Cybersecurity and Related AI Risks Top 2024 Concerns of Risk Professionals
Cybersecurity threats, AI ethics and governance and geopolitical risks have emerged as the most pressing issues keeping executives up at night, according to Riskonnect’s 2024 New Generation of Risk Survey.
While risk management is increasingly being recognized as a strategic business function, the survey suggests that approaches haven’t evolved fast enough to navigate the complex web of interconnected risks that are creating a high-stakes environment full of new challenges.
The survey, which polled over 200 risk, compliance, and resilience professionals worldwide, reveals that organizations’ top risk concerns have dramatically changed over the past year.
Cybersecurity and AI Governance Emerge as Top Risks
Cybersecurity has surpassed economic risks and talent challenges to become the number one risk driver for organizations, according to the survey. Nearly three-quarters, 72%, of respondents said cybersecurity risks are having a significant or severe impact, a dramatic increase from 47% saying the same last year. The growing urgency is fueled by the rise of AI-powered cybersecurity threats like ransomware, phishing, and deepfakes. Nearly a quarter (24%) of respondents said these AI-driven attacks will have the biggest impact on their businesses over the next 12 months.
Despite the prominence of AI risks, companies are largely underprepared to address them, according to Riskonnect’s findings. Eighty percent don’t have a dedicated plan for generative AI risks like AI-driven fraud attacks. Sixty-five percent lack a policy to govern partners’ and suppliers’ use of generative AI. Overall, only 8% of respondents feel prepared for AI and AI-governance risks.
“If you don’t have a plan for generative AI and third-party risks, you don’t have a cybersecurity plan. AI risk is cyber risk. Cyber risk is third-party risk. These risks are also ever-changing in nature. You might feel prepared for what’s out there today, but the landscape will change – and fast,” warns Roger Duncan, co-founder and chief strategy officer at Riskonnect.
Geopolitical Risks Remain a Blind Spot
Despite the current geopolitical climate and the substantial impact these events can have on businesses, organizations remain largely unprepared to handle geopolitical risks, according to the survey. Only 18% of respondents say they’re prepared to manage these threats. Even more concerning, 61% of organizations do not have a plan for managing risks and disruptions related to future geopolitical tensions, such as a potential conflict between China and Taiwan. Just 20% of those companies say they’re in the process of creating one.
Scenario planning is a valuable practice for preparing for potential geopolitical events, Riskonnect noted. Yet most organizations (63%) surveyed in 2023 had not simulated their worst-case scenarios, which commonly revolve around geopolitical risks, cyber threats, and natural disasters. This year’s research reveals that companies haven’t made significant moves in the past 12 months to close this gap, with 56% still not simulating their worst-case scenarios.
However, some crises are simply too big to plan for.
“Building general resilience in the system is also critical for getting through any high-risk, high-impact event,” says Jim Wetekamp, Riskonnect’s CEO. “Focus on your financial position, debt, relationships with your contract workers, and other factors in your control. These are things you can fall back on and will help you get to the other side of a crisis.”
Spreadsheets Hinder Risk Management Maturity
Despite advancements in risk management technology, many organizations continue to rely on spreadsheets for managing risk, according to the survey. Over half (53%) of companies are only or mostly using spreadsheets, with more than a quarter (27%) exclusively using them. This persistent reliance on spreadsheets is leading to data integrity problems, with only 21% of respondents expressing high confidence in the accuracy and actionability of their risk data.
Most companies (63%) say there are some gaps in the breadth, accuracy, and timeliness of their data, hindering their ability to make confident decisions. Sixteen percent even say their data can’t be trusted, and they can’t get real-time information.
However, the outlook over the next 12 months looks brighter as companies grow in their tech maturity. Forty percent of companies say that within a year they’ll have made some investments in risk management tools. Twenty-five percent say they will have actively adopted modern risk management software, and 20% will have dedicated risk software that is integrated with other functional areas in the organization. Still, 16% say they will continue to exclusively use spreadsheets.
View the full survey here. &