Artificial Intelligence (AI) - a strategic ally for risk management & business continuity

  • 03 Jun 2020
  • Federica

Beyond the horizon a new scenario is emerging

When we talk about Artificial Intelligence (AI), we refer to the ability of a technological system to find solutions to problems or to perform tasks and/or activities typical of the human mind and skills.

AI, in computer terms, could be defined as the discipline that can build machines (hardware and software) capable of "acting" autonomously, i.e. solving problems, carrying out actions, etc.

We have now reached a technological maturity that can rely on enormously powerful hardware systems, capable of performing computational calculations that were previously unthinkable and, at the same time, developing a capability of analytics in real-time. Therefore, AI can prove to be a "valuable ally" and – through  advanced  analytics  (i.e. the correlations of events, habits, behaviors, attitudes, systems and geolocation data and monitoring of the movements of things and people) – assist in improving the efficiency and effectiveness of activities related to Risk Management & Business Continuity.

Thanks to " advanced analytics", AI can mitigate risks, protect data, prevent cybercrime, optimize supply chain management by connecting and also monitoring the entire supply chain and the players involved.

A magic potion for a resilient organization: AI, risk management and business continuity

Risk Management & Business Continuity frameworks must evolve, make a paradigm shift, and take preventive measures to ensure organizational resilience. In addition, more accurate monitoring and reporting will optimize the detections of possible risks that the organization would face. 

Today, more than in the past, Risk Assessment (RA) and Business Impact Analysis (BIA) rely on data management and analysis. Data collection can weigh up to 75% on Risk Management & Business Continuity processes; analytics solutions have also become strategic. AI and Machine Learning (ML) technology, applied to big data analysis, allows to create scenarios in "real time". Risks are automatically integrated with each other - without more "silos", as it happened in the past – providing a holistic view and taking into consideration both vertical and transversal scenarios made of interconnections and dependencies.

The "magic potion" of AI - triage of analytics and ML - contributes to:

  • Improve the processing of structured and unstructured data.
  • Identify and assess risks more accurately and in a noticeably short time.
  • Simulate worst case scenario models and tests, by identifying vulnerabilities and failure points in the organizational infrastructure.
  • Help create better disaster recovery plans by identifying "weaknesses" and inefficiencies in existing processes.
  • Determine the value of critical resources.
  • Help in increasing business efficiency.

Risk & Business Continuity Managers, by using AI, can spend less time on repetitive tasks and use connected devices to improve Risk Management & Business Continuity processes. Furthermore, a greater interaction/integration between the two disciplines – together with a continuous communication/comparison with the various business functions - promotes the verification of consistency of the work done in terms of Risk & Business Continuity management, organizational planning and business objectives, inclusive the need to comply promptly with the stringent regulations.

The "magic potion" reveals its effectiveness and efficiency in terms of:

  • IT Service Management – AI complies to the IT procedures and performs service management based on them, thus improving business continuity, preventing system failures, and reducing the likelihood of human error.
  • Automated Data Recovery – The process, by using AI, allows companies to respond much more proactively to potential threats vs. manual recovery systems.
  • Planned Disaster Recovery - AI is used in the development of the Disaster Recovery plan and, by processing the data contained in its database or by drawing them from Internet, can easily identify the most efficient solutions to implement and make better decisions
  • Identification and deletion of "contaminated" data – A properly programmed AI can detect error in the configuration of the application and any anomaly in the data collection and proceed to delete them.
  • Emergency Notification System - Depending on the severity of the disaster affecting the company, there is a need to inform the various actors involved (both inside and outside the organization). An AI-based Risk Management & Business Continuity system can be configured to activate an Emergency Notification System (ENS). According to the situation, the ENS will be able to choose the appropriate response from a pre-prepared list by type of emergency.  
  • Cyber Attack Monitoring – Risk Management & Business Continuity Managers are more and more focused on Cyber Security to prevent cyber-attacks. The increasing use of AI and ML helps in detecting whether a cyber threat is underway and what actions are needed to protect the organization.
  • Company brand & reputation management – Brands and corporate reputation can be safeguarded by using AI to monitor social media or traditional media to detect negative sentiment and promptly alerting companies and mitigate the "viral” reactions in real time.
  • Geopolitical apps to monitor naval routes – AI platforms can monitor, in real time, the "behavior" of ships, especially when transiting in critical geographical areas; they can notify any critical issue and, if the case, modify routes, thus mitigating the risks and avoiding costs of insurance coverage.
  • Predictive analysis – Processes and production systems are monitored by AI platforms that perform predictive analyses in terms of problems that may arise in the production process and suggest precautionary measures to prevent a disaster/crisis/disruption.

