Only 5% of organisations feel prepared to assess, manage, and recover from a future unknown and unpredictable risk event. Here’s how to revamp your risk strategy to tackle emerging threats

While 93% of companies recognise the risks associated with using generative AI, only 9% say they’re prepared to manage the threat, according to a new global research survey of more than 300 risk and compliance professionals. 

The research, conducted by Riskonnect, reveals a profound AI risk management gap. To date, only 17% of risk and compliance leaders have formally trained or briefed their organisations on the risks of using generative AI.

AI robot hand

“Generative AI is taking off at lightning speed and ushering in a new wave of business risks. Our research shows that most companies have been slow to respond, which creates vulnerabilities across the enterprise,” said Jim Wetekamp, the CEO of Riskonnect.

“The rise of generative AI is the latest example of how quickly today’s risk landscape evolves. We’ve officially entered a new generation of risk.”

The key threats businesses need to be aware of

Riskonnect’s research – The New Generation of Risk – explores the new threats facing organisations and the strategies risk management teams are using to navigate this uncharted territory.

Key research findings

  • The generative AI threat is broad and interconnected: Companies’ top generative AI concerns include data privacy and cyber issues (65%), employees making decisions based on inaccurate information (60%), employee misuse and ethical risks (55%), and copyright and intellectual property risks (34%).
  • Economic uncertainty and cyber concerns remain a persistent threat. The top four risks affecting organisations today, in order, are talent shortages and layoffs, recession risk, ransomware and security breaches, and state-sponsored cyberattacks.
  • Companies could be doing more to manage risk. Sixty-three per cent haven’t simulated their worst-case scenario. Only 5% feel prepared to assess, manage, and recover from a future unknown and unpredictable risk event.
  • Unreliable data hinders risk and compliance teams. Only 23% say they’re very confident in the accuracy, quality, and actionability of their risk management data. Just 5% are very confident in their ability to extract, aggregate, and report on risk insights to fuel decisions.
  • Today’s talent shortages heavily impact business performance. The biggest risks companies associate with labour shortages and layoffs are mistakes and shortcuts driven by worker burnout (66%), and an inability to reach strategic goals (41%).

How to tackle exposures

Worst case planning

Scenario planning is a key part of risk management and needs to be incorporated into strategies going forward to build resilience.

Despite this. just 5% of organisations in the survey said they feel prepared to assess, manage, and recover from a future unknown and unpredictable risk event.

Bob Bowman, Sr. director, chief risk officer, risk management, enterprise Data Governance at The Wendy’s Company said: ”Risk management is about managing uncertainty.

”Risk management is about managing uncertainty.”

”When the business becomes uncertain, that’s where the ability to sit in the control tower, understand what’s approaching, have visibility on what might happen next – including the peripheral effects – and how that could impact the business is what gives you a firm risk-visible foundation to define response strategies.

“Then you can use these strategies to adapt and pivot according to the way a particular situation plays.”

Preparing for risk events

Three out of every four companies (73%) are updating their business continuity plans to prepare for crises.

But are these plans specific, tested, and comprehensive enough to help companies minimise the impact when something goes wrong?

Another common problem with business continuity planning is a lack of alignment between stakeholders on risk tolerance.#

Riskonnect says organisations can improve planning and stakeholder alignment by facilitating workshops. 

These workshops get all relevant stakeholders in the same room to have real and productive conversations about the organisation’s preparedness, tolerance, and plan for specific risk events

The growing importance of the CRO

The evolving threat landscape – along with the consistent, market-shaping disruptions over the past several years – has forced organisations to rethink how they approach enterprise risk management.

Riskonnect’s research found that over half (52%) of organisations now have a chief risk officer, with another 6% planning to hire one in the next 6-12 months.

Risk management functions are also growing, despite layoffs elsewhere, with 82% of companies saying their headcount for risk management has increased or remained the same in the past six months.

”Today’s risk leaders recognise that the threat landscape doesn’t sit still.” 

Risk departments are also getting more funding: Nearly a third of companies (28%) have reported budget increases for risk management technology in the past six months.

Wetekamp said: “We are seeing meaningful and positive changes to how companies identify, prioritise, and manage risk.

”Today’s risk leaders recognise that the threat landscape doesn’t sit still. They are planning for worst-case scenarios, prioritising enterprise-wide visibility, and investing in tools to combat the full and interconnected spectrum of risk.”

Expanding the playbook

Many of the threats companies face today, such as generative AI, are just starting to take shape. Companies therefore need a new way to manage risk and defend their organisations:

Riskonnect suggests companies take the following four steps:

  • Get all stakeholders and executive leaders on the same page about risk.
  • Start planning for your worst-case scenarios.
  • Invest in technology that helps combat the full spectrum of risk.
  • Create true visibility into your risk exposure inside and outside of your organization.