The OODA Loop – Observe, Orient, Decide, Act – matters more than ever. Organizations that quickly cycle through it, using AI to accelerate each stage, stay ahead.
My policing experience taught me criminals always adapt; AI just raises the tempo. The winners will be those that match that speed with shared intelligence, continuous monitoring, and rapid response.
YOU RAISED INSIDER THREATS. ARE YOU SEEING CONTACT CENTER AGENTS BECOMING MORE VULNERABLE, EITHER WILLINGLY AS CRIMINALS OR THROUGH THREATS, LIKE BLACKMAIL?
A: While insider threat investigation isn ' t our core remit, we see warning signals through our interaction analytics: and the industry should be paying attention. We ' ve seen( and continue to see) published reports like the following:
• In 2025, a major cryptocurrency exchange lost up to $ 400 million after offshore support agents were bribed to extract customer data( BBC).
• The UK is tightening telecom and online fraud protections.
• Across APAC, countries like Australia, Singapore, and China are strengthening privacy and critical‐infrastructure rules.
The trend is clear: more accountability, more reporting, and more scrutiny of AI‐enabled risk.
WHAT ARE YOUR RECOMMENDATIONS TO CON- TACT CENTERS TO KEEP THEIR CUSTOMERS AND EMPLOYEES SECURE AND THEIR OPERATIONS COMPLIANT?
A: Security shouldn’ t come at the expense of trust or CX. Companies need confidence that callers are genuine: and customers need to trust the organizations protecting their data.
The most effective approach is end‐to‐end: verify callers before they reach agents, support agents in real time, and analyze interactions afterwards to strengthen defenses. Avoid rigid scripts or putting all responsibility on agents: they need guidance, not pressure.
• A late 2024 investigation revealed frontline employees at several U. S. and Canadian banks selling client data via messaging platforms( Bloomberg News via New York Post).
• A major UK retailer saw over nine million records exposed through compromised contractor credentials( BBC).
WHAT NEW CYBERSECURITY-RELATED LEGISLA- TION AND REGULATIONS HAVE BEEN ENACTED AND ARE FORTHCOMING IN THE U. S., CANADA, AND IN OTHER COUNTRIES AND REGIONS?
A: Globally, regulators are shifting toward resilience, transparency, and AI governance:
• In the U. S., SEC rules now mandate faster breach disclosure and privacy laws like the California Privacy Rights Act( CPRA) are expanding.
• Canada is looking to modernize its privacy legislation with new oversight on AI.
• The EU is rolling out the Digital Operational Resilience Act( DORA) for operational resilience, the AI Act for risk‐based AI controls, and NIS2 for broader cybersecurity requirements.
8 CONTACT CENTER PIPELINE
AGING CUSTOMERS, RISING RISKS
Older individuals have always been vulnerable and have fallen prey to criminals. And it is no different today, online and over the phone.
So, we asked James Laird,“ What measures can companies and contact centers take to help protect them from cyberthieves?”
“ Vulnerable customers benefit from stronger detection and more empathetic intervention,” says James.“ Behavioral analytics can flag unusual account changes, repeated contacts, or rapid‐fire transactions.
“ Real‐time AI coaching helps agents notice indicators from customers like confusion, third‐party influence, or emotional distress and guides them to slow down, verify independently, or escalate. High‐risk transactions should trigger enhanced checks even if standard authentication passes.
" By combining metadata with speech analytics, unusual patterns emerge," reports James. " Like a customer changing beneficiary details within a window of a significant withdrawal, for example.
“ I recently saw one of our customers do exactly this: the right data coupled with genuine agent empathy prevented a significant loss,” says James.“ That ' s how you earn trust.
“ Trusted contact programs and cooling‐off periods add extra protection. New approaches, such as scam detection, disruption, and intelligence platforms, show how layered defenses can meaningfully reduce harm.”