Call 020 7692 5675 Mon-Fri 8am-7pm

For immediate support email [email protected] 24/7

Reputational Risk and AI: Is your organisation prepared for an AI crisis?

By Lottie Newell

One key theme we see repeatedly is that the organisations which emerge strongest from a crisis are rarely those that avoid mistakes altogether. They are the ones that understand their risks in advance, know who owns decisions and can explain them confidently when challenged. AI is no different.It is already embedded across most organisations. The challenge is not simply using it responsibly, but being prepared to explain and defend that use if something goes wrong.

Where reputational risks emerge

Reputational damage from AI misuse can arise through a number of channels, including legal or regulatory oversights, operational failure, external scrutiny, and breakdowns in trust. No organisation, not even leading industry firms, can afford not to consider how it would engage with these risks should they escalate from a seemingly improbable concern to a pressing live issue. This was no more apparent than in May 2026, when EY was forced to withdraw a paper on consumer confidence after it was found to include AI hallucinations in both the main body of the text and the footnotes.

Other risks that must be considered by any organisation integrating AI into its workflows include:

  • Accountability and explainability: If a board cannot explain why an AI system reached a particular decision, it cannot defend that decision under scrutiny. In sectors such as financial services, healthcare and public administration, where there are high levels of regulatory scrutiny, unjustified use of AI creates a compounded reputational risk.
  • Data handling and trust: In April 2023, Samsung temporarily banned staff from using generative AI tools after discovering that employees had entered sensitive company information into them. The incident illustrated a governance failure rather than a technology failure. Staff had no clear policy to follow, and the board had no visibility into how AI tools were being used day to day.
  • Hallucination and quality control: In 2025, Deloitte delivered a report commissioned by the Australian government, worth $440,000, that was found to contain a number of AI-generated inaccuracies. The financial cost was significant, but the reputational cost, measured in confidence in the firm’s quality and judgement, was greater still.
  • Regulatory mismatch: AI regulation is tightening. The EU AI Act, the proposed AI regulation in the US, and sectoral guidance from UK authorities are all evolving at different speeds. Boards that have not adapted their AI governance frameworks to this rising scrutiny risk discovering gaps only when a regulator identifies them.
  • Governance gaps: Research from Trustmarque in 2025 found that although 93% of organisations are already using AI in some capacity, only 7% have fully embedded AI governance frameworks. This points to a significant concern: most boards have not yet developed AI governance frameworks proportionate to the scale of its uptake within their organisations. While this is entirely to be expected given how quickly generative AI moved from being a specialist research tool to a mainstream household and workplace tool, the resulting risks cannot be underestimated.

What questions should my board be asking now?

Five key questions your organisation should be asking to interrogate board understanding and direction in relation to your company’s use of AI are:

  1. Where is AI already being used without formal approval?

  2. If an AI issue emerged tomorrow morning, who would own it?

  3. Would our existing crisis plan work in response to an AI failure?

  4. What decisions or outputs is AI responsible for?

  5. What is the greatest AI risk facing our organisation?

Questions organisations are asking about AI

  1. What reputational risks can be incurred as a result of AI misuse?

    The reputational risk associated with the use of AI can range from regulatory penalties and legal exposure to a longer-term loss of stakeholder trust and confidence in the organisation’s judgement. The scale of the risk depends less on the technology itself and more on whether the organisation can demonstrate it was governing that use responsibly.

  2. Does the board need technical expertise in AI?

    No, but it needs to be sufficiently AI literate to provide informed oversight, and to ensure the organisation’s use of AI is matched by governance proportionate to its risk.

  3. Who is responsible if an AI system fails?

    As with any significant operational failure, although responsibility will be diffused across the organisation, stakeholders will look to the board for an explanation, accountability and reassurance.

The question is no longer whether your organisation uses AI. It almost certainly does. The question is whether your board could confidently explain that use if challenged tomorrow morning.

About Alder’s use of AI

We believe organisations should be open about how they use AI, particularly where it supports professional advice. That’s why we’ve published our AI Use Policy, setting out how we use AI tools, where we don’t use them, and the safeguards we apply to protect confidentiality, quality and judgement. In short, AI has its uses but is never a substitute for professional human judgement or advice.

Read our AI Use Policy here.

About the author

Lottie Newell advises senior leaders on reputational risk arising from emerging technologies, including the use of AI. She helps organisations identify where AI risks sit, prepare crisis plans that account for them, and respond with confidence when questions arise from regulators, media or stakeholders.

How Alder can help

Alder helps organisations prepare for AI-related crises before they happen and respond when an AI issue breaks. Contact us for a confidential conversation.

You might like