BE CYBER SAFE

Artificial intelligence (AI) is rapidly transforming the way franchises operate, offering new efficiencies, insights and capabilities. However, as AI becomes more embedded in digital infrastructure, it introduces new security risks and regulatory challenges. At the same time, the rise of “cyber washing”, overstating or misrepresenting the security or AI capabilities of products and/or services, poses significant risks for NZ businesses and consumers. 

AI technologies are integral to modern cybersecurity strategies. By leveraging machine learning and data analytics, AI systems can continuously monitor networks, detect anomalies, and respond to potential threats in real time. 

While AI enhances cybersecurity, it also introduces new and complex risks. The same technologies that help businesses can be exploited by attackers. Cybercriminals are using AI to automate attacks, generate convincing phishing messages, and create deepfakes that can deceive individuals and businesses. AI tools can also be used to probe systems for vulnerabilities at unprecedented speed and scale, allowing attackers to tailor their strategies in ways that outpace traditional defences. Franchised businesses must take a more proactive and adaptive approach to security to combat this duality.

Understanding cyber washing

Cyber washing can lead customers into a false sense of security, expose businesses to regulatory action and/or legal claims, and undermine trust in the market by practices such as:

• marketing software as “AI powered” when it uses only basic automation or rule based logic;
• claiming compliance with security standards or certifications that have not been independently verified; and
• overstating the effectiveness of security features, such as “unbreakable encryption” or “100% protection”.

Regulatory framework and best practice

New Zealand’s legal framework for cybersecurity and data protection is primarily governed by the Privacy Act 2020 (PA), which requires businesses to implement reasonable security safeguards and to notify the Privacy Commissioner and affected individuals in the event of a notifiable privacy breach. With no AI-specific legislation in New Zealand, existing privacy laws apply, and the Privacy Commissioner has issued guidance on the responsible use of AI. 

Businesses must also be mindful of their responsibilities under the Fair Trading Act, which prohibits misleading and deceptive conduct. This applies to marketing claims relating to cybersecurity or AI capabilities.

To navigate the risks associated with AI, security and cyber washing, franchisors and franchisees should:

• ensure all marketing and technical claims about AI and security features are accurate, evidence based, and not misleading;
• adopt industry best practices for cybersecurity, including regular risk assessments, staff training, and incident response planning;
• stay up to date with guidance from the Privacy Commissioner, the National Cyber Security Centre and other relevant authorities;
• maintain clear documentation of how AI is used, its limitations, and the security measures in place; and
• egularly review and update AI and security practices to keep pace with evolving threats and regulatory expectations.

As AI and the regulatory landscape continue to evolve in New Zealand, franchised businesses must resist the temptation to engage in cyber washing and ensure that their claims about AI and security are both accurate and substantiated.     

See this advertorial on page 61 of Franchise New Zealand magazine Year 34 Issue 04

For more information and advice on buying a franchise get your FREE copy of Franchise New Zealand magazine.