News Roundup: 90% of Businesses Face Elevated Risk Levels Over Technology

CCI staff share recent surveys, reports and analysis on risk, compliance, governance, infosec and leadership issues. Share details of your survey with us: editor@corporatecomplianceinsights.com.

Hogan Lovells: 90% of businesses face moderate to high levels of risk associated with technology

Most companies are revisiting, improving and urgently investing in their technology risk management practices, according to survey findings by global law firm Hogan Lovells, which solicited opinions from 1,500 C-suite executives, general counsels and compliance officers from the U.S., Europe, China and Brazil. The reason for companies’ swift action is clear: More than nine in 10 (91%) are exposed to moderate or high levels of technology-related risk, according to the firm’s report, “The New Riskonomy.”

Still, while almost all companies surveyed have elevated risk levels around technology, the report found that two-thirds of leaders say they could be taking more proactive approaches to these risks.

“Companies across industries are racing to gain a competitive edge through the use of emerging technologies such as blockchain, IoT and AI,” said Des Hogan, the firm’s global head of litigation, arbitration and employment. “At the same time, every transformative technology also presents risk — and these risks can be business critical.” 

A few other key findings:

• 43% of leaders at organizations that have banned the use of generative AI do not believe any additional policies are required. 
• 38% of organizations that allow the use of generative AI have created their own bespoke generative AI system, perhaps to be more cautious while still innovative.
• Over a third (36%) of C-suite and compliance leaders identify their organization’s cybersecurity strategy as being in its infancy, considering themselves to have a high level of exposure to cybersecurity threats. This was highest in tech and telecoms (45%) compared to 30% of manufacturing organizations.

Kroll: Business email compromise remains most common threat incident

The first quarter of 2024 saw a slight increase in business email compromise, which remains the single most common threat incident vector companies face, according to research by advisory firm Kroll, which also found that ransomware declined slightly in the same period.

According to Kroll’s Q1 report, Cyber Threat Landscape — Insider Threat & Phishing Evolve Under AI Auspices, professional services were the most-targeted sector, accounting for nearly one-quarter of cases. 

While ransomware declined over the previous survey period, which was Q4 2023, email compromise rose by about four percentage points, accounting for more than half (53%) of incidents Kroll examined.

Report: Online payments industry still top target for ID theft

The online payments sector accounted for 62% of ID theft attempts among millions of transactions analyzed by ID verification provider AU10TIX, which noted that while payments are still the biggest target, online gaming is rapidly rising, growing by more than 200% since late last year.

Fraudsters have increasingly targeted the payments sector over the past year, viewing it as a soft target due to its limited regulation, AU10TIX’s first-quarter 2024 report found. Since Q1 2023, the sector’s share of overall global identity fraud has grown from 39% to 62%, and AU10TIX analysts expect this trend to continue until the sector becomes more regulated.

The report also compares the frequency of different fraud documents and modes, including document number, personal data, face picture, image template and selfie capture. U.S. passport ID cards continue to be the most forged documents, with fraudsters often using AI and deepfake technology in their ID theft attempts.