Every year, RiskBusiness publishes its perceptions of the top risks, threats or concerns for the year ahead, based on published industry material, current affairs and corporate intelligence.
There will be little surprise that geopolitical issues are at the forefront of almost everyone’s minds, while many of the issues listed are serial issues that we have seen before. As is always the case, it’s not necessarily knowing about a threat which is the most important factor; it is what you do with that knowledge, how you assess its potential consequences for your firm and what actions you take to mitigate those consequences.
1. Geopolitical issues
While geopolitical issues and breakdown in international relations is often primarily considered a causal driver for other risks and issues, the volume of current global issues is itself a major concern for everyone. Ranging from the ongoing Ukraine/Russian Federation conflict, through the tensions across the Middle East, continual conflict in areas of Africa, to concerns around China’s ambitions on Taiwan, any assessment of world peace would reflect a high probability of significant global harm.
At the same time, the global political landscape is also pulling to the right, with political uncertainty, citizen unrest and concerns around spiralling costs of living feeding global concerns. The combination of geopolitical and national political issues are feeding macroeconomic concerns, with many nations increasing their national debt, both due to military spending and in an effort to satisfy citizen demands around education, healthcare and job security.
2. Infrastructural monopolies
The lack of large numbers of competitors in two closely associated areas is in the process of creating two interrelated single points of resiliency failure globally. With ongoing technology evolution and the continual migration of infrastructure to the “cloud”, coupled to the cost, security requirements and utility demands of mission-sustainable data centres, a relatively small number of vendors now control the majority of global data centres, implying that a service outage or cyber attack can affect very large numbers of firms and their users.
In a similar manner, the speedy transition into the usage of AI models and technologies by increasingly large numbers of firms is being supported by a very small number of service providers, with some of these service providers also being the providers of data centres.
We have already experienced both data centre outages and AI model outages; what we might expect is a service disruption combination of data centre and AI model from a single provider. In addition to concerns around business disruption, a lesser considered threat lies in the ecological damage arising from these two intertwined technologies – bigger, faster and “better” AI models need greater computing power, which generates more demand for data centres, which run on electrical power and require enormous amounts of water to cool. Without renewable energy, the electrical demand will only be met using fossil fuels, while water is already a decreasing and scarce commodity.
3. Climate change
The world continues to experience unprecedented wildfires, flooding, droughts, soaring temperatures and unseasonal weather conditions. Global efforts to reduce greenhouse gas emissions continue to fail, while unacceptable environmental damage and greenhouse gas emissions caused by military conflict and technology evolution go “unnoticed”. Climate change is already causing considerable business disruption and will continue to do so for the foreseeable future.
4. Rogue AI
The pros and cons of the use of artificial intelligence (AI) are numerous; suffice to say that AI has many good and bad implications for the modern enterprise. As with any new product, new service, new technology or other new initiative, care has to be taken to fully comprehend what you are dealing with and what the potential ramifications of its use actually are. AI is essentially a model of reality, taking inputs and applying rules, assumptions and logic to generate outputs. It is exactly in the application of rules, assumptions and logic, most often undertaken inside a “black box” which few have any insight into, that the concern about the model going rogue, generating unexpected and/or undesirable outputs, lies.
5. Talent acquisition and retention
Coupled to the expansion in the adoption of artificial intelligence and new technologies, the capabilities of and requirements in resourcing are rapidly changing. This has already led to shortages in specific skill sets and firms laying off significant numbers of staff, replaced by “AI”. Other firms are grappling with how to retrain staff, while almost all are faced with high mobility in staff skilled and experienced in AI. Overall, the cost of staffing can be expected to increase.
6. Technology obsolescence
Despite the rapid expansion in the use of artificial intelligence and the ongoing migration to the “cloud”, many firms still make use of the same technology platforms for core business operations that they adopted a decade or more ago. Moving off a core platform is never a trivial matter, as so many case studies bear evidence. Financial exchanges, central banks, regulators and many individual firms have tried and failed in platform migration projects.
But an increasing number of technology platforms are moving beyond their “use by” date, with suppliers discontinuing support and maintenance, both for software applications and for hardware components and devices. This implies that, almost concurrently with adopting new technology, firms are going to have to face migrating their core technology platforms as well.
7. Operational resiliency
It sounds simple – ensure that the firm remains operationally resilient irrespective of what forms of disruption arise. After all, we have business continuity plans, data back-up strategies, application and system automated fail-over, hot standby disaster recovery facilities and integrated crisis management programmes. Plus, Europe has DORA, the Digital Operational Resiliency Act, which mandates what has to be done.
Yet, operational resiliency remains a significant concern for many. Some would argue that, given the current climate of geopolitical uncertainty with the potential implications for our supply chains, coupled with numerous well-publicised business disruption events, such concerns are well founded, while others would supplement this with concerns over shadow-AI, shadow-IT and weak governance frameworks.
8. Payments fraud
Although many would include cybercrime in their lists of top risks, we would like to zoom into a specific manifestation of cybercrime, namely payments fraud arising from two specific malicious acts: fraud where the account owner is induced to make payment to another party and fraud where the bad actor gains access to the victim’s account through deceptive acts.
Authorised push payment fraud is rampant and occurs where the victim is induced to voluntarily make a payment to another party. Included in this form of fraud are so-called romance scams, advance fee scams, fraud department imposter scams, tax authority, law enforcement authority or customs officials scams, invoice scams, lottery winner scams, investment scams and other types of bank transfer fraud. Essentially, the fraudster(s) convince the victim that they need to make a payment to an account which is not under the victim’s control.
Scams where the bad actor gains control over the victim’s account are not new and often are initiated through a phishing attack or where the bad actor poses as the victim’s bank staff and then gains access to the victim’s bank account, following which funds are quickly transferred out. A worrying new variant is where victims are lured to fake product sites from popular social media forums, usually when using a smartphone, from where control is gained over that device.
9. Supply chain failures
We live in the era of specialisation and most firms are heavily reliant on a variety of supply chains to remain in business. Such supply chains have been just one or two levels deep, but in many cases, are made up of many levels of supplier, resulting in so-called “nth” party risks. Given the global geopolitical situation and an increasing political trend towards “home country first” policies, the potential for supply chain disruption and failure continues to increase. Changing market demand factors also affect the demand for specific raw materials or part-completed materials, which may also add further complications for integrated supply chains.
10. Privacy breach arising from a ransomware infection
Ransomware first gained prominence through its business disruption consequences – firms unable to operate due to no access to their systems or data. As firms designed countermeasures to ensure operational resiliency, the bad actors evolved their techniques, with current ransomware attacks essentially focused on taking a copy of confidential or sensitive data, then extorting the victim to pay a ransom to prevent that confidential and sensitive data from being publicly disclosed. Current attack strategies may still deploy data encryption or affect systems and preclude their use as an added incentive to pay the ransom.
While accidental privacy breaches and insider theft of confidential and sensitive data still occur and remain a concern, a ransomware privacy breach tends to be more serious, given that bad actors have control over a copy of sensitive and confidential data and can easily distribute such data further, even if a ransom is paid.
Download a copy of the full report here, which includes details of our recently launched Risk Alerts service under which subscribers gain access to new and emerging risks as soon as these are identified.
