AI fastest rising risk to business
24 September 2024
Poll of Chief Internal Auditors reveals AI, cyber and digital threats will dominate the risk landscape for 2025 and beyond
Businesses across the UK, Ireland and Europe are rapidly changing their attitudes towards risk in response to the swift evolution of technological threats that are transforming the risk landscape like never before. The Chartered IIA’s annual Risk in Focus 2025 report, released today, tracks the risks facing organisations year-on-year as ranked by 985 Chief Internal Auditors across 20 European countries.
Cybersecurity top risk amid increasingly sophisticated attacks
Deep fake attacks and increasingly intense AI-powered hacks helped cybersecurity and data security retain its long-standing position as the top threat with 83% saying it was a top five risk. This threat is forecast to remain the leading risk for the next three years, reflecting heightened concerns over increasingly sophisticated and frequent cyber-attacks, affecting everything from customer data to patient safety. High-profile incidents, such as the recent global IT outage caused by the CrowdStrike attack, have underscored the growing risk to businesses and people.
AI and digital disruption: fastest rising risk category
However, the big story coming out of this year’s Risk in Focus report is the rise of digital disruption, new technology and AI, with 40% citing it as a top five risk up from a third (33%) a year ago. This makes it the fourth biggest risk this year up from sixth a year ago and the fastest rising risk category with organisations under increasing pressure to keep up with competitors and harness this fast-evolving technology to meet growing consumer demands. In fact, by 2028, digital disruption, new technology and AI it is set to rise even further when it is expected to be the second biggest risk with 63% of Chief Internal Auditors saying it will be a top five risk. The increase in AI and digital-related risks is also mirrored in the growing amount of time and effort internal audit teams expect to spend addressing these threats over the next three years.
Call to action: harnessing internal audit against digital threats
In response to these accelerating risks, the Chartered IIA is urging boards and senior management to harness their internal audit teams’ expertise to assess the effectiveness of cyber and digital controls. Where controls are found lacking, internal audit can play a critical role in recommending improvements to protect businesses from these emerging threats.
Anne Kiem OBE, Chief Executive of the Chartered Institute of Internal Auditors said: “AI’s rapid rise as a business-critical risk underscores the unprecedented pace of digital transformation happening around us. While these technological advances offer tremendous opportunities, without proper safeguards, they also pose significant threats. Internal audit is uniquely equipped to provide assurance that cyber, digital, and technology-related controls are not only in place but effective. Boards to confront these risks head-on and leverage the expertise of internal auditors to protect and future-proof their organisations.”
Other key findings from Risk in Focus 2025:
- Human capital, diversity, talent management and retention held its second place ranking with over half (52%) of Chief Internal Auditors placing it as a top five risk. Balancing shifting demographic trends with skills and budgetary shortages at a time of increased digitalisation is a key challenge for many organisations.
- Changes in laws and regulations were cited by 46% of Chief Internal Auditors as a top five risk, making it the third biggest risk.
- Macroeconomic and geopolitical uncertainty, was cited by 39% of Chief Internal Auditors as a top five risk, driven by the War in Ukraine and conflict in the Middle East.
- Climate change, biodiversity, and environmental sustainability were highlighted as a top five risk by 33% of Chief Internal Auditors, with regulatory pressure expected to push this risk higher by 2028, particularly in light of the EU’s Corporate Social Responsibility Directive along with other climate and environmental laws and regulations.
The full Risk in Focus 2025 report, featuring insights from nearly a thousand Chief Internal Auditors across Europe, is available here.
--ENDS--
FOR MORE INFORMATION CONTACT GAVIN HAYES ON 07900 195591
Notes to editors
The top 10 risks for Risk in Focus 2025 are (with the associated %s indicating those Chief Internal Auditors that ranked each a top five risk – rounded up or down to the nearest percentage point)
- Cybersecurity and data security (83%)
- Human capital, diversity, talent management and retention (52%)
- Change in laws and regulations (46%)
- Digital disruption, new technology and AI (40%)
- Macroeconomic and geopolitical uncertainty (39%)
- Climate change, biodiversity and environmental sustainability (33%)
- Business continuity, operational resilience, crisis management and disasters response (32%)
- Market changes, competition and changing consumer behaviour (32%)
- Supply chain, outsourcing and 'nth' party risk (29%)
- Financial, liquidity and insolvency risks (27%)
About Risk in Focus 2025
- For the past nine years, Risk in Focus has sought to help Chief Internal Auditors understand how their peers view today’s risk landscape as they prepare their audit plans for the year ahead.
- Risk in Focus 2025 research was conducted in March and April 2024. Data was collected through a quantitative survey among Chief Internal Auditors across 20 European countries which included: Albania, Armenia, Austria, Belgium, Bulgaria, France, Germany, Greece, Hungary, Ireland, Italy, Luxembourg, The Netherlands, Norway, Poland, Portugal, Spain, Sweden, Switzerland and the UK. The survey elicited 985 responses.
- Simultaneously, five roundtables were organised with 48 participants covering five of the key risk areas covered in the report. In addition, we also conducted 11 one-to-one interviews with subject matter experts that included mainly Chief Internal Auditors, but also academics, non-executive directors and industry experts to provide deeper insights into how these risks are manifesting and developing.
About the Chartered Institute of Internal Auditors
The Chartered IIA represents around 10,000 internal audit professionals in organisations spanning all sectors of the economy, across the UK and Ireland. It champions the contribution internal audit makes to good corporate governance, strong risk management and a rigorous control environment leading to the long-term success of organisations, including those in the public sector.