Eighty Percent of Organizations Don’t Have a Dedicated Plan to Address Generative AI Risks, According to New Riskonnect Research

Cybersecurity, AI, and geopolitical risk are top enterprise threats, yet data uncovers key gaps in companies’ risk management strategies

October 28, 2024

ATLANTA & LONDON – (BUSINESS WIRE) – Cybersecurity is now organizations’ top risk driver, surpassing economic and talent risks which were the top drivers in 2023, according to Riskonnect’s 2024 New Generation of Risk Report. Yet most organizations (80%) don’t have a dedicated plan to address generative AI risks, including AI-driven fraud attacks, which go hand in hand with cybersecurity threats. The proprietary research was released today and is based on a global survey of more than 200 risk, compliance, and resilience professionals.

Nearly three quarters of respondents (72%) said cybersecurity risks are having a significant or severe impact on their organization, which is a notable increase over last year’s 47%. Another quarter of respondents (24%) said AI-powered cybersecurity threats – such as ransomware, phishing, and deepfakes – will have the biggest impact on businesses over the next 12 months. Even still, 65% of companies don’t have a policy in place to govern the use of generative AI by partners and suppliers, despite the fact third parties are a common entry point for fraudsters.

“Cybersecurity has jumped to the forefront of concerns. Our research shows that organizations are acutely aware of the impact of these risks, but aren’t evolving their risk management strategies fast enough,” said Jim Wetekamp, CEO of Riskonnect. “Cybersecurity, AI, and third-party risks are increasingly intertwined as criminals become savvier in how they infiltrate organizations. Keeping up in this new generation of risk requires addressing the full and interconnected spectrum of threats.”

Riskonnect’s 2024 New Generation of Risk Report explores the biggest threats facing the enterprise and how risk management strategies are keeping up with the evolving landscape. Key findings include:

• AI risks are growing, but action is lagging: Only 8% of companies feel prepared for AI and AI-governance risks. Just 19% of organizations have formally trained or briefed their entire organization on generative AI risks, and only 16% say they have a budget specifically directed at mitigating AI-related risks.
• Organizations are unprepared for geopolitical risks: A surprising 61% don’t have a plan for managing risks and disruptions related to future geopolitical tensions, such as a potential conflict between China and Taiwan. Just 20% of those companies say they’re in the process of creating one.
• Risk representation at the C-level is holding steady: The majority of respondents (52%) say their organization has a chief risk officer.
• The scenario planning gap remains: In 2023, most organizations (63%) hadn’t simulated their worst-case scenario. Today, over half (56%) still haven’t simulated their worst-case scenarios, which revolve around geopolitical risks, cyber, and natural disasters.
• Spreadsheets are causing data integrity issues: Over half (53%) of companies are only or mostly using spreadsheets to manage risk. Only 21% of respondents have a high confidence in the accuracy and actionability of their risk data.

Enterprises View Risk Departments and AI as Strategic Enablers

Riskonnect’s research indicates that despite the gaps in risk management strategies, organizations view the risk department as a strategic business function. Companies are investing in their risk, compliance, and resilience teams to help them keep up with the evolving risk landscape.

The vast majority of organizations (90%) have increased or maintained their risk management technology budgets. Sixty-two percent of companies currently or plan to use AI in risk management, with risk forecasting (30%), assessing risks (29%), and scenario planning and simulations (27%) as the top use cases. The top reason companies are adopting technology is to equip risk, compliance, and resilience teams to be more efficient and focus on strategic work (62%). Other driving forces include better visibility into risk to effectively manage threats (60%) and to increase the department’s performance and business contributions (40%).

“AI is an invaluable tool for enabling risk management teams when used responsibly and intentionally. Continually investing in your risk leaders is essential for advancing the business’ strategic objectives in this new generation of risk,” said Roger Duncan, co-founder and chief strategy officer at Riskonnect.

Access the full report to dive deeper into the new generation of risk.

About Riskonnect

Riskonnect is the leading integrated risk management software solution provider. Our technology empowers organizations with the ability to anticipate, manage, and respond in real-time to strategic and operational risks across the extended enterprise. More than 2,700 customers across six continents partner with Riskonnect to gain previously unattainable insights that deliver better business outcomes. Riskonnect has more than 1,500 risk management experts in the Americas, Europe, and Asia. To learn more, visit www.riskonnect.com.

—
Contacts
Corporate Ink for Riskonnect
Emma Nadeau
riskonnect@corporateink.com