Evolving Technologies Are Driving Firms to Harness Opportunities and Defend Against Threats
While advancements in AI, cyber and data technology are helping companies operating in an increasingly digital world gain a significant competitive edge, they also introduce new and evolving risks.
Key Takeaways
-
The rapid pace of technological change is creating expanded attack surfaces and exposing new vulnerabilities.
-
Artificial intelligence has the potential to considerably accelerate an organization’s growth and development — but leaders need to also be aware of the severity and pace of risks associated with its use.
-
Actionable analytics are more critical than ever before and will continue to be the cornerstone of making better decisions in a rapidly evolving technological landscape.
Developments in technology have helped organizations unleash operational efficiencies, connect workforces and foster growth. Yet, these advancements have also exposed companies to new and evolving risks, creating winners and losers in the race for digitalization.
Technology Trends: Today and Tomorrow
The key — and in many ways, interconnected — technology trends that are impacting businesses today include:
- New AI capabilities introducing challenges and opportunities
- Growing cyber risks and the struggle to keep pace with threats
- Developments in data and advanced analytics for better decision making
Artificial Intelligence: A Double-Edged Sword
AI is one of the most talked-about topics in an age where exponential technological advancements have changed the business landscape. Eighty-six percent of business leaders around the globe believe generative AI (GenAI) will be transformative for their company and industry.1 In fact, developments related to GenAI have the potential to add the equivalent of $2.6 trillion to $4.4 trillion annually to the global economy.2
“It is extremely difficult to point to any industry right now and say they're not looking at AI,” says Spencer Lynch, Global Security Consulting Leader. The technology is being used primarily for operational efficiencies, such as implementing AI-powered chatbots, harnessing AI-powered translation tools and using the technology in office applications. However, AI is also driving new exposures that leaders need to identify and address:
- AI-powered translation tools allow scammers to use deepfakes and replicate people’s voices and accents in more languages.
This results in a growing number of fraudulent payments, which is particularly concerning for financial institutions.3 Training employees to identify and defend against deepfakes is still a work-in-progress.
- The development of AI tools to improve effectiveness requires a large amount of data, which will also need to be relevant and up-to-date.
This leads to concerns over data scraping as a means of pulling large amounts of information from the web. In 2023, data protection and privacy authorities from around the world published a joint statement calling for the protection of people’s personal data from unlawful data scraping. Businesses that participate in illegal data scraping — even unwittingly — will face severe penalties.4
- Consumer-facing AI technology is directly linked to a rise in safety concerns.
This is especially true for AI applications where personal safety is a concern and where AI is prone to cyber attacks, fraud and biases.
The use of AI by organizations has been evolutionary rather than revolutionary. Some risk officers are still waiting to see how the technology will materially impact organizations. According to Adam Peckman, Head of Cyber Solutions, Asia-Pacific, “Pockets of experimentation and innovation with these new technologies are sometimes occurring outside of established data governance and cyber security practices. In turn, this 'shadow AI' is limiting the visibility of an enlarged digital attack surface, among other risks in the AI space.”
An Outlook on an Accelerated AI Future
The speed at which AI is developing means that it could have significant and unforeseen implications for organizations that rank AI in their top 10 future risk lists.
Experts predict that AI will transform the enterprise risk landscape for all industries, introducing new hurdles for many companies and changing the severity and pace of existing risks. These include, but are not limited to, cyber, E&O, employers’ liability, intellectual property (IP), crime and property damage/business interruption.
When looking ahead, key concerns of risk, legal and security leaders will include:
- The use of AI-powered technologies by threat actors to increase the impact, scale or resource-efficiency of cyber attacks, while also facilitating more targeted spear phishing and whaling attacks.
- The expansion of cyber risks across enterprise systems and networks, such as the data poisoning of AI models by threat actors to destroy system functionality and data.
- IP claims where training data is not sourced from legitimate data sources, or where the data is protected under IP laws.
- Ensuring compliance with already onerous privacy and data regulations. For instance, if an organization uses a data set to train an AI model, what happens if that data set includes subjects who later exercise their rights under privacy regulations to be forgotten?
Threat actors are using AI tools and technology to become more formidable, but our clients are also using AI to counteract the threat. Businesses and the risk management industry need to invest and work together to make sure they win this battle.
AI in the Workplace
When it comes to the workforce, experts forecast that GenAI will help boost productivity, among other positive impacts. With the help of AI inputs for manual, repetitive tasks, the focus of roles could shift to using human cognitive abilities for decision-making, strategic planning and creative thinking.
“AI will bring benefits in transforming the way we work and what we do by pushing human cognitive capabilities to the forefront,” says Ibrahim Gokcen, Chief Data and Analytics Officer.
