Generative artificial intelligence (AI), including prominent models like OpenAI’s ChatGPT and Google Bard, has surged to the forefront of enterprise risk concerns in Q2 2023, as per a recent Gartner, Inc. study.
Survey insights
In a comprehensive survey conducted in May 2023, Gartner reached out to 249 senior enterprise risk executives, aiming to offer a benchmarked perspective on 20 imminent risks. The Quarterly Emerging Risk Reports, a detailed analysis, sheds light on the potential impact, timeline, attention level, and perceived opportunities associated with these risks.
Generative AI’s mass availability was identified as the second most frequently cited risk. Meanwhile, third-party viability took the top spot as the rapidly emerging risk under close watch in the Q2 2023 survey. Financial planning uncertainty and cloud concentration risk followed, with China trade tensions completing the top five. These risks represent a mix of current macroeconomic, geopolitical volatility, and tech-related concerns.
Ran Xu, director of research in the Gartner Risk & Audit Practice thinks that generative AI’s sudden appearance in the top 10, ranking second, mirrors the swift rise in public awareness and adoption of generative AI tools. It also underscores the vast range of potential applications and, consequently, the associated risks.
Generative AI risks
Gartner has previously pinpointed six inherent risks of generative AI and four pertinent areas of AI regulation. To effectively manage enterprise risk, Gartner emphasizes three pivotal areas: intellectual property, data privacy, and cybersecurity.
Intellectual property concerns
Generative AI tools can inadvertently integrate information into their training datasets. Ran Xu explained that information fed into a generative AI tool might become part of its training set. This implies that sensitive or proprietary data could inadvertently appear in outputs for other users. Furthermore, utilizing outputs from these tools might unintentionally violate the intellectual property rights of prior users. Gartner underscores the importance of enlightening corporate leaders about the prudence and openness required when employing such tools, ensuring that intellectual property risks are aptly addressed.
Data privacy issues
Generative AI tools might unknowingly share user data with third parties, such as vendors or service providers, without prior intimation. Such actions could breach privacy laws in numerous regions. Notably, China and the EU have already enacted regulations, with proposed laws on the horizon in the USA, Canada, India, and the UK.
Cybersecurity threats
Generative AI tools are not immune to cyber threats. Xu pointed out that there are malware and ransomware codes produced by generative AI after being deceived, as well as ‘prompt injections’ attacks that mislead these tools into divulging information they shouldn’t. This paves the way for the large-scale execution of sophisticated phishing attacks.
Economic conditions and third-party viability
Analysts also spotlighted the potential amplification of third-party viability risks due to worsening economic conditions. Persistent inflation, less reactive to interest rate adjustments and lasting longer than expected, has intensified cost and margin strains on third parties. As central banks elevate interest rates to combat inflation, it triggers a credit tightening phase, potentially pushing suppliers towards operational suspension or insolvency due to escalating borrowing expenses.
A broad economic downturn might lead to an unforeseen slump in demand, jeopardizing vendor viability or their capacity to deliver goods and services promptly.
Gartner’s experts have outlined three potential repercussions of third-party viability for risk managers to track: loss of essential inputs and materials, erroneous financial planning assumptions, and external supply chain challenges.
As the landscape of emerging risks evolves, enterprises must remain vigilant, especially in the realm of generative AI. The blend of technological advancements and economic fluctuations necessitates a proactive approach to risk management.