With the onslaught of emerging technologies including the rapid rise of generative AI, businesses are increasingly digitizing their operations, leaving them vulnerable to risk.

Cybersecurity threats, intellectual property theft, service disruptions and reputational damage are significant concerns, as well as the potential for AI-generated misinformation, so savvy businesses are taking measures to apply new layers of protection to ensure business resilience.

Since the pandemic, many companies - including those in the aerospace manufacturing industry - have struggled, and continue to struggle with supply chain issues, so they are turning to AI to improve efficiency and productivity in the manufacturing process.

“We can expect AI to grow in the coming years in the aerospace industry, and with that comes risk,” says Chanelle Charron-Watson, director of legal services, litigation, claims and aviation safety at Bombardier. “We need to safely integrate AI into our operations to experience the benefit of the technology while also avoiding potential risks.”

Charron-Watson is among the speakers in the line-up at the Legal Innovation Forum’s half-day forum to be held in Montreal on the afternoon of March 27.

Not only do legal departments need to carefully plan the integration of AI to protect the business from cyberattacks, but they must also be aware of ethical issues when it comes to protecting personal data and trade secrets - particularly in a sophisticated and complex industry such as aerospace. 

“There are only a handful of OEMs [Original Equipment manufacturers] in the world that do what we do, which is build aircraft that fly and are certified, so that creates a very competitive environment, and the trade secrets - the secret recipes to do that - are the crown jewel of every company so they must be protected,” says Charron-Watson.

Privacy is of critical importance to Canadian organizations as they grapple with ever-changing legislations in different provinces  - with Quebec currently leading the way with Law 25 - to ensure that customer data is protected. In fact, it has become a global concern in the digital age as it is impossible to know exactly where your data resides.

“In Canada, what’s challenging is complying with the different patchwork of legislation - with different federal and provincial legislations,” says Caroline Poirier, partner at Bennett Jones in Montreal. “The reality is that data is traveling across the world, and depending on which technology your service provider is using, your data can be accessed and viewed by subcontractors and employees in different locations in the world - whether or not they have privacy legislations in those jurisdictions.”

Poirier  - who will also be speaking at the Legal Innovation Forum in Montreal - recommends creating a data inventory to know what information your organization is collecting, and how it is being used and disclosed. This will help to determine the level of risk and the type of measures that should be implemented to safeguard the data. 

No matter how careful you are and how tightly controlled your data may be, a cyber attack is inevitable, Poirier adds, so being adequately prepared is key.

“Everything needs to be laid out and tested,” says Poirier. “You should have a mock incident and know how it’s going to play out, and you should have tools in place and a group of people who are going to be involved. It means investing time in something that may never happen but the likelihood of it happening is very real.”

It is also critical to establish clear cybersecurity goals that align with the mission and objectives of the individual business, and to promote a vigilant culture by conducting regular training sessions with employees on security best practices.

A strategically planned cybersecurity program can also help to build trust and enhance the reputation of the business. 

“Security is no longer just a functionality,” says Poirier. “It is an asset because clients are very mindful of it. It’s down to the service provider to build trust and be very transparent about how they use data - not just for legal reasons, but because it’s ethical.”

Sophisticated AI technologies including AI-powered remediation, deception capabilities, enhanced threat intelligence, and Large Language Models for password security, can be helpful to safeguard businesses, though legal departments must always be mindful of the risk they generate.

Moreover, failure to adequately invest in a well-defined digital strategy can pose further risks to the business by preventing growth, exposing the organization to cyber breaches, and allowing competitors to steal market share.

“We need to be investing in research & development, and be proactive with advanced technologies and AI,” says Charron-Watson. “AI can promote efficiency and productivity and help the supply chain, and that’s one of the biggest hurdles that every aerospace company in the world is facing right now. If you do not invest and stay ahead of the game, you will be behind the competition.”

Hear more from Poirier and Charron-Watson in the Legal Innovation Forum’s closing panel in Montreal: Mastering digital Risk: How to address emerging digital risks in a complex operating landscape. They will also be joined by Emmanuelle Demers, partner at Bennett Jones, and Kintxo Freiss, alliances & legal practice manager for North America at Dilitrust.