The Conference Board has officially published the results from its latest report, which reveals that around three-quarters of the S&P 500, or 72% of companies, now flag AI as a material risk in their public disclosures, marking a staggering rise from just 12% recorded in 2023.
Going by the available, over the course of this survey, reputational emerged as the most prevalent risk archetype, with around 38% companies feeling the effects of it. Beyond that, cybersecurity risks took the second spot, as they were reported by over 20% of all surveyed companies.
More information regarding the latter would reveal how businesses in general indicated the expanding footprint of AI-related security risks. “Across all disclosures, there is a consistent theme: businesses are concerned about AI's impact on compliance, security, and reputation. According to Andrew Jones, the report's author and Principal Researcher at The Conference Board, "the task for business leaders is to integrate AI into governance with the same rigor as finance and operations, while communicating clearly to maintain stakeholder confidence." If we go deeper into the study as a whole, we mentioned that reputational risks are the most common type of risk. However, we haven't yet discussed the fact that these risks are frequently brought on by AI projects failing to deliver on their promises. If these AI projects are perceived as ineffective or poorly integrated, the risk can get even worse. In totality, 45 of all surveyed companies reported this as their primary reason.
A contingent of 42 companies also claimed that missteps like errors, inappropriate responses, or service breakdowns can become highly damaging, particularly for consumer-oriented brands.
The subsequent mishandling of sensitive information would be deemed a reputational risk by 24 additional businesses. Their main concern is that any breach here could easily lead to regulatory action or public outcry. The most obvious and immediate threat posed by the use of AI is reputational risk. One lapse—an unsafe output, a biased decision, or a failed rollout—can spread rapidly, driving customer backlash, investor skepticism, and regulatory scrutiny in ways that traditional failures rarely do,” said Brian Campbell, Leader of The Conference Board Governance & Sustainability Center.
We must then expand on cybersecurity threats. Here, a substantial chunk of companies would reveal that AI widens their risk surface using new data flows, tools, and systems. You see, around 40 companies described AI as a force multiplier due to its ability to bolster scale, sophistication, and unpredictability of cyberattacks.
A separate group of 18 companies blamed overt reliance on cloud providers, SaaS platforms, and external partners.
17 businesses revealed that data breaches continue to be one of their top concerns, demonstrating how AI-driven attacks can expose sensitive customer and business data almost like a ripple effect. Legal regulatory risks were also found to be prevalent in the Conference Board's report. In order to provide a better understanding, 41 businesses mentioned the difficulty of planning AI deployments in light of shifting and fragmented regulations. In addition, 12 of the companies surveyed expressed concern that the new AI-specific regulations will result in increased compliance obligations and possible enforcement actions. As if the situation weren't bad enough, court filings all over the place continue to highlight the ambiguity regarding how courts will handle intellectual property claims related to AI training data or who is responsible for harm caused by autonomous AI systems. The in question study, among other things, reveals a set of new risks. An illustration of the same talks about how over 24 businesses highlighted risks like disputes over copyright, theft of trade secrets, and contested use of data from third parties for model training. A separate 13 companies-lineup deemed as privacy their biggest concern, particularly focusing on sensitive exposure under the General Data Protection Regulation, Health Insurance Portability and Accountability Act, and California privacy laws (CCPA/CPRA).
Rounding up highlights would be the risk attached with technology’s adoption. Basically, around 8 companies put their finger on risks in execution. This covers costs of new platforms, uncertain scalability, and the possibility of under-delivering on promised returns.
