Corporate Risk Radar podcast series: APAC | Episode 4 | Businesses in APAC must remain vigilant, as AI and cyber security risks top the agenda

For the fourth episode of the Corporate Risk Radar Podcast Series, host Eva Maria Barbosa is joined by two guests from Asia Pacific: Fei Kwok, Managing Partner of the Hong Kong office, and Thomas Choo, Managing Partner of the Singapore office, specialising in corporate and employment law, and with an increasing focus on cryptocurrency and digital assets. Drawing on Clyde & Co’s Corporate Risk Radar research, they focus on digital transformation risks across the region, relating to artificial intelligence (AI), cyber security, and cryptocurrency.

Beginning with AI, Kwok and Choo discuss the positive and negative sides of the technology, the key risks for businesses, along with mitigation strategies, and how the regulatory environment is evolving. Guests then discuss cyber security threats, including organisations’ legal and contractual obligations, the potential penalties, and the steps they need to take to protect their systems and reputation. Finally, Choo provides a high-level view of the cryptocurrency landscape, the biggest risks, and how regulation is developing.

The discussion begins on the rapid development of AI, with Kwok stressing its importance: “The business community needs to embrace AI and learn how to work with it.” However, while AI has the potential to drive significant productivity and cost benefits, there are numerous potentially negative side-effects and risks, spanning data protection, data bias, IP issues, questions of liability and accountability, and employment issues. 

Organisations therefore need to implement thorough testing and monitoring to manage the technical risks of AI, while keeping an eye on regulation, which Kwok explains are “in the process of development,” but will advance rapidly, as understanding of the technology improves. Choo advises that “organisations need to stay informed about these evolving regulations and ensure they comply… otherwise it can result in legal penalties and reputational damage.”

Choo goes on to outline current cyber compliance obligations, including timeframes for reporting, safeguarding data, and following established security standards and practices. Organisations must also consider security measures outlined in partner and supplier contracts and be aware that board directors can now be held liable in the event of an attack. Legal action can also come from customers, shareholders, or other stakeholders, in cases where a company’s brand or reputation has been impacted.

In Hong Kong, cyber risk awareness is on the decrease amongst SMEs, despite the region being a significant target for attacks, particularly ransomware. Kwok says businesses “must not compromise their cybersecurity budgets and resources,” and regularly review the effectiveness of cyber controls across technology, employees, suppliers, and, increasingly, remote workers, IoT devices, and cloud services. Although, she notes that China’s recent relaxation of the Data Transfer Regulations has eased compliance for businesses somewhat.

Choo provides a far-reaching view of the risk and regulatory landscape in the cryptocurrency space, as companies prepare for the Markets in Crypto-Assets Regulation (MiCA), the new EU legal framework for crypto assets. While the impact will vary across sectors and size of organisations, Choo recommends various measures including compliance teams, technology and third-party vendor assessments, strict data governance practices, incident response plans, and employee training and awareness programmes. As with other emerging technologies, Choo explains that regulations are evolving, so “businesses in this industry must remain agile and be prepared to adapt to new regulations as they emerge.”

Finally, Kwok discusses how organisations can effectively balance the risks posed by AI with the longer-term potential for profitability, concluding that there is “no single or easy solution,” but that “we can't escape AI… and we need to work really hard to resolve the conflicts, the risks, and also the fear in terms of deploying AI into our operations going forward.”