Generative AI quickly rises ranks among leading enterprise risks

The growing availability of generative AI tools such as ChatGPT has quickly become a key concern for enterprise risk executives, according to a Gartner survey.

In the second quarter of this year, generative AI was the second most frequently cited emerging risk among 249 senior enterprise risk leaders.

This was the first time generative AI appeared in the top 10 risks, and it was listed by 66% of those surveyed.

“This reflects both the rapid growth of public awareness and usage of generative AI tools, as well as the breadth of potential use cases, and therefore potential risks, that these tools engender,” said Ran Xu, director of research in the Gartner Risk & Audit Practice, in a press release.

Specific risks

There are three main aspects of generative AI risks that need to be addressed, Gartner said in the press release about its enterprise risk survey.

Data privacy is one key risk area because generative AI tools can possibly share user information with third parties without prior notice.

“This has the potential to violate privacy law in many jurisdictions,” the Gartner release said.

Along similar lines, enterprises face intellectual property risks because sensitive or confidential information entered into a generative AI tool could end up in outputs for other users.

Cybersecurity is the third key generative AI risk area, as hackers have a tendency to try to exploit emerging tech.

“We’ve seen examples of malware and ransomware code that generative AI has been tricked into producing, as well as ‘prompt injections’ attacks that can trick these tools into giving away information they should not,” Xu said. “This is leading to the industrialization of advanced phishing attacks.”

Managing risk

Gartner has outlined steps legal leaders can take to help manage AI-related risk. The recommended actions include putting controls in place that cover the life cycle of any high-risk AI tool.

“One approach to this may be an algorithmic impact assessment (AIA) that documents decision making, demonstrates due diligence, and will reduce present and future regulatory risk and other liability,” said Laura Cohn, senior principal, research at Gartner, in a press release.

Legal leaders should also make sure their risk management efforts are cross-functional. They are advised to involve information security, data management, data science, privacy and compliance.

“Since legal leaders typically don’t own the business process they embed controls for, consulting the relevant business units is vital,” Gartner said in a press release.

On the privacy front, legal and compliance leaders can mandate privacy impact assessments early in an AI project and apply privacy-by-design principles.

Risks beyond AI

The leading emerging risk cited by enterprise risk executives was third-party viability, which was mentioned by 67% of respondents to the Gartner survey.

Xu said that persistent inflation has escalated costs and margin pressures on third parties.

“If economic conditions deteriorate broadly, this may cause an unexpected drop in demand that could affect vendor viability or their ability to provide goods and services in a timely manner,” the Gartner press release said.

In a related vein, the third most frequently cited emerging risk was financial planning uncertainty at 62%. Gartner’s second quarter enterprise risk survey was conducted in May.