According to a new report, artificial intelligence (AI)- driven malicious attacks were the top emerging cyber-security risk for enterprises in the third quarter of 2024.

According to a Gartner report, IT vendor criticality and an unsettled regulatory and legal environment are new, top emerging enterprise risks.

According to Zachary Ginsburg, senior director, of research in the Gartner Risk & Audit Practice, while the upcoming US election generates headlines over the candidates’ regulatory, trade and other proposals, organizations have difficulty considering the actual risk implications from the many scenarios that might unfold.

“Amplifying this uncertainty are recent US Supreme Court decisions on federal agencies’ authority to set and enforce regulations,” said Ginsburg.

Beyond politics, other global events, such as the July CrowdStrike outage, have raised questions about whether organizations over-rely on their largest IT vendors.

“Because third parties, like SaaS vendors, rely on other vendors, organizations may not realize the full extent of their exposure,” said Ginsburg.

Buy Me a Coffee

Two of the top five most cited emerging risks are in the technology category and two reflect political concerns related to uncertainty around the regulatory and legal environment and the outcomes of global elections.

According to the report, the misaligned organizational talent profile moved down from the fourth-place ranking in the second quarter to the fifth most cited risk in the third quarter.

“Political and legal events may have complex risk implications, but events that are contingent on a defined set of outcomes, like an election, are good candidates for scenario planning,” said Ginsburg.

READ
Ford Investigates Potential Data Breach Involving 44,000 Customer Records

If organisational leaders can generate specific, cost-effective actions that can meaningfully address risks over the duration of a risk event, these are ones that both have a high likelihood of mitigating risk as well as generating executive support.

“By going beyond specific risk events to assessing organizational capacity to manage disruption, enterprise risk leaders can both reduce their organizations’ exposure to identified risks as well as enhance resilience to unforeseen events,” said Ginsburg.