Artificial Intelligence (AI) - a strategic ally for risk management & business continuity

  • 03 Jun 2020
  • Federica

Beyond the horizon a new scenario is emerging

When we talk about Artificial Intelligence (AI), we refer to the ability of a technological system to find solutions to problems or to perform tasks and/or activities typical of the human mind and skills.

AI, in computer terms, could be defined as the discipline that can build machines (hardware and software) capable of "acting" autonomously, i.e. solving problems, carrying out actions, etc.

We have now reached a technological maturity that can rely on enormously powerful hardware systems, capable of performing computational calculations that were previously unthinkable and, at the same time, developing a capability of analytics in real-time. Therefore, AI can prove to be a "valuable ally" and – through  advanced  analytics  (i.e. the correlations of events, habits, behaviors, attitudes, systems and geolocation data and monitoring of the movements of things and people) – assist in improving the efficiency and effectiveness of activities related to Risk Management & Business Continuity.

Thanks to " advanced analytics", AI can mitigate risks, protect data, prevent cybercrime, optimize supply chain management by connecting and also monitoring the entire supply chain and the players involved.

A magic potion for a resilient organization: AI, risk management and business continuity

Risk Management & Business Continuity frameworks must evolve, make a paradigm shift, and take preventive measures to ensure organizational resilience. In addition, more accurate monitoring and reporting will optimize the detections of possible risks that the organization would face. 

Today, more than in the past, Risk Assessment (RA) and Business Impact Analysis (BIA) rely on data management and analysis. Data collection can weigh up to 75% on Risk Management & Business Continuity processes; analytics solutions have also become strategic. AI and Machine Learning (ML) technology, applied to big data analysis, allows to create scenarios in "real time". Risks are automatically integrated with each other - without more "silos", as it happened in the past – providing a holistic view and taking into consideration both vertical and transversal scenarios made of interconnections and dependencies.

The "magic potion" of AI - triage of analytics and ML - contributes to:

  • Improve the processing of structured and unstructured data.
  • Identify and assess risks more accurately and in a noticeably short time.
  • Simulate worst case scenario models and tests, by identifying vulnerabilities and failure points in the organizational infrastructure.
  • Help create better disaster recovery plans by identifying "weaknesses" and inefficiencies in existing processes.
  • Determine the value of critical resources.
  • Help in increasing business efficiency.

Risk & Business Continuity Managers, by using AI, can spend less time on repetitive tasks and use connected devices to improve Risk Management & Business Continuity processes. Furthermore, a greater interaction/integration between the two disciplines – together with a continuous communication/comparison with the various business functions - promotes the verification of consistency of the work done in terms of Risk & Business Continuity management, organizational planning and business objectives, inclusive the need to comply promptly with the stringent regulations.

The "magic potion" reveals its effectiveness and efficiency in terms of:

  • IT Service Management – AI complies to the IT procedures and performs service management based on them, thus improving business continuity, preventing system failures, and reducing the likelihood of human error.
  • Automated Data Recovery – The process, by using AI, allows companies to respond much more proactively to potential threats vs. manual recovery systems.
  • Planned Disaster Recovery - AI is used in the development of the Disaster Recovery plan and, by processing the data contained in its database or by drawing them from Internet, can easily identify the most efficient solutions to implement and make better decisions
  • Identification and deletion of "contaminated" data – A properly programmed AI can detect error in the configuration of the application and any anomaly in the data collection and proceed to delete them.
  • Emergency Notification System - Depending on the severity of the disaster affecting the company, there is a need to inform the various actors involved (both inside and outside the organization). An AI-based Risk Management & Business Continuity system can be configured to activate an Emergency Notification System (ENS). According to the situation, the ENS will be able to choose the appropriate response from a pre-prepared list by type of emergency.  
  • Cyber Attack Monitoring – Risk Management & Business Continuity Managers are more and more focused on Cyber Security to prevent cyber-attacks. The increasing use of AI and ML helps in detecting whether a cyber threat is underway and what actions are needed to protect the organization.
  • Company brand & reputation management – Brands and corporate reputation can be safeguarded by using AI to monitor social media or traditional media to detect negative sentiment and promptly alerting companies and mitigate the "viral” reactions in real time.
  • Geopolitical apps to monitor naval routes – AI platforms can monitor, in real time, the "behavior" of ships, especially when transiting in critical geographical areas; they can notify any critical issue and, if the case, modify routes, thus mitigating the risks and avoiding costs of insurance coverage.
  • Predictive analysis – Processes and production systems are monitored by AI platforms that perform predictive analyses in terms of problems that may arise in the production process and suggest precautionary measures to prevent a disaster/crisis/disruption.

