May 2026 contributions transactions: 19,853,195
May 2026 rollover transactions: 199,005
May 2026 total superannuation transaction messages: 65,324,819

AI, Insider Risk and the Importance of Cyber Security Fundamentals

 

During GNGB’s June STN Cyber Forum, cybersecurity leaders explored how artificial intelligence is reshaping insider risk, governance and security practices, and why strong fundamentals remain the foundation of cyber resilience. As artificial intelligence becomes increasingly embedded in business operations, organisations are grappling with new questions around governance, security and accountability. GNGB welcomed Min Livanidis, Chief Security Advisor (Public Sector, Health and Education) at Microsoft ANZ, for an informal discussion on insider risk, AI adoption and the practical steps organisations can take to strengthen their security posture.

While AI is often portrayed as a disruptive force creating entirely new categories of risk, one of the key themes to emerge from the discussion was that many of the challenges organisations face today are not fundamentally new. Rather, AI is amplifying existing governance, identity and security issues that organisations have long struggled to address.

 

Insider Risk is About More Than Malicious Insiders

Insider risk is often associated with employees deliberately stealing data or causing harm. However, Livanidis argued that this narrow view overlooks the broader purpose of insider risk programs. At its core, insider risk management is about understanding how people interact with organisational resources throughout their lifecycle. From onboarding to offboarding and identifying the pathways through which risk can be introduced, whether intentionally or unintentionally. “Most people are simply trying to do their jobs,” she explained. “The more we understand how people interact with technology, the better we can reduce the risks that arise from everyday behaviours.” This perspective becomes increasingly important as AI tools become part of daily workflows and employees look for new ways to improve productivity.

 

AI Doesn’t Replace Governance

One of the strongest messages from the session was that organisations do not need to reinvent their security strategies for AI. Instead, AI reinforces the importance of existing governance disciplines, including:

  • Identity and access management
  • Data governance
  • Security policies and controls
  • Accountability and ownership
  • Risk management frameworks

 

According to Livanidis, organisations that already have strong governance foundations are far better positioned to adopt AI safely than those attempting to deploy AI without clear oversight. “There will never be a time when organisations don’t need good governance – adequate identity management and strong data governance,” she noted. Rather than treating AI governance as a separate discipline, organisations should integrate AI considerations into existing governance and enterprise risk frameworks.

 

Identity Remains the Foundation of Security

When asked what single control organisations should prioritise to reduce AI-related risk, Livanidis’ answer was clear: identity. As organisations begin deploying AI agents and agentic workflows, the number of identities within an environment may increase significantly. These agents require permissions, access controls and ongoing oversight, much like human users. Questions organisations should be asking include:

  • What does this agent have access to?
  • What should it have access to?
  • Who owns it?
  • Who is accountable for its operation?
  • What happens when the original creator changes roles or leaves the organisation?

 

The panel discussed the importance of avoiding the creation of a new generation of unmanaged digital assets that could become tomorrow’s legacy security problem. Maintaining visibility, ownership and accountability for both human and non-human identities will be critical as AI adoption grows.

 

The Real Risk May Be Over-Reliance on AI

While much of the public conversation focuses on cyber-attacks, data leakage and AI-generated vulnerabilities, Livanidis highlighted another emerging concern: over-reliance on AI systems. Unlike traditional software, large language models are probabilistic rather than deterministic. Their outputs are not guaranteed to be correct, consistent or complete.

This creates risks when users:

  • Accept AI outputs without validation
  • Fail to challenge recommendations
  • Develop excessive trust in AI-generated content
  • Lose awareness of the limitations of the technology

The discussion also touched on newer concerns such as prompt manipulation, jailbreak techniques and attempts to influence AI systems through subtle, ongoing interactions. These risks reinforce the need for training, governance and critical thinking alongside technical controls.

 

Shadow AI Remains a Growing Challenge

As AI tools become more accessible, organisations continue to face challenges around unsanctioned usage. The discussion drew parallels with the long-standing issue of shadow IT. Employees will often use whichever tools help them complete their work most efficiently. If approved tools are difficult to access or use, staff may seek alternatives outside organisational controls.

 

Rather than relying solely on blocking technologies, organisations should focus on:

  • Providing approved and supported AI tools
  • Educating staff on appropriate usage
  • Maintaining visibility across their environment
  • Monitoring for unsanctioned activity

 

The goal is to make the secure path the easiest path.

 

AI is Exposing Existing Security Weaknesses 

Perhaps the most important takeaway from the session was that AI is not creating entirely new security challenges. Instead, it is shining a spotlight on weaknesses that already exist. Whether those weaknesses relate to:

  • Identity management
  • Asset inventories
  • Governance frameworks
  • Data management
  • Access controls

 

AI often magnifies their impact. As Livanidis observed, organisations should focus less on chasing every new development in AI and more on strengthening the fundamentals that will remain important regardless of how technology evolves. “Focus on the things that will still be true in five years’ time.”

 

Human-Centred AI

The conversation concluded on a more optimistic note, exploring examples of where AI is being used to address meaningful human challenges. One example highlighted a New Zealand mental health service that uses AI to engage callers when human operators are unavailable, helping ensure people in distress remain connected until support becomes available. For Livanidis, this reflects the most valuable application of AI: solving genuine human problems. “AI is at its most powerful when it is addressing a truly human issue.”

 

Key Takeaways

While AI introduces new considerations around insider risk, governance and security, the path forward is not necessarily more complex than organisations assume. The fundamentals still matter. Strong governance, clear accountability, robust identity management and an understanding of how people interact with technology remain the foundations of effective cyber security. As organisations continue their AI journeys, those that focus on these fundamentals will be best placed to manage both the opportunities and risks that AI presents.

One final question we didn’t cover during the forum: was AI used to help write this article? Like any good governance framework, we’re not disclosing our controls…