A new Gartner survey has identified AI-enhanced malicious attacks as the foremost emerging risk for enterprises for the third consecutive quarter. This finding is based on responses from 286 senior risk and assurance executives, highlighting the evolving landscape of threats that organisations face.
According to Zachary Ginsburg, senior director of research in Gartner's Risk & Audit Practice, the persistence of AI-related threats underscores the urgency for businesses to reassess their cybersecurity strategies. "As organisations increasingly integrate AI into their operations, the potential for these technologies to be weaponised grows exponentially," Ginsburg remarked. He emphasised that executives must remain vigilant as these risks continue to evolve rapidly.
In addition to AI threats, the survey revealed two new significant risks: IT vendor criticality and an unstable regulatory and legal environment. Ginsburg pointed out that the complexities surrounding these issues have come into sharper focus due to current events. "The upcoming U.S. election is creating a climate of uncertainty that complicates how organisations assess potential risks," he explained. The interplay between regulatory changes and the political landscape is making it difficult for businesses to predict future scenarios.
Gartner's findings also highlight the implications of over-reliance on major IT vendors. The recent CrowdStrike outage has raised concerns about vulnerabilities inherent in concentrating services with a single provider. Ginsburg cautioned that businesses must be aware of how third-party dependencies can amplify risks, particularly when these vendors themselves depend on other service providers.
The survey categorised the top five emerging risks, with technology-related threats and political uncertainties taking centre stage. Misaligned organisational talent profiles, which previously ranked higher, dropped to the fifth position, indicating a shift in priorities among executives.
The evolving risks encompass a wider array of political, legal, and regulatory uncertainties. Ginsburg noted, "The current landscape requires organisations to engage in scenario planning to prepare for complex, interrelated risks stemming from political events." By mapping potential outcomes to these risks, companies can better navigate the uncertainties that lie ahead.
To effectively manage these risks, Gartner advises organisations to take a systematic approach. Initial steps should involve identifying risks associated with imminent political events and distinguishing between those that are immediate and systemic. Risk leaders should map these risks against high-priority enterprise objectives and evaluate the cost-effectiveness of preemptive measures.
Ginsburg stressed the importance of organisational capacity in managing disruptions. "It's not just about identifying risks but also about assessing an organisation's ability to handle unexpected events," he stated. By enhancing resilience and preparing for potential disruptions, enterprises can better position themselves to mitigate risks and adapt to unforeseen challenges.
As organisations continue to grapple with these emerging threats, Gartner's insights serve as a crucial reminder of the dynamic nature of risk in today's business environment. With AI-enhanced attacks at the forefront, companies must prioritise robust risk management strategies to safeguard their operations and ensure long-term resilience.