Companies Complain About Cyber Risks – But Many Do Little About It

AI is reshaping companies’ risk management policies – in multiple ways.

Cybersecurity risk has long been a thorn in the side of information technology executives, and to finance, risk, and compliance officers.

With many companies turning to artificial intelligence to automate business tasks and help run departmental programs, 2024 should see a big change in how companies leverage AI for business success. They’ll also be looking to build guardrails to ensure AI implementations don’t leave an opening for data thieves and financial fraudsters.

That scenario may be fraught with peril, as companies recognize new-age risks to company data but don’t seem to be using the best tools to protect that data.

As usual, the data tells the story.

In a brand-new study from PwC, a financial services consortium that includes some of the leading lights in the financial sector, 37% of organizations believe they are “highly” or “extremely” exposed to cyber risks, just behind inflationary risks at 39%. Company executives tasked with managing risk rank cyber “higher” than inflation, the study reports.

While a burgeoning number of risk managers say they are aware of cyber risk issues, just 10% of those surveyed “are using advanced and predictive analytics to refine and innovate risk management,” PwC states.

The study canvassed approximately 3,900 business and risk leaders, including the boardroom and C-suite, and across tech, operations, finance, risk, and audit areas.

Gen AI Investments Are Changing the Way Companies View Cybersecurity Risk

The PwC study also focuses on rising corporate investment in generative AI, which seemingly has a reverberated impact on the company’s cyber security policy.

In it, PwC analysts say that big investments in emerging technologies such as Generative AI, machine learning, automation, and cybersecurity are “unlock value” in their operations, but “also playing a significant role “in shaping that organization’s overall risk exposure.”

In this often volatile business environment, privacy-minded CX-suite execs need to be more ambitious – and even more aggressive – with their risk management policies.

“In a world that is persistently in a state of flux, it’s clear that organizations need to transform, with new and emerging technologies playing a critical role in that transformation,” says Sam Samaratunga, global and UK Head of risk services at PwC UK. “So it’s no surprise that cyber and digital risks are top-of-mind in 2023, with those leaders responsible for managing risk ranking cyber higher than inflation.”

Yet if those same organizations don’t take risks, they can’t grow, which is a huge problem given the highly technological and highly competitive business landscape heading into 2024.

“If organizations are to grow, build resilience, and see sustained, long-term outcomes, they should follow the lead of ‘risk pioneers’ – organizations with a proactive approach to risk, an enterprise-wide risk strategy, and strong alignment on risk appetite between teams,” Samaratunga says.

In a deeper dive into what makes an effective risk pioneer, PwC analysts say the best executives are “blazing a trail in reframing risk as a value creation opportunity.

— Those execs are overwhelmingly likely to have an enterprise-wide technology strategy and roadmap, the study reports.

— They’re also 1.8 times more likely to see GenAI as fully an opportunity than risk.

— And they are significantly more likely to be upskilling internal teams on risk-related capabilities and express greater alignment with their CEO/board on levels of risk appetite.

Yet companies without so-called risk pioneers face a “clear gap in risk management capabilities and execution.”

For example, only 10% of those executives “are already using advanced and predictive analytics, cutting-edge tech and data for managing risk and are continuously refining and innovating,” PwC reports.

That approach to cybersecurity management cannot stand with a hyper-competitive 2024 business environment on the horizon, analysts say.

“The age of the benign risk environment is over for the foreseeable future, amplified by the increasing pace and impact of technology change,” says Simon Perry, markets and services leader at PwC UK. “These threats mean taking risk intelligently – powered by technology and framed by growth and opportunity – is now critical to adapting and reinventing yourself in this constantly changing world to both protect and create value.”




Recent Posts

Leave a Reply

Your email address will not be published. Required fields are marked *