Artificial intelligence (AI)-driven malicious attacks were the top emerging cyber-security risk for enterprises in the third quarter of 2024, according to a new report.
IT vendor criticality and an unsettled regulatory and legal environment are new, top emerging enterprise risks, according to a Gartner report.
Advertisement
According to Zachary Ginsburg, senior director, research in the Gartner Risk & Audit Practice, while the upcoming US election generates headlines over the candidates’ regulatory, trade and other proposals, organisations have difficulty considering the actual risk implications from the many scenarios that might unfold.
“Amplifying this uncertainty are recent US Supreme Court decisions on federal agencies’ authority to set and enforce regulations,” said Ginsburg.
Beyond politics, other global events, such as the July CrowdStrike outage, have raised questions about whether organizations over-rely on their largest IT vendors.
“Because third parties, like SaaS vendors, rely on other vendors, organisations may not realise the full extent of their exposure,” said Ginsburg.
Two of the top five most cited emerging risks are in the technology category and two reflect political concern related to uncertainty around the regulatory and legal environment and the outcomes of global elections.
According to the report, misaligned organisational talent profile moved down from the fourth-place ranking in the second quarter to the fifth most cited risk in the third quarter.
“Political and legal events may have complex risk implications, but events that are contingent on a defined set of outcomes, like an election, are good candidates for scenario planning,” said Ginsburg.
If organisational leaders can generate specific, cost-effective actions that can meaningfully address risks over the duration of a risk event, these are ones that both have a high likelihood of mitigating risk as well as generating executive support.
“By going beyond specific risks events to assessing organisational capacity to manage disruption, enterprise risk leaders can both reduce their organisations’ exposure to identified risks as well as enhance resilience to unforeseen events.” said Ginsburg.