AI Survey

A survey of 404 business, IT and security professionals working for organizations that generated more than $25 million in revenue finds more of them are becoming comfortable with the inherent risky business nature of artificial intelligence (AI).

Conducted by Ascend2 Research on behalf of Auditboard, a provider of a platform for managing risk and compliance, the survey finds nearly half of respondents (46%) describe their risk tolerance towards AI as very high (17%) or high (29%). Another 42% described their risk tolerance for AI as moderate.

Nevertheless, more than three quarters of respondents (78%) working for organizations have identified AI as an emerging risk to the business.

At the same time, however, more than half of respondents also said their organizations are using AI to enhance their overall digital risk posture by either increasing collaboration (67%), improving threat detection (56%), simplifying reporting (48%) or automating action and response plans (42%).

The teams most commonly found using some form of AI were IT (80%), operations management (55%), sales and marketing (40%), human resources (35%) and finance (32%).

The survey makes it clear that AI is effectively creating a paradox in the sense that, for example, organizations are concerned sensitive data might be exposed to a large language model (LLM) while at the same time AI is being used to discover where other sensitive data might have been inadvertently exposed, says Auditboard CISO Richard Markus. Organizations are clearly willing to use AI, but there are still trepidations concerning how data is being shared with various AI platforms, he adds.

In general, the way organizations are managing digital risk seems to be improving, he says. For example, nearly two-thirds (65%) of respondents said they are in an advanced stage of digital risk management maturity. A total of 87% work for organizations that are creating reportable metrics. Of this group, nearly all (97%) consider their metrics to be effective, with 59% saying the metrics they use are very effective.

Four out of five respondents said their organization is also using cloud-based risk management software to manage digital risk rather than relying on manual processing involving spreadsheets and shared drives.

A full 81% also noted their digital risk management program has been integrated into a larger risk program. That indicates that digital risk is now finally elevated to the point where it is managed alongside other more traditional risks that senior leaders track, notes Markus.

One reason for that is that agencies such as the Securities and Exchange Commission (SEC) are holding senior leaders more accountable for security and compliance. “Security and risk mandates are now being enforced more,” says Markus.

Additionally, it’s becoming more common for compensation packages for senior leaders to be increasingly tied to cybersecurity and compliance goals.

As AI continues to be operationalized, it’s only a matter of time before a much wider range of risk management issues come to the fore. The challenge and the opportunity now is to better appreciate the capabilities and limitations of AI today before an issue arises tomorrow that could result in significant fines being levied.