Generative artificial intelligence (AI), such as OpenAI’s ChatGPT and Google Bard, has become a top concern for enterprise risk executives in the second quarter of 2023, according to a recent report by Gartner, Inc.
In May 2023, Gartner surveyed 249 senior enterprise risk executives to provide leaders with a benchmarked view of 20 emerging risks.
The Quarterly Emerging Risk Reports includes detailed information on the possible impact, time frame, level of attention, and perceived opportunities for these risks.
The report revealed the mass availability of generative AI as the second most-frequently named risk, while third-party viability was the top fast-emerging risk that organisations are monitoring most closely in the Q2 2023 survey.
Financial planning uncertainty was the third ranked risk, followed by cloud concentration risk. China trade tensions rounded out the top five risks that were split between issues symptomatic of the current broad macroeconomic and geopolitical volatility, and technology-related concerns.
“Generative AI was the second most-frequently named risk in our second quarter survey, appearing in the top 10 for the first time,” said Ran Xu director, research in the Gartner Risk & Audit Practice.
“This reflects both the rapid growth of public awareness and usage of generative AI tools, as well as the breadth of potential use cases, and therefore potential risks, that these tools engender.”
Gartner has previously identified six risks of generative AI and four areas of AI regulation that are relevant to assurance functions. In terms of managing enterprise risk, three main aspects must be addressed, according to Gartner experts. These include intellectual property, data privacy and cybersecurity.
Regarding intellectual property, “information entered into a generative AI tool can become part of its training set, meaning that sensitive or confidential information could end up in outputs for other users,” Xu explains.
Adding: “Moreover, using outputs from these tools could well end up inadvertently infringing the intellectual property rights of others who have used it.”
Educating corporate leadership on the necessity for caution and transparency around the use of such tools is important,Gartner highlights.
This way, intellectual property risks can be properly mitigated both in terms of input and output from generative AI tools.
On data privacy, generative AI tools may possibly share user information with third parties, such as vendors or service providers, without prior notice, analysts explain.
This has the potential to violate privacy law in many jurisdictions. For example, regulation has already been implemented in China and the EU, with proposed regulations emerging in USA, Canada, India and UK among others.
On cybersecurity, Xu said: “Hackers are always testing new technologies for ways to subvert it for their own ends, and generative AI is no different.
“We’ve seen examples of malware and ransomware code that generative AI has been tricked into producing, as well as ‘prompt injections’ attacks that can trick these tools into giving away information they should not. This is leading to the industrialization of advanced phishing attacks.”
At the same time, analysts highlighted how deteriorating economic conditions could enhance third-party viability risks.
Xu said: “Persistent inflation that is less responsive to interest rate rises and continues longer than anticipated has escalated costs and margin pressures on third parties.
“As central banks increase interest rates to fight inflation, this also brings about a process of credit tightening that may force suppliers to suspend operations or become insolvent as borrowing costs rise.
If economic conditions deteriorate broadly, this may cause an unexpected drop in demand that could affect vendor viability or their ability to provide goods and services in a timely manner, analysts warn.
Gartner experts identified three potential third-party viability consequences for risk managers to monitor as the situation develops, which include loss of key inputs and materials, flawed financial planning assumptions and challenges outside the supply chain.
