Evolving Technologies Are Driving Firms to Harness Opportunities and Defend Against Threats

2024 Client Trends Report - Technology Issues

While advancements in AI, cyber and data technology are helping companies operating in an increasingly digital world gain a significant competitive edge, they also introduce new and evolving risks.

Key Takeaways

The rapid pace of technological change is creating expanded attack surfaces and exposing new vulnerabilities.
Artificial intelligence is considerably accelerating organizational growth and development — but leaders need to also be aware of the severity and pace of risks associated with its use.
Actionable analytics are more critical than ever before and will continue to be the cornerstone of making better decisions in a rapidly evolving technological landscape.

Developments in technology have helped organizations unleash operational efficiencies, connect workforces and foster growth. Yet, these advancements have also exposed companies to new and evolving risks, creating winners and losers in the race for digitalization.

Technology Trends: Today and Tomorrow

The key — and in many ways, interconnected — technology trends that are impacting businesses today include:

Evolving AI capabilities introducing challenges and opportunities
Growing cyber risks and the struggle to keep pace with threats
Developments in data and advanced analytics for better decision making

Artificial Intelligence: A Double-Edged Sword

AI is one of the most talked-about topics in an age where exponential technological advancements have changed the business landscape. Eighty-six percent of business leaders around the globe believe generative AI (GenAI) will be transformative for their company and industry.¹ In fact, developments related to GenAI have the potential to add the equivalent of $2.6 trillion to $4.4 trillion annually to the global economy.²

“It is extremely difficult to point to any industry right now and say they're not looking at AI,” says Spencer Lynch, Aon’s global security consulting leader. The technology is being used primarily for operational efficiencies, such as implementing AI-powered chatbots, harnessing AI-powered translation tools and using the technology in office applications. However, AI is also driving new exposures that leaders need to identify and address:

AI-powered translation tools allow scammers to use deepfakes and replicate people’s voices and accents in more languages.
This results in a growing number of fraudulent payments, which is particularly concerning for financial institutions.³Training employees to identify and defend against deepfakes is still a work-in-progress.

The development of AI tools to improve effectiveness requires a large amount of data, which will also need to be relevant and up-to-date.
This leads to concerns over data scraping as a means of pulling large amounts of information from the web. In 2023, data protection and privacy authorities from around the world published a joint statement calling for the protection of people’s personal data from unlawful data scraping. Businesses that participate in illegal data scraping — even unwittingly — will face severe penalties.⁴

Consumer-facing AI technology is directly linked to a rise in safety concerns.
This is especially true for AI applications where personal safety is a concern and where AI is prone to cyber attacks, fraud and biases. Regulators are now taking action against companies that have used AI in deceptive or unfair conduct that harms consumers.⁵

The use of AI by organizations has been evolutionary rather than revolutionary. Some risk officers are still waiting to see how the technology will materially impact organizations. According to Adam Peckman, global practice leader of Cyber Risk Consulting and head of Risk Consulting & Cyber Solutions in Asia Pacific, “Pockets of experimentation and innovation with these new technologies are sometimes occurring outside of established data governance and cyber security practices. In turn, this ‘shadow AI’ is limiting the visibility of an enlarged digital attack surface, among other risks in the AI space.”

An Outlook on an Accelerated AI Future

The speed at which AI is developing means that it could have significant and unforeseen implications for organizations that rank AI in their top 10 future risk lists.

Experts predict that AI will transform the enterprise risk landscape for all industries, introducing new hurdles for many companies and changing the severity and pace of existing risks. These include, but are not limited to, cyber, E&O, employers’ liability, intellectual property (IP), crime and property damage/business interruption.

Developing regulations concerning the use AI is part and parcel of this risk landscape. AI adoption in various business operations, particularly in employment practices, has sparked both interest and regulation by legislators worldwide. Two notable evolving AI-related regulations include the EU AI Act and Colorado AI Act. Transparency requirements are key to the EU regulation, while the Colorado law is introducing third-party and supplier risks, as companies deploying AI systems are also responsible for protecting consumers from any known or foreseeable risks of discrimination involving the technology.

Next Chapter

2024 Client Trends Report

Weather

Read More

When looking ahead, key concerns of risk, legal and security leaders will include:

The use of AI-powered technologies by threat actors to increase the impact, scale or resource-efficiency of cyber attacks, while also facilitating more targeted spear phishing and whaling attacks.
The expansion of cyber risks across enterprise systems and networks, such as the data poisoning of AI models by threat actors to destroy system functionality and data.
IP claims where training data is not sourced from legitimate data sources, or where the data is protected under IP laws.
Ensuring compliance with already onerous privacy and data regulations. For instance, if an organization uses a data set to train an AI model, what happens if that data set includes subjects who later exercise their rights under privacy regulations to be forgotten? As regulations develop further, directors and officers must ensure that risk mitigation strategies focus on overseeing the use of automated tools in business operations.

