Evolving Technologies Are Driving Firms to Harness Opportunities and Defend Against Threats

Developments in technology have helped organizations unleash operational efficiencies, connect workforces and foster growth. Yet, these advancements have also exposed companies to new and evolving risks, creating winners and losers in the race for digitalization.

Technology Trends: Today and Tomorrow 

The key — and in many ways, interconnected — technology trends that are impacting businesses today include:  

1. New AI capabilities introducing challenges and opportunities 
2. Growing cyber risks and the struggle to keep pace with threats  
3. Developments in data and advanced analytics for better decision making

Artificial Intelligence: A Double-Edged Sword

AI is one of the most talked-about topics in an age where exponential technological advancements have changed the business landscape. Eighty-six percent of business leaders around the globe believe generative AI (GenAI) will be transformative for their company and industry.¹ In fact, developments related to GenAI have the potential to add the equivalent of $2.6 trillion to $4.4 trillion annually to the global economy.²

“It is extremely difficult to point to any industry right now and say they're not looking at AI,” says Spencer Lynch, Global Security Consulting Leader. The technology is being used primarily for operational efficiencies, such as implementing AI-powered chatbots, harnessing AI-powered translation tools and using the technology in office applications. However, AI is also driving new exposures that leaders need to identify and address:  

• AI-powered translation tools allow scammers to use deepfakes and replicate people’s voices and accents in more languages.
  This results in a growing number of fraudulent payments, which is particularly concerning for financial institutions.³ Training employees to identify and defend against deepfakes is still a work-in-progress.  

• The development of AI tools to improve effectiveness requires a large amount of data, which will also need to be relevant and up-to-date.
  This leads to concerns over data scraping as a means of pulling large amounts of information from the web. In 2023, data protection and privacy authorities from around the world published a joint statement calling for the protection of people’s personal data from unlawful data scraping. Businesses that participate in illegal data scraping — even unwittingly — will face severe penalties.⁴

• Consumer-facing AI technology is directly linked to a rise in safety concerns.
  This is especially true for AI applications where personal safety is a concern and where AI is prone to cyber attacks, fraud and biases.

The use of AI by organizations has been evolutionary rather than revolutionary. Some risk officers are still waiting to see how the technology will materially impact organizations. According to Adam Peckman, Head of Cyber Solutions, Asia-Pacific, “Pockets of experimentation and innovation with these new technologies are sometimes occurring outside of established data governance and cyber security practices. In turn, this 'shadow AI' is limiting the visibility of an enlarged digital attack surface, among other risks in the AI space.”

An Outlook on an Accelerated AI Future 

The speed at which AI is developing means that it could have significant and unforeseen implications for organizations that rank AI in their top 10 future risk lists. 

Experts predict that AI will transform the enterprise risk landscape for all industries, introducing new hurdles for many companies and changing the severity and pace of existing risks. These include, but are not limited to, cyber, E&O, employers’ liability, intellectual property (IP), crime and property damage/business interruption.

When looking ahead, key concerns of risk, legal and security leaders will include: 

1. The use of AI-powered technologies by threat actors to increase the impact, scale or resource-efficiency of cyber attacks, while also facilitating more targeted spear phishing and whaling attacks.  
2. The expansion of cyber risks across enterprise systems and networks, such as the data poisoning of AI models by threat actors to destroy system functionality and data. 
3. IP claims where training data is not sourced from legitimate data sources, or where the data is protected under IP laws. 
4. Ensuring compliance with already onerous privacy and data regulations. For instance, if an organization uses a data set to train an AI model, what happens if that data set includes subjects who later exercise their rights under privacy regulations to be forgotten? 

AI in the Workplace 

When it comes to the workforce, experts forecast that GenAI will help boost productivity, among other positive impacts. With the help of AI inputs for manual, repetitive tasks, the focus of roles could shift to using human cognitive abilities for decision-making, strategic planning and creative thinking.

“AI will bring benefits in transforming the way we work and what we do by pushing human cognitive capabilities to the forefront,” says Ibrahim Gokcen, Chief Data and Analytics Officer. 

One challenge in this evolution is the need for training initiatives so employees can take on these new roles. In fact, almost 44 percent of CEOs believe their workforces will have to develop new skills to equip themselves for AI-driven business environments.⁵

Technology also has the potential to improve the cost and efficacy of health plans, leading to more competitive offerings. Better benefit plans can not only improve workforce health, but also benefit an organization’s employee value proposition — the unique sets of benefits and offerings provided to employees to attract and retain talent — while reducing stress and burnout.

The Cyber Battlefield 

Businesses that rapidly accelerate their operating models and embrace new technologies like AI will expand their digital attack surface in the process, creating new exposures to cyber-related risks.  

Threat actors are taking advantage of these emerging weaknesses and continue to employ novel tactics to strike. Some take part in "big-game hunting" by attacking at a lower frequency in exchange for a bigger payout from an organization. Others practice "spray and pray," where they hit more targets but collect smaller payouts per target. 

Loss figures reflect the resulting damage. Ransomware attacks spiked 176 percent in the first half of 2023, along with the associated impact cost. The price tag of a single enterprise data breach rose to a historic high of nearly $4.5 million. The per-breach cost was even higher (approximately $5.4 million) for companies that reported they did not use AI and automation as part of their security efforts. 

