Top emerging risks in the technology sector
Technology companies are at the forefront of innovation, and ahead of the curve with horizon scanning, but there are still many uncertainties they need to grapple with that could impact their business in the future.
Based on insights shared by a wide range of technology companies, encompassing SaaS (software-as-a-service) enterprises and other digital organisations in a recent benchmark, this article discusses the top three emerging risks where the majority of tech firms are focusing their energy.
1. Cyber attacks
The most common emerging risk theme highlighted by companies in the technology sector is cyber attacks (download the top 10 ranking here).
While this is a current risk for many, if not all, technology firms, the constant evolution of the threat environment means that the level of cyber risk companies face in the future will likely be much greater than when they are exposed to now.
“The sophistication of cyber attacks will only increase, making this a continuous risk to track.”
CRO
SaaS organisation, Europe
Our conversations with risk leaders at technology companies also highlighted that while cyber attacks are always a threat to cloud-based software companies - due to the many attack surfaces that exist - they are becoming more sophisticated, numerous and malicious, affecting a broader range of organisations.
This emerging risk could be tied to another theme highlighted by many companies, which is the pace of technological advances. The ability to keep pace will dictate a company's ability to remain in a leadership position, but it will also give them the best change of staying one step ahead of malicious forces that seek to interrupt business operations and compromise data security.
Only downside riskIn our benchmark, Emerging risks in the technology sector, we also asked participants to define each risk they highlighted by the following categorisation:
It may not be a surprise to learn that all risk leaders that participated in the study classed cyber attacks as 'Downside risk only'. The focus must be on mitigation. |
2. Machine learning and artificial intelligence
In the benchmark, Technology companies told us that the industry is moving forwards making a greater number of products with machine learning (ML) and artificial intelligence (AI) capabilities. While this development presents opportunities for forward-thinking organisations ready to seize the moment, the underlying risks of bias and unexpected outcomes associated with non-human inputs cannot be ignored.
“AI being misused by our employees and causing reputational damage is an ongoing risk”
Head of Enterprise Risk
ASX-listed tech firm
There is an association between the risk of ML/AI and increased threat of cyber attacks. Companies may wish to grasp these technologies at all costs to secure their place within the market, but it is important to consider that ML and AI also increase the sophistication of the cyber threat vector.
Risk leaders are aware that integrating advanced technology like ML and AI, and fortifying systems against attacks using it, will be key to resilience in the future.
"The Generative AI and Large Language Model hype and new competition have the potential to make market share or enable our customers to provide in-house solutions. This requires our business to continue to be nimble and innovative or get left behind."
CRO
FTSE-listed technology company
Furthermore, with barriers to entry in ML and AI continuing to lower - due to both an increasing number of specialists entering the job market and the widespread popularisation of easy-to-use tools - the competitive landscape for digital companies is increasing, driving organisations to focus on innovation and getting ahead of their peers, as risk leaders in the sector have confirmed.
Where do these insights come from?To help a Risk Leadership Network member who wanted to benchmark the emerging risks that they're focusing on against other companies in their sector, we produced a bespoke benchmark, Top emerging risks and blindspots in the technology sector. To prepare this benchmark we interviewed 17 risk leaders at large multinational organisations. Participants were presented with 57 emerging risk themes and asked to select the most relevant 5 emerging risks for their organisations. This article highlights 3 of the top emerging risks in the aggregated ranking, but download these highlights for the top 10 emerging risks in the benchmark, as well as a number of blindspots we've been able to identify. |
3. Regulation
For risk leaders in the technology sector, keeping tabs on the ever-changing, global regulatory landscape is becoming increasingly difficult, costly and complex.
This is exemplified by the fact that companies are now required to operate within the bounds of increasingly nationalistic data residency regulations and standards, such as the amended Australian Privacy Act and uplift of the EU Digital Services Act.
"Regulation will dictate our ability to effectively sell domestically and internationally,especially given the inclusion of ML/AI capabilities and type of data maintained within our servers.”
Head of risk
Privately-owned multinational tech firm
Upside and downside risksAs well as the downside risks, changing regulatory requirements also presents opportunities for digital and SaaS organisations. For example, being first to market with compliance solutions can boost market share and provide a competitive advantage, as was the case with GDPR when it was first introduced. |
Identifying blind spots
While a consensus of emerging risk themes within a sector provides robust validation for continued monitoring, sometimes it is important to question whether the absence of particular risks might indicate that a sector is failing to see crucial events on the horizon.
This benchmark, Top emerging risks and blind spots in the technology sector, was created in response to the specific priorities of one of our members, but we've made the full report available to all our members to help relevant organisations benchmark their emerging risk.
Some more highlights are available to non-members, but please do get in touch with us to find out more about this benchmark, and also to discuss a bespoke benchmark that you'd like us to create for your organisation.