Threat actors are using AI tools and technology to become more formidable, but our clients are also using AI to counteract the threat. Businesses and the risk management industry need to invest and work together to make sure they win this battle.

Christian Hoffman

Global Specialty and Financial Products Leader

AI in the Workplace

When it comes to the workforce, experts say that GenAI can help boost productivity, among other positive impacts. With the help of AI inputs for manual, repetitive tasks, the focus of roles shifts to using human cognitive abilities for decision making, strategic planning and creative thinking.

In the future, AI will continue to bring benefits in transforming the way we work and what we do by pushing human cognitive capabilities to the forefront.

One challenge in this evolution is the need for training initiatives so employees can take on these new roles. In fact, 22 percent of founders and C-suite executives believe that AI will significantly replace jobs in their field compared to only 11 percent of entry-level employees.

In addition, while 31 percent of founders and C-suite executives believe AI will require new skills, only 17 percent of entry-level employees think so. This divergence suggests a significant disconnect between the direction and needs of the business and the readiness of the workforce to prepare for change.

Technology also has the potential to improve the cost and efficacy of health plans, leading to more competitive offerings. Better benefit plans can not only improve workforce health, but also benefit an organization’s employee value proposition — the unique sets of benefits and offerings provided to employees to attract and retain talent — while reducing stress and burnout.

The Cyber Battlefield

Businesses that rapidly accelerate their operating models and embrace new technologies like AI will expand their digital attack surface in the process, creating new exposures to cyber-related risks.

Threat actors are taking advantage of these emerging weaknesses and continue to employ novel tactics to strike. Some take part in "big-game hunting" by attacking at a lower frequency in exchange for a bigger payout from an organization. Others practice "spray and pray," where they hit more targets but collect smaller payouts per target.

Even with the right hard controls in place, organizations may not be fully prepared to tackle the risks associated with digital transformation if they do not also consider the human element in their processes. “Businesses can have all the security technology, but if they don't have the right processes and governance in place and they're not effectively training their people, vulnerabilities will persist,” says Lynch. He adds that boards may still debate whether they should involve cyber experts, and some risk management teams are not properly equipped nor cross-functional. A growing global cyber security talent shortage could only further compound these challenges.⁶

80%

of employees who use AI tools report increased productivity, particularly in areas like writing assistance, workflow automation and data analysis.

Source: Slack

An Outlook on Cyber Risk

Several drivers are expected to keep cyber risk top-of-mind for leaders in the coming years:

Systemic risks to key strategic industries and infrastructure resulting from the widescale adoption of emerging technology, such as cloud, AI, digital assets and quantum computing
Geopolitical tensions and the use of cyber as a tactic to wage electronic warfare
An increase in regulatory actions from securities, consumer and privacy regulators

With the help of technologies like AI, cyber threats will continue to evolve and pose significant threats to organizations and their people — and ironically the human element will remain the weakest link in cyber security frontlines. Malicious insider attacks have resulted in the highest costs associated with data breaches, at around $5 million, followed by business email compromise, phishing, social engineering and stolen or compromised credentials.⁷ GenAI in particular is giving a leg up to bad actors conducting phishing attacks since the technology makes it easier to produce grammatically correct and plausible messages.

21%

An analysis of reputational crises from a cyber event demonstrated that upwards of 21 percent of shareholder value can erode after a cyber attack.

Source: Aon’s 2023 Cyber Resilience Report

There's no silver bullet yet. People have always been a key factor that is at risk — and they will continue to be a weak spot.

Spencer Lynch

Global Security Consulting Leader

Unlike some security issues that can be addressed through tools or changes in processes, there are no quick fixes to change cyber security culture. As such, programs often fail early due to lack of short-term progress.

“Changing human behavior is difficult and it doesn’t happen quickly,” says Peckman. “This challenge requires a lot of reinforcement, investment and follow-through.”

Meanwhile, the sophisticated tools and weapons that threat actors use will continue to evolve. Organizations will need to take a long-term view when addressing the human factors that expose them to cyber risk, which will involve training, as well as reskilling and upskilling initiatives to boost engagement and accountability. Both the curriculum and delivery of cyber training will need to increase employee knowledge and sophistication regarding cyber risks each year, rather than treat cyber security training as a one-and-done exercise.

Case Study

Building Resilient Digital Supply Chains in the Face of Growing Cyber Risk

Understanding cyber risk, improving visibility of exposures and measuring business impact is top-of-mind for leaders. However, the growth in connected IT and operational systems has created more security vulnerabilities for companies to address to improve the resilience of their digital supply chains.

