A Gartner study revealed that there is a rising concern of artificial intelligence-enhanced malicious attacks as these become top emerging risk for enterprises in the second quarter of 2024.
The survey, which polled 274 senior enterprise risk executives, showed that new concerns regarding soft ransomware targets are also coming to the forefront of enterprise risks.
“Similar to AI-enhanced malicious attacks, soft ransomware targets require minimal experience and cost to cause significant financial and reputational damage,” said Gamika Takkar, director, research in the Gartner Risk & Audit Practice.
Three of the top five most cited emerging risks are in the technology category and new concern regarding soft ransomware targets enter the tracker for the first time.
Escalating political polarisation, which first entered the tracker in the fourth quarter of 2023, held steady as the third most cited concern, while misaligned organisational talent profile moved up from the fifth to fourth most cited risk.
Table: Top Five Most Commonly Cited Emerging Risks in Q2 2024
![[Image Alt Text for SEO]](https://emt.gartnerweb.com/ngw/globalassets/en/newsroom/images/graphs/2024-top-five-emerging-risks-chart-q2.jpg)
Source: Gartner (JULY, 2024)
Causes of Soft Ransomware Targets
Soft ransomware targets include the types of systems that may be especially vulnerable to ransomware due to underinvestment or technical debt, leading to longer disruptions in business operations when attacks occur. The ease of carrying out such attacks, via what’s known as ransomware-as-a-service (RaaS), allows cybercriminals with even minimal experience and technical skill to deploy attacks at low cost.
“Ransomware-as-a-service lowers the barrier to entry for inexperienced cybercriminals who know just enough about how to attack and disrupt business operations, creating worse impacts than usual when attacks occur,” said Takkar.
Potential Consequences to Mitigate
The potential impacts of soft ransomware targets range from operational disruptions and delay of services, to increased exposure to multi-extortion, such as ransom demand follows threats of selling, publishing or permanently deleting data, to increased financial burden in the form of direct and indirect costs. Direct costs include ransoms, remediation, litigation, and public relations, while indirect costs, such as reputational damage and loss of intellectual property, also create burden on the organisation.
“While operational disruption and increased costs are dire consequences of soft ransomware targets, the exposure to extortion can impact not just the organisation itself, but any and all associated third-parties as well, further underscoring the importance of understanding and preventing such risk,” said Takkar.
