Generative AI tools like ChatGPT are changing how people work and raising unforeseen business risks. The current economic climate is creating new concerns. Ransomware, deepfakes, and other sophisticated cybersecurity issues are emerging and evolving at full speed.
Are organizations’ risk management strategies evolving fast enough to keep up with this new generation of risk?
To find out, Riskonnect surveyed more than 300 risk and compliance professionals worldwide about the new threats facing organizations today and how they are revamping their risk management playbooks to navigate uncharted territory.
The survey revealed that this convergence of new risks is increasing the pressure on companies to meaningfully change how they manage threats. Budgets are shifting. Risk management functions are growing. And strategies are changing.
Here’s a look at the risks of today and tomorrow – and what companies say they are doing about them.
The Rise of ChatGPT and Generative AI
Generative AI burst onto the scene this year, bringing a new crop of business risks. The vast majority of companies – 93% – anticipate significant threats associated with generative AI. But just 9% of companies say they’re prepared to manage generative AI risks. That’s a significant readiness gap.
Companies’ top concerns about AI include data privacy and cyber issues (65%), employee decisions based on erroneous information (60%), and employee misuse and ethical risks (55%). Copyright and intellectual property risks (34%) and discrimination risks (17%) were not far behind.
Surprisingly, only 17% of organizations have formally trained or briefed their entire company on generative AI risks. The seeming lack of urgency is most likely because the technology is moving so fast that companies don’t know where to start. It could also mean companies aren’t yet feeling the impact of these risks, but that could quickly change. Indeed, generative AI is expected to reach 77.8 million users in the next year. That’s more than double the adoption rate of both tablets and smartphones over a comparable time period.
Survey respondents have generally taken a wait-and-see approach when it comes to getting a handle on generative AI risks and implementing safeguards. But given AI’s popularity, that mindset will need to shift. The appeal of technologies like ChatGPT to enhance efficiency is undeniable, especially as labor shortages persist. It’s estimated that generative AI has the potential to automate work activities that absorb 60-70% of employees’ time today.
Get a handle on the risks of generative AI now to successfully embrace the emerging technology as a value driver instead of fearing it as a source of risk.
Top Risk Drivers
■ Talent Shortages and Layoffs: 50%
■ Recession Risk, Inflation, and Monetary Tightening: 49%
■ Ransomware and Security Breaches: 47%
■ State Sponsored Cyberattacks: 39%
■ Heightened Geopolitical Risk: 28%
■ Generative AI, Chat GPT, and Other Emerging Technology: 27%
■ ESG and Climate Change Risks: 23%
Risks that companies say are having a severe or significant impact on their organizations.
The Economy and Worsening Skills Shortages
Today’s market conditions continue to create significant risks for companies. Organizations cite their top risk drivers overall as talent shortages and layoffs (50%) and the economic environment (49%).
Many companies can’t find and hold onto the skilled workers they need, which can translate into considerable risk – like cybersecurity. Major industries – tech, finance, airlines, food service, retail, and more – are strained by talent shortages. The semiconductor industry alone has 1.4 million technician, computer scientist, and engineering jobs at risk of going unfilled by 2030.
Employee Burnout and Strategic Risks
Indeed, a whopping 85% of surveyed companies said they have been affected by labor shortages. Half of companies report significant or severe business impacts resulting from talent issues.
Talent shortages and layoffs profoundly increase organizations’ risk exposure and affect their ability to perform. The biggest risks companies associate with labor shortages and layoffs are:
- Mistakes and shortcuts driven by worker burnout (66%)
- An inability to reach strategic goals (41%)
When organizations operate with smaller staffs, the remaining employees pick up the slack. That can increase the likelihood of burnout and errors – and take time away from the most important initiatives.
Companies that are slow to address talent shortages increase their risk exposure and threaten their organizational resilience. Personnel gaps in critical business roles (41%) was cited as the third biggest issue stemming from the talent shortage, indicating companies could face severe business interruptions if a crisis hits.
A Spike in Cybersecurity Events
Ransomware and security breaches (47%) came in third for risks with the biggest business impact. This isn’t surprising given that 2023 is on pace to be one of the most expensive years yet in terms of ransomware payments. The average cost of a ransomware attack – not including the cost of the ransom itself – is $4.45 million. Generative AI could exacerbate the problem by helping hackers create more personalized and realistic phishing emails to infiltrate companies’ systems. In fact, AI fueled a more than fourfold increase in account hacking attempts in the first quarter of 2023 compared to all of 2022.
Interestingly, out of the top risk drivers, 45% of director and C-level risk leaders feel very prepared to tackle ransomware and security breaches, while only 17% of director and C-level risk leaders feel very prepared for talent shortages.
Thirty-nine percent of survey respondents say state-sponsored cyberattacks have a significant or severe impact on their business. Eastern Europe (Russia and Ukraine; 32%) and East Asia (China and North Korea; 22%) topped the list of greatest geopolitical concern.
C-suite executives may feel more prepared for ransomware since they can invest in cyber insurance and security technology. The roadmap for tackling talent shortages is less clear. The challenges run deep and require a multipronged approach of upskilling, employee engagement programs, contractors, automation, and more to close the gap.
The Takeaways
Many of the risks companies face today, such as generative AI, are just starting to take shape but have the potential to dramatically impact the risk landscape. And it’s clear that both new and known threats are evolving at breakneck speed. This is not the time to sit back and see what happens. Taking on this new generation of risk demands vigilance, forethought, and collaboration:
- Get all stakeholders and executive leaders on the same page about risk.
- Start practicing your worst-case scenarios.
- Reassess your risk exposure as often as conditions dictate.
- Invest in technology that gives you visibility into the full spectrum of risk.
If you add these four things to your playbook, you’ll be better positioned to respond to threats, make decisions, limit disruptions, and maximize opportunities in this new generation of risk.
For a complete look at the survey findings, download The New Generation of Risk report, and check out Riskonnect’s risk management software solutions.