Recognizing this challenge, Aon helped a global telecom provider get a better view of its IT suppliers and manage third-party risk assessment. In addition to limited visibility of supplier types and services, the company was plagued by shadow IT sprawl, with a configuration prone to cyber vulnerabilities that lacked automation. Aon designed a tool to assess cyber maturity. This allows the client to assess security controls and detect and respond to weaknesses among suppliers. The client also receives a detailed overview of its cyber risks and insight into how current controls are likely to perform against malicious attack profiles.

We need to get to a point where people feel personal accountability for their safety and security with regards to technology — and because this can take decades, leaders need to remain committed for the long game.

Adam Peckman

Global Practice Leader of Cyber Risk Consulting, Head of Risk Consulting & Cyber Solutions, Asia Pacific

Better Decisions with Data and Analytics

Developments in technology enable more sophisticated data management and analytics, driving better insights and more informed decisions.

For finance and risk leaders, having a data-driven understanding of the total cost of risk can spark better decisions regarding risk retention and transfer, as well as important consideration of the risks associated with investments in new technologies versus the potential upsides. Many businesses are also thinking about ways to harness the latest developments in data and analytics capabilities to improve the workplace for their employees.

Data and analytics are used by business leaders across industries to:

Refine risk management
Data and analytics are helping risk leaders create an accurate risk profile that allows companies to gain insights from across the organization. These areas include historical loss experience, benchmarking, premiums, loss retention, supply chain mapping and contingent time element exposures.
Mitigate rising medical costs
Companies can collect and analyze data to design an effective benefit program. Knowing what drives claims, understanding employees’ use of benefits and even having substantial data around employees’ time off can help direct a strategic benefit strategy.
Invest responsibly
Investors concerned with the impacts of climate on their portfolios can integrate climate and catastrophe insights as part of the investment process. These risks can be quickly priced into markets and securities as new information becomes known.

An Outlook on Data and Analytics

Data is the cornerstone of decision making and will be increasingly critical in the coming years. A data trend identified in Aon’s Transformative Trends report known as prescriptive analytics, provides decision options for taking advantage of a future opportunity or mitigating a future risk. There are overlaps with AI too, as machine learning algorithms are used to determine possibilities.

Notably, experts predict that data and analytics will help improve the employee experience. For instance, when it comes to healthcare enrollment, most employees have little guidance to help them make better choices for their unique circumstances. In the future, recommendations could be based on individual data points, previous benefit choices and what people in similar situations have selected.

Of course, there are privacy issues that go hand-in-hand with the application of data and advanced analytics in employee populations. According to Doug Melton, global leader of client analytics for Human Capital at Aon, a key concern for organizations now and in the future occurs when that data is exchanged between an employee and their company, and then an insurance carrier or a hospital. “It's very easy for that data to get moved into the wrong hands, so protection of personal data should be a number one priority,” adds Melton.

How Businesses Can Prepare for Change

The adoption and integration of AI, the evolving cyber landscape, and the role of data and analytics are all intrinsically linked. These technologies underscore three opportunities that businesses can take advantage of to navigate change.

Opportunity 1

Manage a Rapidly Evolving Risk Landscape

Companies can use a variety of risk mitigation and risk transfer tools to navigate a complex cyber risk environment, including:

Implementing data analysis and modeling to benchmark risk and understand the financial impact of a cyber incident
Conducting cyber risk quantification exercises to understand the cyber exposures involved with implementing technologies
Identifying the efficacy of controls currently in place — and what other measures need to be implemented — to reduce the likelihood of a cyber incident
Regularly reassessing the attack surface — stress-test defenses and running attack simulations can identify potential exposures that emerge from evolving cyber infrastructure or any new initiatives, such as the adoption and education of AI
Determining if the organization should and can retain the risk, or if the risk should be transferred to the insurance market to free up capital

Most importantly, “If an organization doesn't understand the balance sheet impact that a cyber event could have, it will be difficult to dedicate the right resources for mitigating the risks,” explains Lynch.

Opportunity 2

Align Risk Capital and Human Capital Strategies

People are often a company’s most valuable asset. Providing growth and development opportunities for the workforce to take responsibility for any transitional technological changes will help companies bring their growth initiatives to life, while retaining critical talent to drive the evolution.

Achieving a mindset shift across the workforce to embrace change, drive growth and take an active role in managing new risks will be the difference between success and failure.

Opportunity 3

Lead with Clarity and Accountability

Stakeholders and the C-suite face complex decisions. If an organization implements a new initiative, such as a new tool or a cyber security culture program, one reason it may not have lasting power with employees is lack of clarity. To confront this challenge, leaders need to distinctly define what problem they’re trying to solve to measure a program’s success.

