Spiderman said it best: With great power comes great responsibility. But so far, the opportunity that comes with harnessing the vast power of generative AI (GenAI) has more accurately been paired with grave recklessness. Even though nearly all (93 percent) companies recognize the risks associated with using GenAI inside the enterprise, just a mere 9 percent say they’re prepared to manage the threat, finds a new global research survey of more than 300 risk and compliance professionals from risk management software firm Riskonnect.
The firm’s new report, The New Generation of Risk, which explores the new threats facing organizations and the strategies risk management teams are using to navigate the uncharted territory, reveals a profound AI risk management gap: To date, only 17 percent of risk and compliance leaders have formally trained or briefed their organizations on the risks of using generative AI.
“Generative AI is taking off at lightning speed and ushering in a new wave of business risks. Our research shows that most companies have been slow to respond, which creates vulnerabilities across the enterprise,” said Jim Wetekamp, CEO of Riskonnect, in a news release. “The rise of generative AI is the latest example of how quickly today’s risk landscape evolves. We’ve officially entered a new generation of risk.”
Key findings include:
The GenAI threat is broad and interconnected
Companies’ top generative AI concerns include data privacy and cyber issues (65 percent), employees making decisions based on inaccurate information (60 percent), employee misuse and ethical risks (55 percent), and copyright and intellectual property risks (34 percent).
Economic uncertainty and cyber concerns remain a persistent threat
The top four risks affecting organizations today, in order, are talent shortages and layoffs, recession risk, ransomware and security breaches, and state-sponsored cyberattacks.
Companies could be doing more to manage risk
Sixty-three percent haven’t simulated their worst-case scenario. Only 5 percent feel prepared to assess, manage, and recover from a future unknown and unpredictable risk event.
Unreliable data hinders risk and compliance teams
Only 23 percent say they’re very confident in the accuracy, quality, and actionability of their risk management data. Just 5 percent are very confident in their ability to extract, aggregate, and report on risk insights to fuel decisions.
Today’s talent shortages heavily impact business performance
The biggest risks companies associate with labor shortages and layoffs: mistakes and shortcuts driven by worker burnout (66 percent) and an inability to reach strategic goals (41 percent).
Enterprises invest to take on the new generation of risk
The evolving threat landscape—along with the consistent, market-shaping disruptions over the past several years—has forced organizations to rethink how they approach enterprise risk management.
The research found that over half (52 percent) of organizations now have a chief risk officer, with another 6 percent planning to hire one in the next 6-12 months. Risk management functions are also growing, despite layoffs elsewhere, with 82 percent of companies saying their headcount for risk management has increased or remained the same in the past six months.
Risk departments are also getting more funding: Nearly a third of companies (28 percent) have reported budget increases for risk management technology in the past six months.
“We are seeing meaningful and positive changes to how companies identify, prioritize, and manage risk,” said Wetekamp. “Today’s risk leaders recognize that the threat landscape doesn’t sit still. They are planning for worst-case scenarios, prioritizing enterprise-wide visibility, and investing in tools to combat the full and interconnected spectrum of risk.”