Although AI is a valuable ally, we need to continue to rely on human beings to ensure proper use of the same and monitor the associated risks, such as:

  • Algorithmic bias - ML algorithms are based on data that, once encoded, generate prediction patterns, rules, and decisions. Therefore, if such patterns reflect some existing biases, algorithms could amplify such distortions and produce results that reinforce existing discrimination.
  • AI overestimated capacity- AI systems do not understand the tasks they perform and rely on the data they have available; therefore they cannot be considered infallible and the reliability of their results can be compromised by unreliable, incomplete or poor quality data.
  • Programming errors – Programming errors could impact the operation of algorithms and, therefore, provide misleading results that could result in serious consequences.
  • Cyber-attacks – AI systems are increasingly being attacked by hackers, who want to steal personal data or confidential company information.
  • Reputational Aspects - AI systems handle large amounts of sensitive data and make critical decisions in different industries; thus, any distortion of the system - due to errors, breaches, or use for unethical purposes - can pose significant reputational risks to the organization that owns it.


AI will help in solving organizational problems, facilitating, and supporting decision-making through data-driven strategies, overcoming prejudices and instantly analyzing large data sets, making strategic decisions and improving human performance. Risk Management & Business Continuity Managers must act as "facilitators/promoters" of a calibrated "mix" of AI systems to be considered as capable and valuable "assistants" able to manage daily activities and better interpreter and manage information about risk, business continuity and data that, otherwise, could be lost.

The continuous change of scenarios will imply organizations constantly update risks and their management during the various stages of the Risk Management & Business Continuity framework and life cycle. AI is not empathetic, therefore, it will be necessary to ensure a balance between automation and the level of human involvement, in order to guarantee a correct approach to Risk Management & Business Continuity disciplines; it will be also fundamental to provide adequate technological training to staff to manage and improve the use of AI as "leverage" to ensure organizational resilience.

As we deal with “magic potions”, we need to remember that the necessary precautions are always required.

About the author

Federica Livelli

Business Continuity & Risk Management Consultant

Certificata in Business Continuity (AMBCI BCI, UK) e in Risk Management (FERMA Rimap ®), è consulente in Business Continuity & Risk Management e promuove la cultura della resilienza presso diverse istituzioni e università in Italia.

Ha una vasta e riconosciuta esperienza manageriale in diverse funzioni aziendali, in particolare nella gestione amministrativa, relazioni istituzionali ed eventi, facility & procurement management con le principali società internazionali.

Deputy Leader del BCI Italy Chapter, rappresentante italiana del Business Continuity Institute (BCI), UK e membro del BCI Professional Conduct Committee, UK, è anche membro delle seguenti associazioni: ANRA, FERMA, AIPSA, CLUSIT e UNI . Inoltre è membro del: Comitato Scientifico di CLUSIT, Comitato Women for Security , Adivory Board- EU ODES  Project & EU SIMARGL Project.

Docente in Moduli Introduttivi “ISO 22301 - Business Continuity & Resilience” al Corso “Cyber ​​Strategy & Governance”, realizzato in partnership da POLYTECHNIC MILAN e BOCCONI UNIVERSITY.

Autore di numerosi articoli su argomenti di Business Continuity & Risk Management pubblicati da diverse riviste online, come DigitalAgenda360, Cybersecurity360, AI4Business, Risk Management360, EnergyUp, Blockchain4Innovation, Internet4Things, Industry4Business, ANRA - RM Magazine, ISPI Online, Insurance Review, UNI Magazine online , Rivista Safety & Security, rivista Leadership & Management.