Only a fraction of risk leaders are prepared for GenAI threats

While 93% of companies recognize the risks associated with using generative AI inside the enterprise, only 9% say they’re prepared to manage the threat, according to Riskonnect.

The research reveals a profound AI risk management gap: To date, only 17% of risk and compliance leaders have formally trained or briefed their organizations on the risks of using generative AI.

“Generative AI is taking off at lightning speed and ushering in a new wave of business risks. Our research shows that most companies have been slow to respond, which creates vulnerabilities across the enterprise,” said Jim Wetekamp, the CEO of Riskonnect.

“The rise of generative AI is the latest example of how quickly today’s risk landscape evolves. We’ve officially entered a new generation of risk,” Wetekamp added.

Riskonnect’s research explores the new threats facing organizations and the strategies risk management teams are using to navigate the uncharted territory.

Companies could be doing more to manage risk

Companies’ top generative AI concerns include data privacy and cyber issues (65%), employees making decisions based on inaccurate information (60%), employee misuse and ethical risks (55%), and copyright and intellectual property risks (34%).

The top four risks affecting organizations today, in order, are talent shortages and layoffs, recession risk, ransomware and security breaches, and state-sponsored cyberattacks.

63% haven’t simulated their worst-case scenario. Only 5% feel prepared to assess, manage, and recover from a future unknown and unpredictable risk event.

Only 23% say they’re very confident in their risk management data’s accuracy, quality, and actionability. Just 5% are very confident in their ability to extract, aggregate, and report on risk insights to fuel decisions.

The biggest risks companies associate with labor shortages and layoffs: mistakes and shortcuts driven by worker burnout (66%) and an inability to reach strategic goals (41%).

Companies invest to tackle emerging risks

The evolving threat landscape and consistent, market-shaping disruptions over the past several years have forced organizations to rethink how they approach enterprise risk management.

Riskonnect’s research found that 52% of organizations now have a chief risk officer, with another 6% planning to hire one in the next 6-12 months. Risk management functions are also growing, despite layoffs elsewhere, with 82% of companies saying their headcount for risk management has increased or remained the same in the past six months. Risk departments are also getting more funding: 28% of companies have reported budget increases for risk management technology in the past six months.

“We are seeing meaningful and positive changes to how companies identify, prioritize, and manage risk,” said Wetekamp. “Today’s risk leaders recognize that the threat landscape doesn’t sit still. They are planning for worst-case scenarios, prioritizing enterprise-wide visibility, and investing in tools to combat the full and interconnected spectrum of risk.”