Artificial Intelligence (AI) - a strategic ally for risk management & business continuity

  • 03 Jun 2020
  • Federica

Beyond the horizon a new scenario is emerging

When we talk about Artificial Intelligence (AI), we refer to the ability of a technological system to find solutions to problems or to perform tasks and/or activities typical of the human mind and skills.

AI, in computer terms, could be defined as the discipline that can build machines (hardware and software) capable of "acting" autonomously, i.e. solving problems, carrying out actions, etc.

We have now reached a technological maturity that can rely on enormously powerful hardware systems, capable of performing computational calculations that were previously unthinkable and, at the same time, developing a capability of analytics in real-time. Therefore, AI can prove to be a "valuable ally" and – through  advanced  analytics  (i.e. the correlations of events, habits, behaviors, attitudes, systems and geolocation data and monitoring of the movements of things and people) – assist in improving the efficiency and effectiveness of activities related to Risk Management & Business Continuity.

Thanks to " advanced analytics", AI can mitigate risks, protect data, prevent cybercrime, optimize supply chain management by connecting and also monitoring the entire supply chain and the players involved.

A magic potion for a resilient organization: AI, risk management and business continuity

Risk Management & Business Continuity frameworks must evolve, make a paradigm shift, and take preventive measures to ensure organizational resilience. In addition, more accurate monitoring and reporting will optimize the detections of possible risks that the organization would face. 

Today, more than in the past, Risk Assessment (RA) and Business Impact Analysis (BIA) rely on data management and analysis. Data collection can weigh up to 75% on Risk Management & Business Continuity processes; analytics solutions have also become strategic. AI and Machine Learning (ML) technology, applied to big data analysis, allows to create scenarios in "real time". Risks are automatically integrated with each other - without more "silos", as it happened in the past – providing a holistic view and taking into consideration both vertical and transversal scenarios made of interconnections and dependencies.

The "magic potion" of AI - triage of analytics and ML - contributes to:

  • Improve the processing of structured and unstructured data.
  • Identify and assess risks more accurately and in a noticeably short time.
  • Simulate worst case scenario models and tests, by identifying vulnerabilities and failure points in the organizational infrastructure.
  • Help create better disaster recovery plans by identifying "weaknesses" and inefficiencies in existing processes.
  • Determine the value of critical resources.
  • Help in increasing business efficiency.

Risk & Business Continuity Managers, by using AI, can spend less time on repetitive tasks and use connected devices to improve Risk Management & Business Continuity processes. Furthermore, a greater interaction/integration between the two disciplines – together with a continuous communication/comparison with the various business functions - promotes the verification of consistency of the work done in terms of Risk & Business Continuity management, organizational planning and business objectives, inclusive the need to comply promptly with the stringent regulations.

The "magic potion" reveals its effectiveness and efficiency in terms of:

  • IT Service Management – AI complies to the IT procedures and performs service management based on them, thus improving business continuity, preventing system failures, and reducing the likelihood of human error.
  • Automated Data Recovery – The process, by using AI, allows companies to respond much more proactively to potential threats vs. manual recovery systems.
  • Planned Disaster Recovery - AI is used in the development of the Disaster Recovery plan and, by processing the data contained in its database or by drawing them from Internet, can easily identify the most efficient solutions to implement and make better decisions
  • Identification and deletion of "contaminated" data – A properly programmed AI can detect error in the configuration of the application and any anomaly in the data collection and proceed to delete them.
  • Emergency Notification System - Depending on the severity of the disaster affecting the company, there is a need to inform the various actors involved (both inside and outside the organization). An AI-based Risk Management & Business Continuity system can be configured to activate an Emergency Notification System (ENS). According to the situation, the ENS will be able to choose the appropriate response from a pre-prepared list by type of emergency.  
  • Cyber Attack Monitoring – Risk Management & Business Continuity Managers are more and more focused on Cyber Security to prevent cyber-attacks. The increasing use of AI and ML helps in detecting whether a cyber threat is underway and what actions are needed to protect the organization.
  • Company brand & reputation management – Brands and corporate reputation can be safeguarded by using AI to monitor social media or traditional media to detect negative sentiment and promptly alerting companies and mitigate the "viral” reactions in real time.
  • Geopolitical apps to monitor naval routes – AI platforms can monitor, in real time, the "behavior" of ships, especially when transiting in critical geographical areas; they can notify any critical issue and, if the case, modify routes, thus mitigating the risks and avoiding costs of insurance coverage.
  • Predictive analysis – Processes and production systems are monitored by AI platforms that perform predictive analyses in terms of problems that may arise in the production process and suggest precautionary measures to prevent a disaster/crisis/disruption.