Technology initiatives encompass areas of responsibility across the C-suite. But with such a vast scope cutting across departments, a lack of clear ownership can lead to no ownership at all. One way to tackle this challenge is to determine which department’s budgets are impacted by the initiative and which team will be able to spend the political capital internally to get people to adhere to the program. With an owner in place who can champion a program, affecting change will become that much easier.

As organizations prepare for the next technology frontier, digital tools and access to sophisticated data and analytics will be critical in helping them stay ahead of the curve on current and future risks. With the pace of change accelerating, technology — if harnessed and managed correctly — can be the catalyst that helps businesses realize their growth goals.

Aon's Capabilities

Cyber Resilience
The global cost of cyber crime is expected to hit nearly $24 trillion by 2027 — almost 3x more than 2022. With cyber threats continuing to rapidly evolve, businesses can leverage these five pillars of cyber security controls to manage their full cyber risk lifecycle and build sustained cyber resilience:
- Assess cyber resilience
- Mitigate cyber threats
- Transfer cyber risk
- Respond to cyber incidents
- Recover from cyber events
At every stage of this journey, Aon acts as a trusted advisor, helping unite stakeholders to make better decisions, and ultimately better safeguard their balance sheets.
Human Capital Analytics

Improving workforce performance is central to ensuring strong business performance. By harnessing and understanding workforce data, organizations can make more informed decisions about where to invest. Aon’s human capital analytics provides companies with the insights they need to protect and grow their business by identifying areas of risk and opportunities for transformation. Importantly, it allows organizations to act quickly — whether that is data analysis to make the right decisions or identifying the practical steps to optimize workforce actions.
Risk Analytics
The rapid evolution of technology, including artificial intelligence, continues to alter the face of businesses. At the same time, technology creates new cyber vulnerabilities.

Risk analytics help identify emerging challenges and new opportunities for transformation, providing leadership teams with the clarity and confidence to make better decisions and mitigate technology-related risks.

Aon's broad range of risk analytics capabilities, which unite organizational data with real-world intelligence, empower organizations to protect and grow their business via tools including:
- Captive feasibility studies
- Claims analytics
- Collateral review
- Cyber risk modeling
- Industry loss rate benchmarking
- Loss reserving and forecasting
- Reputational risk modeling
- Risk appetite modeling and retention analysis
- Risk diagnostics tools like CyQu and Spectrum
- Risk transfer program design, stress testing and funding
Talent Consulting
For businesses to remain profitable while continuing to grow, companies need to connect their business strategy to their people strategy. To build a workforce that ignites innovation and meets the changing expectations of customers, Aon combines market data, powerful tools and advisory expertise. Aon’s talent consulting services help business leaders address HR challenges, such as:
- Hiring the best person for the job
- Salary and Total Rewards package
- Employee retention
- Employee engagement
- Addressing skill gaps
- Workforce transformation
- Workforce resilience
- Employee wellbeing

Next Chapter

Aon’s Thought Leaders

Christian Hoffman

Global Specialty and Financial Products Leader
Spencer Lynch

Global Security Consulting Leader
Adam Peckman

Global Practice Leader of Cyber Risk Consulting, Head of Risk Consulting & Cyber Solutions, Asia Pacific
Doug Melton

Head of Global Client Analytics, Human Capital

¹ Accenture, "Work, workforce, workers: Reinvented in the age of generative AI," January 16, 2024
² McKinsey & Company, "The economic potential of generative AI: The next productivity frontier," June 2023
³ Akila Quinio, “UK banks prepare for deepfake fraud wave,” January 19, 2024
⁴ Information Commissioner's Office, “Joint statement on data scraping and data protection,” August 24, 2023
⁵ FTC Announces Crackdown on Deceptive AI Claims and Schemes, FTC
⁶ NCC Group Monthly Threat Pulse – Review of December 2024, NCC Group
⁷ Cost of a Data Breach Report 2024, IBM Security

This document is not intended to address any specific situation or to provide legal, regulatory, financial, or other advice. While care has been taken in the production of this document, Aon does not warrant, represent or guarantee the accuracy, adequacy, completeness or fitness for any purpose of the document or any part of it and can accept no liability for any loss incurred in any way by any person who may rely on it. Any recipient shall be responsible for the use to which it puts this document. This document has been compiled using information available to us up to its date of publication and is subject to any qualifications made in the document.

The contents herein may not be reproduced, reused, reprinted or redistributed without the expressed written consent of Aon, unless otherwise authorized by Aon. To use information contained herein, please write to our team.