Reader

From the Editor

Welcome to the first issue of Signals & Soapboxes. Every week covers a signal shaping our future, a candid opinion, a risk on the horizon and a question you should be asking. Short, sharp and straight to the point.

Kerry Knight Chart.PR

📡 The Signal

New research published today by TrendAI, the enterprise AI security arm of Trend Micro, puts numbers to what many governance and risk professionals already suspect:

67% of business and IT decision-makers have felt pressured to approve AI despite known security concerns, with one in seven describing those concerns as "extreme" but overridden to keep pace with competitors.

The global study covered 3,700 respondents across sectors, with only 38% of organisations confirming comprehensive AI policies were in place. The rest are building as they go, with their fingers crossed.

What makes this significant for communicators and governance leads is the framing from TrendAI's Chief Platform & Business Officer:

Organisations are not lacking awareness of risk, they're lacking the conditions to manage it.

And confirming the consequence:

Without visibility and control, organisations are deploying systems they don't fully understand or govern, and that risk is only going to increase unless action is taken.

When deployment is driven by competitive pressure from the top, the people best placed to flag the consequences: risk, legal, comms should already be in the room. If they are, are they being heard?

Source | Financial Times: Organizations Overlook AI Risk as Governance Fails to Keep Up. Full report | https://www.trendmicro.com/explore/trendai-global-ai-study/

🎙️ The Soapbox

What that research actually tells us is the governance isn't failing because organisations don't know better. It's failing because knowing better isn't enough when the pressure to move fast comes from the top.

This is a leadership problem being passed off as a technology one. Until boards start treating AI governance as a fiduciary responsibility, and not an IT checklist, the gap between deployment and accountability will keep widening.

Comms professionals, risk leads, and governance practitioners are sitting on exactly the insight these organisations need. They need to be at the table during the decision-making, not called on after a crisis happens.

Have an opinion worth airing? The soapbox is open to contributors. Get in touch: soapbox@kerrybknight.co.uk

⚛️ The Quantum Brief

Last week, Google moved its own internal deadline for post-quantum cryptography migration to 2029, citing faster-than-expected progress in quantum hardware and error correction. The chair of technical committee on quantum technologies at the European Telecommunications Standards Institute (ETSI) stated:

Google's accelerated 2029 reflects a shift from trying to predict Q-day to managing pre-Q-day risk.

Adding that:

Google is effectively forcing the industry to treat post-quantum migration as an immediate operational priority rather than a future compliance exercise.

What's concerning about this is the "harvest now, decrypt later" approach. This means adversaries capture valuable encrypted data today (think sensitive information that has long-term value) and keep hold of it until a quantum computer enables decryption in the future.

Equally, your data doesn't need to be breached now to still be at risk. The UK's National Cyber Security Centre has set 2035 as its post-quantum readiness deadline. Google now says 2029. The gap between those dates is where your exposure lives. Start by asking your IT and security leads one question: are we post-quantum ready? If they hesitate, you have your answer.

Sources | Infosecurity Magazine: Quantum Computing Threat to Encryption Is Closer Than Expected, Warns Google. World Economic Forum: Why quantum security is a question leaders cannot ignore right now.

🤔 The Question

If your organisation is overriding AI risks today and ill-prepared for quantum risks tomorrow, what is being governed, and by whom?

Signals & Soapbox Editor

Kerry is a Chartered PR Practitioner specialising in crisis preparedness, reputation management and AI governance.

As a strategic communications advisor, her day-to-day work focuses on translating complex or contested subject matter into clear, credible positioning that strengthens decision-making. She has advised on public scrutiny, misinformation, employee disputes and complex reputation challenges, providing the insight leaders need to maintain clear, defensible positions under pressure.