Cybersecurity, AI governance and geopolitical risks emerge as top concerns in Riskconnect’s New Generation of Risk 2024 survey.
Cybersecurity threats, AI ethics and governance, and geopolitical risks have emerged as the most pressing issues keeping executives up at night, according to Riskconnect’s 2024 New Generation of Risk survey.
While risk management is increasingly recognized as a strategic business function, the survey suggests that approaches have not evolved quickly enough to navigate the complex web of interconnected risks that create a challenging environment. high and full of new challenges.
The survey, conducted among more than 200 risk, compliance and resilience professionals worldwide, reveals that organizations’ top risk concerns have changed dramatically over the past year.
Cybersecurity and AI governance emerge as top risks
According to the survey, cybersecurity has surpassed economic risks and talent challenges to become the top risk factor for organizations. Nearly three-quarters (72%) of respondents said cybersecurity risks have a significant or serious impact, a dramatic increase from 47% who said the same last year. The growing urgency is fueled by the rise of AI-driven cybersecurity threats, such as ransomware, phishing and deepfakes. Nearly a quarter (24%) of respondents said these AI-based attacks will have the biggest impact on their business over the next 12 months.
Despite the significance of AI risks, businesses are largely underprepared to face them, according to Riskconnect findings. Eighty percent do not have a dedicated plan for generative AI risks, such as AI-based fraud attacks. Sixty-five percent do not have a policy governing the use of generative AI by partners and vendors. Overall, only 8% of respondents feel prepared for the risks related to AI and its governance.
“If you don’t have a plan for generative AI and third-party risks, you don’t have a cybersecurity plan. AI risk is cyber risk. Cyber risk is a third-party risk. These risks are also constantly evolving in nature. You may feel prepared for what’s happening today, but the landscape will change – and quickly,” warns Roger Duncan, co-founder and chief strategy officer at Riskconnect.
Geopolitical risks remain a blind spot
Despite the current geopolitical climate and the significant impact these events can have on businesses, organizations remain largely unprepared to address geopolitical risks, according to the survey. Only 18% of those surveyed say they are ready to manage these threats. Even more worrying, 61% of organizations do not have a plan to manage risks and disruptions related to future geopolitical tensions, such as a potential conflict between China and Taiwan. Only 20% of these companies say they are in the process of creating one.
Scenario planning is a valuable practice for preparing for potential geopolitical events, Riskconnect noted. Yet most organizations (63%) surveyed in 2023 had not simulated their worst-case scenarios, which typically revolve around geopolitical risks, cyber threats and natural disasters. This year’s study reveals that businesses have not taken significant action over the past 12 months to close this gap, with 56% still failing to simulate their worst-case scenarios.
However, some crises are simply too big to plan for.
“Building overall system resilience is also critical to overcoming any high-risk, high-impact events,” says Jim Wetekamp, CEO of Riskonnect. “Focus on your financial situation, your debts, your relationships with your contract workers and other factors within your control. These are things you can rely on that will help you get to the other side of a crisis.
Spreadsheets hinder risk management maturity
Despite technological advances in risk management, many organizations continue to rely on spreadsheets to manage risk, the survey found. More than half (53%) of businesses use spreadsheets only or mostly, and more than a quarter (27%) use them exclusively. This continued reliance on spreadsheets leads to data integrity issues, with only 21% of respondents expressing high confidence in the accuracy and actionability of their risk data.
Most businesses (63%) say there are gaps in the breadth, accuracy and timeliness of their data, hindering their ability to make decisions with confidence. Sixteen percent even say that their data is unreliable and that they cannot obtain real-time information.
However, the outlook for the next 12 months looks better as companies gain technological maturity. Forty percent of companies say that within a year, they will have invested in risk management tools. Twenty-five percent say they will have actively adopted modern risk management software, and 20% will have dedicated risk software integrated with other functional areas of the organization. Yet 16% say they will continue to use spreadsheets exclusively.
See the full survey here. &