One challenge in this evolution is the need for training initiatives so employees can take on these new roles. In fact, almost 44 percent of CEOs believe their workforces will have to develop new skills to equip themselves for AI-driven business environments.5
Technology also has the potential to improve the cost and efficacy of health plans, leading to more competitive offerings. Better benefit plans can not only improve workforce health, but also benefit an organization’s employee value proposition — the unique sets of benefits and offerings provided to employees to attract and retain talent — while reducing stress and burnout.
The Cyber Battlefield
Businesses that rapidly accelerate their operating models and embrace new technologies like AI will expand their digital attack surface in the process, creating new exposures to cyber-related risks.
Threat actors are taking advantage of these emerging weaknesses and continue to employ novel tactics to strike. Some take part in "big-game hunting" by attacking at a lower frequency in exchange for a bigger payout from an organization. Others practice "spray and pray," where they hit more targets but collect smaller payouts per target.
Loss figures reflect the resulting damage. Ransomware attacks spiked 176 percent in the first half of 2023, along with the associated impact cost. The price tag of a single enterprise data breach rose to a historic high of nearly $4.5 million. The per-breach cost was even higher (approximately $5.4 million) for companies that reported they did not use AI and automation as part of their security efforts.
Even with the right hard controls in place, organizations may not be fully prepared to tackle the risks associated with digital transformation if they do not also consider the human element in their processes. “Businesses can have all the security technology, but if they don't have the right processes and governance in place and they're not effectively training their people, vulnerabilities will persist,” says Gokcen. Boards may still debate whether they should involve cyber experts, he adds, while some risk management teams are not properly equipped nor cross-functional — and a growing global cyber security talent shortage could further compound these challenges.6
An Outlook on Cyber Risk
Several drivers are expected to keep cyber risk top-of-mind for leaders in the coming years:
- Systemic risks to key strategic industries and infrastructure resulting from the widescale adoption of emerging technology, such as cloud, AI, digital assets and quantum computing
- Geopolitical tensions and the use of cyber as a tactic to wage electronic warfare
- An increase in regulatory actions from securities, consumer and privacy regulators
With the help of technologies like AI, cyber threats will continue to evolve and pose significant threats to organizations and their people — and ironically the human element will remain the weakest link in cyber security frontlines. Phishing maintains its number one spot as the most common vector for initial network access. By 2025, it’s expected that more than half of cyber events will be caused by human factors.
21%
An analysis of reputational crises from a cyber event demonstrated that upwards of 21 percent of shareholder value can erode after a cyber attack.
Source: Aon’s 2023 Cyber Resilience Report
There's no silver bullet yet. People have always been a key factor that is at risk — and they will continue to be a weak spot.
Unlike some security issues that can be addressed through tools or changes in processes, there are no quick fixes that can change a cyber security culture. As such, programs often fail early due to lack of short-term progress.
“Changing human behavior is difficult and it doesn’t happen quickly,” says Peckman. “This challenge requires a lot of reinforcement, investment and follow-through.”
Meanwhile, the sophisticated tools and weapons that threat actors use will continue to evolve. Organizations will need to take a long-term view when addressing the human factors that expose them to cyber risk, which will involve training, as well as reskilling and upskilling initiatives to boost engagement and accountability. Both the curriculum and delivery of cyber training will need to increase employee knowledge and sophistication regarding cyber risks each year, rather than treat cyber security training as a one-and-done exercise.
Case Study
Building Resilient Digital Supply Chains in the Face of Growing Cyber Risk
Understanding cyber risk, improving visibility of exposures and measuring business impact is top-of-mind for leaders. However, the growth in connected IT and operational systems has created more security vulnerabilities for companies to address to improve the resilience of their digital supply chains.
Recognizing this challenge, Aon helped a global telecom provider get a better view of its IT suppliers and manage third-party risk assessment. In addition to limited visibility of supplier types and services, the company was plagued by shadow IT sprawl, with a configuration prone to cyber vulnerabilities that lacked automation. Aon designed a tool to assess cyber maturity. This allows the client to assess security controls and detect and respond to weaknesses among suppliers. The client also receives a detailed overview of its cyber risks and insight into how current controls are likely to perform against malicious attack profiles.
We need to get to a point where people feel personal accountability for their safety and security with regards to technology — and because this can take decades, leaders need to remain committed for the long game.
Better Decisions with Data and Analytics
Developments in technology enable more sophisticated data management and analytics, driving better insights and more informed decisions.
For finance and risk leaders, having a data-driven understanding of the total cost of risk can spark better decisions regarding risk retention and transfer, as well as important consideration of the risks associated with investments in new technologies versus the potential upsides. Many businesses are also thinking about ways to harness the latest developments in data and analytics capabilities to improve the workplace for their employees.
