Risk managers are seeing the value of generative AI and putting it to work to help them do their jobs, a Riskonnect survey shows. The most frequent uses of AI were risk forecasting (30%), risk assessment (29%), and scenario planning and simulations (27%).

Even so, 38% of respondents said they aren’t using AI to manage risk and have no plans to do so. And though a large proportion of organizations are using AI to work more effectively, 80% haven’t taken steps to address the threats AI poses in the hands of others, including AI-driven fraud attacks.

This picture of the role gen AI is playing in risk management is depicted in Riskonnect’s 2024 New Generation of Risk Report, which surveyed more than 200 risk, compliance, and resilience professionals worldwide.

How AI Is Being Used in Risk Management

The survey asked respondents: “In what ways does your organization currently or plan to use AI in risk management?” Respondents could pick more than one answer. Besides risk forecasting, assessment, and scenario planning, the top uses of generative AI were:

  • Threat intelligence to monitor threats to your people or operations — 25%
  • Surface risks that we haven’t previously considered – 21%
  • Detect fraudulent transactions and activities – 21%-
  • Create risk registers –20%
  • Third-party risk assessments – 18%
  • Analyze behavioral and accident patterns to improve workplace safety –17%
  • Creating business continuity plans –15%
  • Streamlining claims management – 13%

Still, the leading response to the question was, “We do not currently use or plan to use AI in risk management,” cited by 38%.

On one hand, this means there are opportunities for organizations to improve their risk management functions by adding gen AI to their technology. On the other hand, those organizations risk getting left behind if they don’t jump on the gen AI train before it gets too far down the track.

A more positive note from the survey for risk management professionals: Only 5% of respondents said their organizations planned to trim their risk management staff because of AI.

Not Responding to AI’s Dangers

The survey’s respondents acknowledged the threat that AI technology can pose when used by cybercriminals. Asked to name the emerging risk they expected to have the biggest impact on business in 2025, 24% listed AI-powered cybersecurity threats, including ransomware, phishing attacks, and deepfakes. That risk was listed ahead of such likely candidates as the U.S. presidential elections, interest rates and inflation, increased government regulations, and global conflicts.

But that expectation didn’t prompt extensive preparation by the respondents’ organizations. Only 19% are offering training to help employees spot AI-driven schemes by hackers to gain access through such tricks as impersonating executives as part of a phishing scheme. Only 16% have a dedicated budget item for mitigating AI risks. Nearly two-thirds (65%) lack a policy for governing use of gen AI by partners and suppliers, which are increasingly seen as access points to a company’s data. And almost 60% say leadership doesn’t actively guide and support enterprise AI initiatives and governance with actionable plans and strategies.

Nor are the risk management teams being invited to the executive table to discuss incorporating AI in operations, products, and offerings. Only 20% are included in such talks. Consequently, only 8% of surveyed organizations said that they are prepared for AI and AI governance risks.

Advocating for AI Use in Your Organization

In light of these findings, how might you try to guide your organization in its AI-usage practices?

If your organization is like the 80% that haven’t taken steps to mitigate the risks posed by AI-driven attacks, you might want to start there. After all, a successful cyberattack could so seriously impair your organization’s ability to function that all other considerations become irrelevant.

Look for ways to at minimum provide good training to employees to shut down hackers who’d otherwise gain access through AI-powered methods such as deepfakes and phishing. But also move quickly to mitigate threats from third parties and suggest funding dedicated to keeping your organization safe from the threats that respondents expected to have the biggest impact on their business in 2025.

Even so, a good defense is not enough. You also don’t want to be like those 38% that have no intention of using AI for risk management. Using generative AI can enhance your risk management efficiency and performance by automating routine tasks and providing advanced analytical capabilities, letting you focus on higher-value activities and strategic decision-making.

More and more companies are seeing the potential of AI, using it not to cut payment rolls but to enhance several business functions, including risk management. Shouldn’t you and your organization be among them?

For a complete look at the survey findings, download The 2024 New Generation of Risk report, and check out Riskonnect’s new IT risk management software.