Emerging risks for enterprises now includes AI as technologies such as ChatGPT and Google Bard have become widely available, said Gartner recently.
“Generative AI was the second most-frequently named risk in our second quarter survey, appearing in the top 10 for the first time,” said Ran Xu director, research in the Gartner Risk & Audit Practice. “This reflects both the rapid growth of public awareness and usage of generative AI tools, as well as the breadth of potential use cases, and therefore potential risks, that these tools engender.”
The advisory firm noted that it surveyed 249 senior enterprise risk executives in May 2023 to provide leaders with a benchmarked view of 20 emerging risks for enterprises.
The Quarterly Emerging Risk Reports includes detailed information on the possible impact, time frame, level of attention, and perceived opportunities for these risks, the firm added.
Third-party viability was the top fast-emerging risk that organisations are monitoring most closely in the 2Q23 survey, Gartner pointed out, adding that financial planning uncertainty was ranked the third among emerging risks for enterprises, followed by cloud concentration risk.
China trade tensions rounded out the top five emerging risks for enterprises that were split between issues symptomatic of the current broad macroeconomic and geopolitical volatility, and technology-related concerns, the firm said.
Mass generative AI availability
Gartner has previously identified six risks of generative AI and four areas of AI regulation that are relevant to assurance functions.
In terms of managing enterprise risk, three main aspects must be addressed, according to Gartner.
Information entered into a generative AI tool can become part of its training set, meaning that sensitive or confidential information could end up in outputs for other users.
In addiiton, using outputs from these tools could well end up inadvertently infringing the intellectual property rights of others who have used it.
It’s important to educate corporate leadership on the necessity for caution and transparency around the use of such tools so that intellectual property risks can be properly mitigated both in terms of input and output from generative AI tools.
Generative AI tools may possibly share user information with third parties, such as vendors or service providers, without prior notice.
This has the potential to violate privacy law in many jurisdictions.
For example, regulation has already been implemented in China and the EU, with proposed regulations emerging in USA, Canada, India and UK among others.
Hackers are always testing new technologies for ways to subvert it for their own ends, and generative AI is no different.
There are examples of malware and ransomware code that generative AI has been tricked into producing, as well as ‘prompt injections’ attacks that can trick these tools into giving away information they should not.
This is leading to the industrialisation of advanced phishing attacks.
Causes and implications of third-party viability risk
Persistent inflation that is less responsive to interest rate rises and contuse longer than anticipated has escalated costs and margin pressures on third parties, said Xu.
“As central banks increase interest rates to fight inflation, this also brings about a process of credit tightening that may force suppliers to suspend operations or become insolvent as borrowing costs rise,” he noted.
If economic conditions deteriorate broadly, this may cause an unexpected drop in demand that could affect vendor viability or their ability to provide goods and services in a timely manner, he added.
Gartner has identified three potential third-party viability consequences for risk managers to monitor as the situation develops:
Loss of key inputs and materials. If third-parties are increasing their prices due to the wider economic situation there is a clear risk of losing access to key inputs and materials as third parties would favour customers willing to pay higher prices.
Flawed financial planning assumptions. Cost assumptions will be rendered invalid as suppliers increase prices or fail, necessitating switching costs and increased prices for obtaining goods and services.
Challenges outside the supply chain. Partners, such as managed service providers or commercial partners, creditors, or technology vendors may cease or curtail operations.