Although AI is a valuable ally, we need to continue to rely on human beings to ensure proper use of the same and monitor the associated risks, such as:

  • Algorithmic bias - ML algorithms are based on data that, once encoded, generate prediction patterns, rules, and decisions. Therefore, if such patterns reflect some existing biases, algorithms could amplify such distortions and produce results that reinforce existing discrimination.
  • AI overestimated capacity- AI systems do not understand the tasks they perform and rely on the data they have available; therefore they cannot be considered infallible and the reliability of their results can be compromised by unreliable, incomplete or poor quality data.
  • Programming errors – Programming errors could impact the operation of algorithms and, therefore, provide misleading results that could result in serious consequences.
  • Cyber-attacks – AI systems are increasingly being attacked by hackers, who want to steal personal data or confidential company information.
  • Reputational Aspects - AI systems handle large amounts of sensitive data and make critical decisions in different industries; thus, any distortion of the system - due to errors, breaches, or use for unethical purposes - can pose significant reputational risks to the organization that owns it.


AI will help in solving organizational problems, facilitating, and supporting decision-making through data-driven strategies, overcoming prejudices and instantly analyzing large data sets, making strategic decisions and improving human performance. Risk Management & Business Continuity Managers must act as "facilitators/promoters" of a calibrated "mix" of AI systems to be considered as capable and valuable "assistants" able to manage daily activities and better interpreter and manage information about risk, business continuity and data that, otherwise, could be lost.

The continuous change of scenarios will imply organizations constantly update risks and their management during the various stages of the Risk Management & Business Continuity framework and life cycle. AI is not empathetic, therefore, it will be necessary to ensure a balance between automation and the level of human involvement, in order to guarantee a correct approach to Risk Management & Business Continuity disciplines; it will be also fundamental to provide adequate technological training to staff to manage and improve the use of AI as "leverage" to ensure organizational resilience.

As we deal with “magic potions”, we need to remember that the necessary precautions are always required.

About the author
foto fmrlivelli_050649368.JPG

Federica Livelli

Business Continuity & Risk Management Consultant

She is a Business Continuity & Risk Management consultant and Training Center Director at BeDisruptive Consultant.

She carries out activities aiming at improving awarness and development of resilience culture at various institutions and universities in Italy and abroad (POLIMI-BOCCONI University, University of Cagliari, Environmental Master University of Padua, LIUC University at Castellanza, SUPSI Lugano, University of Genoa).

Member of BCI Italy Chapter and ANRA  (Italian Association of Risk Manager& Insurance Manager) board; Scientific Committee of CLUSIT (Italian Association for Cyber Security), CLUSIT HEALTH Committee, CLUSIT Artificial Intelligence Commmittee ; FERMA (Federation of European Risk Management Associations) Digital Committee.


Speaker and moderator in various national and international seminars and conferences.

Author of numerous articles ref. various online magazines and publications in Italy and abroad.




"Organizations - to survive in the increasingly complex and erratic context arising from the pandemic and characterized by geopolitical and economic crises, ongoing conflicts, cyber-attacks and supply chain disruption must treasure the lessons learned. That is, they need to invest more in resilience, at all levels and  create a more flexible and secure ecosystem, able to anticipate, resist and recover from adverse and unexpected events that can compromise the organization's operations.

In fact, it is a matter of building a resilient, "antifragile" business model that presupposes the adoption of strategic disciplines such as risk management, business continuity and cyber security in an increasingly data-driven world.

The scenarios in which we find ourselves living require a sudden response and structured resilience. We can no longer wait for the unexpected, it's time to be proactive and anticipate it!"