(Artificial intelligence) AI-enhanced malicious attacks have once again emerged as the top concern for enterprises, according to research and consulting firm Gartner’s latest risk survey.
The Gartner survey highlights growing anxiety over digital threats, with AI-driven attacks leading the list for the second quarter in a row. New concerns about soft ransomware targets also surfaced as significant risks.
The survey, conducted during the second quarter of 2024, gathered insights from 274 senior risk executives and managers. It highlighted that three out of the top five emerging risks are related to technology, reflecting growing anxiety about the rapid evolution and impact of digital threats.
One of the most significant new risks identified is the rise of soft ransomware targets. These are systems that are particularly vulnerable to ransomware attacks due to underinvestment or accumulated technical debt. Such vulnerabilities can lead to prolonged disruptions in business operations when an attack occurs.
The growing prevalence of ransomware-as-a-service (RaaS) is a key factor driving this concern. RaaS significantly lowers the barrier to entry for cybercriminals, enabling even those with minimal experience to launch impactful attacks at a low cost.
Soft ransomware
“Ransomware-as-a-service lowers the barrier to entry for inexperienced cybercriminals who know just enough about how to attack and disrupt business operations, creating worse impacts than usual when attacks occur,” said Gamika Takkar, director of Research at Gartner’s Risk & Audit Practice.
The consequences of targeting soft ransomware vulnerabilities are severe. Beyond operational disruptions and delayed services, organizations face increased exposure to multi-extortion tactics. These involve not only ransom demands but also threats to sell, publish, or permanently delete sensitive data. The financial burden on organizations can be significant, encompassing direct costs such as ransoms, remediation, litigation, and public relations, as well as indirect costs, including reputational damage and loss of intellectual property.
“The exposure to extortion can impact not just the organization itself, but any and all associated third-parties as well, further underscoring the importance of understanding and preventing such risk,” Takkar said.
Related Stories