Data and analytics are used by business leaders across industries to:
- Refine risk management
Data and analytics are helping risk leaders create an accurate risk profile that allows companies to gain insights from across the organization. These areas include historical loss experience, benchmarking, premiums, loss retention, supply chain mapping and contingent time element exposures. - Mitigate rising medical costs
Companies can collect and analyze data to design an effective benefit program. Knowing what drives claims, understanding employees’ use of benefits and even having substantial data around employees’ time off can help direct a strategic benefit strategy. - Invest responsibly
Investors concerned with the impacts of climate on their portfolios can integrate climate and catastrophe insights as part of the investment process. These risks can be quickly priced into markets and securities as new information becomes known.
An Outlook on Data and Analytics
Data is the cornerstone of decision making and will be increasingly critical in the coming years. An up-and-coming data trend identified in Aon’s Transformative Trends report known as prescriptive analytics, provides decision options for taking advantage of a future opportunity or mitigating a future risk. There are overlaps with AI too, as machine learning algorithms are used to determine possibilities.
More broadly, the use of data will continue to be important in the tracking of environmental, social and governance (ESG) metrics as regulatory and stakeholder scrutiny intensifies.
“Reporting and data will gain even more importance as organizations strive to make an impact on their emissions and other climate-related goals,” says Gokcen.
Many firms still don't have the capabilities to collect this data across the enterprise — not just for themselves, but also for their partners and suppliers — and could look to make investments in this area for the future.
If you're making claims about your climate goals and progress, they have to be backed by accurate data.
Experts also predict that data and analytics will help improve the employee experience. For instance, when it comes to healthcare enrollment, most employees have little guidance to help them make better choices for their unique circumstances. In the future, recommendations could be based on individual data points, previous benefit choices and what people in similar situations have selected.
Of course, there are privacy issues that go hand-in-hand with the application of data and advanced analytics in employee populations. According to Doug Melton, Head of Client Analytics for Human Capital, a key concern for organizations now and in the future occurs when that data is exchanged between an employee and their company, and then an insurance carrier or a hospital. “It's very easy for that data to get moved into the wrong hands, so protection of personal data should be a number one priority,” adds Melton.
How Businesses Can Prepare for Change
The adoption and integration of AI, the evolving cyber landscape, and the role of data and analytics are all intrinsically linked. These technologies underscore three opportunities that businesses can take advantage of to navigate change.
Opportunity 1
Manage a Rapidly Evolving Risk Landscape
Companies can use a variety of risk mitigation and risk transfer tools to navigate a complex cyber risk environment, including:
- Implementing data analysis and modeling to benchmark risk and understand the financial impact of a cyber incident
- Conducting cyber risk quantification exercises to understand the cyber exposures involved with implementing technologies
- Identifying the efficacy of controls currently in place — and what other measures need to be implemented — to reduce the likelihood of a cyber incident
- Regularly reassessing the attack surface — stress-test defences and running attack simulations can identify potential exposures that emerge from evolving cyber infrastructure or any new initiatives, such as the adoption and education of AI
- Determining if the organization should and can retain the risk, or if the risk should be transferred to the insurance market to free up capital
Most importantly, “If an organization doesn't understand the balance sheet impact that a cyber event could have, it will be difficult to dedicate the right resources for mitigating the risks,” explains Lynch.
Opportunity 2
Align Risk Capital and Human Capital Strategies
People are often a company’s most valuable asset. Providing growth and development opportunities for the workforce to take responsibility for any transitional technological changes will help companies bring their growth initiatives to life, while retaining critical talent to drive the evolution.
Achieving a mindset shift across the workforce to embrace change, drive growth and take an active role in managing new risks will be the difference between success and failure.
Related Capabilities
Opportunity 3
Lead with Clarity and Accountability
Stakeholders and the C-suite face complex decisions. If an organization implements a new initiative, such as a new tool or a cyber security culture program, one reason it may not have lasting power with employees is lack of clarity. To confront this challenge, leaders need to distinctly define what problem they’re trying to solve to measure a program’s success.
Technology initiatives encompass areas of responsibility across the C-suite. But with such a vast scope cutting across departments, a lack of clear ownership can lead to no ownership at all. One way to tackle this challenge is to determine which department’s budgets are impacted by the initiative and which team will be able to spend the political capital internally to get people to adhere to the program. With an owner in place who can champion a program, affecting change will become that much easier.
As organizations prepare for the next technology frontier, digital tools and access to sophisticated data and analytics will be critical in helping them stay ahead of the curve on current and future risks. With the pace of change accelerating, technology — if harnessed and managed correctly — can be the catalyst that helps businesses realize their growth goals.
Aon's Capabilities
Next Chapter
-
Cyber Resilience
The global cost of cyber crime is expected to hit nearly $24 trillion by 2027 — almost 3x more than 2022. With cyber threats continuing to rapidly evolve, businesses can leverage these five pillars of cyber security controls to manage their full cyber risk lifecycle and build sustained cyber resilience:
- Assess cyber resilience
- Mitigate cyber threats
- Transfer cyber risk
- Respond to cyber incidents
- Recover from cyber events
At every stage of this journey, Aon acts as a trusted advisor, helping unite stakeholders to make better decisions, and ultimately better safeguard their balance sheets.