Although AI is a valuable ally, we need to continue to rely on human beings to ensure proper use of the same and monitor the associated risks, such as:

  • Algorithmic bias - ML algorithms are based on data that, once encoded, generate prediction patterns, rules, and decisions. Therefore, if such patterns reflect some existing biases, algorithms could amplify such distortions and produce results that reinforce existing discrimination.
  • AI overestimated capacity- AI systems do not understand the tasks they perform and rely on the data they have available; therefore they cannot be considered infallible and the reliability of their results can be compromised by unreliable, incomplete or poor quality data.
  • Programming errors – Programming errors could impact the operation of algorithms and, therefore, provide misleading results that could result in serious consequences.
  • Cyber-attacks – AI systems are increasingly being attacked by hackers, who want to steal personal data or confidential company information.
  • Reputational Aspects - AI systems handle large amounts of sensitive data and make critical decisions in different industries; thus, any distortion of the system - due to errors, breaches, or use for unethical purposes - can pose significant reputational risks to the organization that owns it.


AI will help in solving organizational problems, facilitating, and supporting decision-making through data-driven strategies, overcoming prejudices and instantly analyzing large data sets, making strategic decisions and improving human performance. Risk Management & Business Continuity Managers must act as "facilitators/promoters" of a calibrated "mix" of AI systems to be considered as capable and valuable "assistants" able to manage daily activities and better interpreter and manage information about risk, business continuity and data that, otherwise, could be lost.

The continuous change of scenarios will imply organizations constantly update risks and their management during the various stages of the Risk Management & Business Continuity framework and life cycle. AI is not empathetic, therefore, it will be necessary to ensure a balance between automation and the level of human involvement, in order to guarantee a correct approach to Risk Management & Business Continuity disciplines; it will be also fundamental to provide adequate technological training to staff to manage and improve the use of AI as "leverage" to ensure organizational resilience.

As we deal with “magic potions”, we need to remember that the necessary precautions are always required.

About the author

Federica Livelli

Business Continuity & Risk Management Consultant

In possesso della certificazione Business Continuity - AMBCI BCI, UK e Risk Management FERMA Rimap ® è consulente di Business Continuity & Risk Management. Svolge attività di diffusione e di sviluppo della cultura della resilienza presso varie istituzioni ed università. 

Socia AIPSA ed UNI.

Membro de:

·         Board del BCI Italy Chapter

·         Board ANRA

·         Advisory Board di LIUC-ODES Project

·         Advisory Board EU SIMARGL Project

·         Comitato Scientifico di CLUSIT

·         Comitato CLUSIT-Artificial Intelligence/Risk Management

·         Conduct Professional Committee – BCI, UK

·         Judge at the International Organizational Resilience Awards

·         UNI/CT 016/GL 02 "Sistemi di gestione per la qualità" (ISO/TC 176/SC 2), UNI/CT 016/GL 09 "Governance delle organizzazioni" (ISO/TC 309) e UNI/CT 016/GL 89 "Gestione dell'innovazione" (ISO/TC 279) (Commissione Tecnica UNI/CT 016 "Gestione per la qualità e metodi statistici")

Membro de: Associazione Donne 4.0 (Coordinatrice Commissione Reti) e Women for Cyber Security (Comitato Tecnico)

Docente di moduli di introduzione di: ISO 22301 - Business Continuity & Resilience (Università POLIMI–BOCCONI e Università di Verona, Università di Cagliari, Master Ambientale Università di Padova); ISO 31000 - Risk Management (Università Statale di Milano)

Relatrice e moderatrice in diversi seminari, conferenze nazionali ed internazionali.

Autrice di numerosi articoli su diverse riviste online, (i.e.: AgendaDigitale, Cybersecurity360, AI4Business, Risk Management360, EnergyUp, Blockchain4Innovation, Internet4Things, Industry4Business, ANRA - RM Magazine, ISPI online, Insurance Review, INsurzine, UNI Magazine online, The BCI Blog, Data Manager).

Partecipato, in qualità di co-autrice, alle edizioni 2020 e 2021 del Rapporto Clusit - Cyber Security.