Nearly 80% of organisations identify artificial intelligence (AI) as an emerging risk while simultaneously adopting the technology themselves. According to AuditBoard’s 2024 Digital Risk Report: Opportunities and Challenges of the AI Frontier, more than half of organisations surveyed use AI to improve efficiency and enhance their digital-risk position.
The report, based on a survey of more than 400 security professionals in the US involved in their company’s cybersecurity, reveals that organisations in 2024 are two-and-a-half times more likely to be in the later stages of digital risk maturity than last year.
Nearly half of respondents describe their tolerance of AI risk as very high or high
Nearly half of respondents describe their tolerance of AI risk as very high (17%) or high (29%); only 12% report a low or very low AI risk tolerance. This indicates the growing acceptance of AI as an emerging technology that presents both benefits and risks.
Who’s responsible?
In nearly half of the companies surveyed, it is the technology departments that are primarily responsible for managing digital risk; nearly one-quarter say that security or risk-management departments are primarily responsible.
Checking third parties
Two-thirds of organisations surveyed conduct AI risk assessments of third parties using existing internal processes and/or guidance and best practices from professional organisations; another 55% say they use current and pending laws/regulations.
When assessing third-party risk, those incorporating internal and external perspectives on qualitative and quantitative risk assessment are one-and-a-half times more likely than all others to find their reportable metrics very effective (74% compared with 49%)
Common uses
More than half of organisations use AI to improve team productivity and enhance threat detection. Nearly half say they use it in reporting and automating action and response plans.
‘Enterprise-level integration is vital for improving collaboration’
Teams involved
Four out of five IT teams use AI to support their risk management objectives, but AI shouldn’t be limited to IT, the report states: ‘Cross-departmental use of AI can enhance threat detection and efficiency, scalability, collaboration, and resiliency across the organisation. In fact, those with the strongest digital risk management collaboration report more use of AI in their finance, IT, and HR departments than others.’
Integration
While 81% of enterprise organisations have their digital risk management programme integrated into IT and cyber risk management, just over half say that it is integrated across the enterprise. ‘Enterprise-level integration is vital for improving collaboration, enhancing risk assessment, and creating a holistic view of risk that addresses all potential risk areas,’ the report says.
Organisations are continuing to move away from manual approaches such as spreadsheets
Cloud based
Organisations are continuing to move away from manual approaches such as spreadsheets and shared drives, with four out of five saying they use cloud-based risk management software to manage digital risk.
