while remaining dynamic. Singh recommends having the right tools in place for visibility, monitoring, and management of workplace applications, rather than implementing complete bans. He suggests that, as platforms mature and regulations take effect, flexibility can be introduced into organizational policies.

Chief Information Security Officers (CISOs) are urged to prioritize the development of generative AI policies that effectively address security risks without stifling innovation. It is crucial for CISOs to create business-aligned security policies that support the adoption of generative AI technology while mitigating risk. Delaying the establishment of appropriate security policies for generative AI’s pervasiveness could result in a situation similar to the slow response to personal technology being used for corporate activities, known as shadow IT.