Even with the right hard controls in place, organizations may not be fully prepared to tackle the risks associated with digital transformation if they do not also consider the human element in their processes. “Businesses can have all the security technology, but if they don't have the right processes and governance in place and they're not effectively training their people, vulnerabilities will persist,” says Gokcen. Boards may still debate whether they should involve cyber experts, he adds, while some risk management teams are not properly equipped nor cross-functional — and a growing global cyber security talent shortage could further compound these challenges.⁶

An Outlook on Cyber Risk 

Several drivers are expected to keep cyber risk top-of-mind for leaders in the coming years:  

1. Systemic risks to key strategic industries and infrastructure resulting from the widescale adoption of emerging technology, such as cloud, AI, digital assets and quantum computing
2. Geopolitical tensions and the use of cyber as a tactic to wage electronic warfare
3. An increase in regulatory actions from securities, consumer and privacy regulators  

With the help of technologies like AI, cyber threats will continue to evolve and pose significant threats to organizations and their people — and ironically the human element will remain the weakest link in cyber security frontlines. Phishing maintains its number one spot as the most common vector for initial network access. By 2025, it’s expected that more than half of cyber events will be caused by human factors. 

Unlike some security issues that can be addressed through tools or changes in processes, there are no quick fixes that can change a cyber security culture. As such, programs often fail early due to lack of short-term progress.  

“Changing human behavior is difficult and it doesn’t happen quickly,” says Peckman. “This challenge requires a lot of reinforcement, investment and follow-through.” 

Meanwhile, the sophisticated tools and weapons that threat actors use will continue to evolve. Organizations will need to take a long-term view when addressing the human factors that expose them to cyber risk, which will involve training, as well as reskilling and upskilling initiatives to boost engagement and accountability. Both the curriculum and delivery of cyber training will need to increase employee knowledge and sophistication regarding cyber risks each year, rather than treat cyber security training as a one-and-done exercise. 

Better Decisions with Data and Analytics 

Developments in technology enable more sophisticated data management and analytics, driving better insights and more informed decisions.  

For finance and risk leaders, having a data-driven understanding of the total cost of risk can spark better decisions regarding risk retention and transfer, as well as important consideration of the risks associated with investments in new technologies versus the potential upsides. Many businesses are also thinking about ways to harness the latest developments in data and analytics capabilities to improve the workplace for their employees. 

Data and analytics are used by business leaders across industries to: 

• Refine risk management
  Data and analytics are helping risk leaders create an accurate risk profile that allows companies to gain insights from across the organization. These areas include historical loss experience, benchmarking, premiums, loss retention, supply chain mapping and contingent time element exposures. 
• Mitigate rising medical costs
  Companies can collect and analyze data to design an effective benefit program. Knowing what drives claims, understanding employees’ use of benefits and even having substantial data around employees’ time off can help direct a strategic benefit strategy. 
• Invest responsibly
  Investors concerned with the impacts of climate on their portfolios can integrate climate and catastrophe insights as part of the investment process. These risks can be quickly priced into markets and securities as new information becomes known. 

An Outlook on Data and Analytics  

Data is the cornerstone of decision making and will be increasingly critical in the coming years. An up-and-coming data trend identified in Aon’s Transformative Trends report known as prescriptive analytics, provides decision options for taking advantage of a future opportunity or mitigating a future risk. There are overlaps with AI too, as machine learning algorithms are used to determine possibilities. 

More broadly, the use of data will continue to be important in the tracking of environmental, social and governance (ESG) metrics as regulatory and stakeholder scrutiny intensifies. 

“Reporting and data will gain even more importance as organizations strive to make an impact on their emissions and other climate-related goals,” says Gokcen.  

Many firms still don't have the capabilities to collect this data across the enterprise — not just for themselves, but also for their partners and suppliers — and could look to make investments in this area for the future. 

Experts also predict that data and analytics will help improve the employee experience. For instance, when it comes to healthcare enrollment, most employees have little guidance to help them make better choices for their unique circumstances. In the future, recommendations could be based on individual data points, previous benefit choices and what people in similar situations have selected. 

Of course, there are privacy issues that go hand-in-hand with the application of data and advanced analytics in employee populations. According to Doug Melton, Head of Client Analytics for Human Capital, a key concern for organizations now and in the future occurs when that data is exchanged between an employee and their company, and then an insurance carrier or a hospital. “It's very easy for that data to get moved into the wrong hands, so protection of personal data should be a number one priority,” adds Melton. 

How Businesses Can Prepare for Change 

The adoption and integration of AI, the evolving cyber landscape, and the role of data and analytics are all intrinsically linked. These technologies underscore three opportunities that businesses can take advantage of to navigate change. 

Opportunity 1

Manage a Rapidly Evolving Risk Landscape   

Companies can use a variety of risk mitigation and risk transfer tools to navigate a complex cyber risk environment, including: 

• Implementing data analysis and modeling to benchmark risk and understand the financial impact of a cyber incident  
• Conducting cyber risk quantification exercises to understand the cyber exposures involved with implementing technologies