-
Human Capital Analytics
Improving workforce performance is central to ensuring strong business performance. By harnessing and understanding workforce data, organizations can make more informed decisions about where to invest. Aon’s human capital analytics provides companies with the insights they need to protect and grow their business by identifying areas of risk and opportunities for transformation. Importantly, it allows organizations to act quickly — whether that is data analysis to make the right decisions or identifying the practical steps to optimize workforce actions.
-
Risk Analytics
The rapid evolution of technology, including artificial intelligence, continues to alter the face of businesses. At the same time, technology creates new cyber vulnerabilities.
Risk analytics help identify emerging challenges and new opportunities for transformation, providing leadership teams with the clarity and confidence to make better decisions and mitigate technology-related risks.
Aon's broad range of risk analytics capabilities, which unite organizational data with real-world intelligence, empower organizations to protect and grow their business via tools including:
- Captive feasibility studies
- Claims analytics
- Collateral review
- Cyber risk modeling
- Industry loss rate benchmarking
- Loss reserving and forecasting
- Reputational risk modeling
- Risk appetite modeling and retention analysis
- Risk diagnostics tools like CyQu and Spectrum
- Risk transfer program design, stress testing and funding
-
Talent Consulting
For businesses to remain profitable while continuing to grow, companies need to connect their business strategy to their people strategy. To build a workforce that ignites innovation and meets the changing expectations of customers, Aon combines market data, powerful tools and advisory expertise. Aon’s talent consulting services help business leaders address HR challenges, such as:
- Hiring the best person for the job
- Salary and Total Rewards package
- Employee retention
- Employee engagement
- Addressing skill gaps
- Workforce transformation
- Workforce resilience
- Employee wellbeing
1 Accenture, "Work, workforce, workers: Reinvented in the age of generative AI," January 16, 2024
2 McKinsey & Company, "The economic potential of generative AI: The next productivity frontier," June 2023
3 Akila Quinio, “UK banks prepare for deepfake fraud wave,” January 19, 2024
4 Information Commissioner's Office, “Joint statement on data scraping and data protection,” August 24, 2023
5 Korn Ferry, “Humans still wanted: The future of work in an AI-driven world.”
6 ISC2, “ISC2 Cybersecurity Workforce Study 2023: How the Economy, Skills Gap and Artificial Intelligence are Challenging the Global Cybersecurity Workforce”
General Disclaimer
This document is not intended to address any specific situation or to provide legal, regulatory, financial, or other advice. While care has been taken in the production of this document, Aon does not warrant, represent or guarantee the accuracy, adequacy, completeness or fitness for any purpose of the document or any part of it and can accept no liability for any loss incurred in any way by any person who may rely on it. Any recipient shall be responsible for the use to which it puts this document. This document has been compiled using information available to us up to its date of publication and is subject to any qualifications made in the document.
Terms of Use
The contents herein may not be reproduced, reused, reprinted or redistributed without the expressed written consent of Aon, unless otherwise authorized by Aon. To use information contained herein, please write to our team.
Aon's Better Being Podcast
Our Better Being podcast series, hosted by Aon Chief Wellbeing Officer Rachel Fellowes, explores wellbeing strategies and resilience. This season we cover human sustainability, kindness in the workplace, how to measure wellbeing, managing grief and more.
Aon Insights Series Asia
Expert Views on Today's Risk Capital and Human Capital Issues
Aon Insights Series Pacific
Expert Views on Today's Risk Capital and Human Capital Issues
Aon Insights Series UK
Expert Views on Today's Risk Capital and Human Capital Issues
Construction and Infrastructure
The construction industry is under pressure from interconnected risks and notable macroeconomic developments. Learn how your organization can benefit from construction insurance and risk management.
Cyber Labs
Stay in the loop on today's most pressing cyber security matters.
Cyber Resilience
Our Cyber Resilience collection gives you access to Aon’s latest insights on the evolving landscape of cyber threats and risk mitigation measures. Reach out to our experts to discuss how to make the right decisions to strengthen your organization’s cyber resilience.
Employee Wellbeing
Our Employee Wellbeing collection gives you access to the latest insights from Aon's human capital team. You can also reach out to the team at any time for assistance with your employee wellbeing needs.
Environmental, Social and Governance Insights
Explore Aon's latest environmental social and governance (ESG) insights.
Q4 2023 Global Insurance Market Insights
Our Global Insurance Market Insights highlight insurance market trends across pricing, capacity, underwriting, limits, deductibles and coverages.
Regional Results
How do the top risks on business leaders’ minds differ by region and how can these risks be mitigated? Explore the regional results to learn more.