Organizations weigh the risks and rewards of using AI

78% of organizations are tracking AI as an emerging risk while simultaneously adopting the technology themselves, according to AuditBoard.

Organizations prioritize AI risk assessment

The report, based on a survey of over 400 security professionals in the US involved in their organization’s approach to cybersecurity and digital risk, reveals organizations are making significant strides in digital risk management compared to previous years.

The data shows organizations in 2024 are 2.5 times more likely to be in the later stages of digital risk maturity than last year, showcasing a solid trend toward proactive risk management.

Two-thirds of organizations prioritize AI risk assessment using existing internal processes (65%) and/or guidance and best practices from professional organizations (63%). Another 55% say they use current and pending laws/regulations to prioritize risk.

Over half of organizations surveyed use AI to improve team productivity (57%) and enhance threat detection (56%). Nearly half say they use it in reporting (48%) and automating action and response plans (42%).

Nearly half of respondents describe their risk tolerance towards AI as very high (17%) or high (29%), while only 12% report a low (9%) or very low (3%) AI risk tolerance. This indicates the growing acceptance of AI as an emerging technology that presents both benefits and risks.

Ethical and responsible use of AI to support digital risk management objectives is essential in maintaining high AI-related risk tolerance. By implementing a framework for responsible AI use, enterprise organizations can ensure that AI supports their digital risk management objectives while maintaining trust and integrity in their AI initiatives.

Strong collaboration across teams managing digital risk matter

The report findings also highlight the rapid evolution of digital risk management practices and the importance of solid organizational collaboration to enhance risk management strategies.

87% of companies use reportable metrics to manage digital risk. Of this group, 97% consider their metrics to be effective, with 59% saying the metrics they use are very effective — underscoring the importance of data-driven decision-making.

58% of professionals surveyed say they collaborate with functions working on digital risk, but there is room for improvement in how effectively they collaborate. 35% say they have strong collaboration. Effective collaboration is essential for a comprehensive, integrated approach to digital risk management. Those with solid collaboration are more than two times more likely than all others to describe their reportable metrics as very effective (87% vs. 41%).

Organizations continue to move away from manual approaches like spreadsheets and shared drives, with four out of five saying they use cloud-based risk management software to manage digital risk.

While 81% of enterprise organizations have their digital risk management program integrated into IT and cyber risk management, just over half say their digital risk program is integrated across the enterprise. Enterprise-level integration is vital for improving collaboration, enhancing risk assessment, and creating a holistic view of risk that addresses all potential risk areas.

“The findings from this survey underscore the importance of evolving digital risk management practices,” said Richard Marcus, CISO at AuditBoard. “As organizations mature in their approaches, integrating advanced technologies and fostering strong collaboration will be key to staying ahead of emerging threats and protecting digital assets.”