5 IT risks CIOs should be paranoid about

4. Third-party data breaches

The CIO’s AI strategies and objectives in driving a data-driven organization result in the addition of many third-party partners, solutions, and SaaS tools. Security and data governance is a growing challenge, and 61% of companies reported a third-party data breach or security incident, a 49% increase over the last year, according to The 2024 Third-Party Risk Management Study.

“Be paranoid about third-party data breaches and security incidents,” warns Brad Hibbert, COO and chief strategy officer at Prevalent. “To reduce the risk of an impactful third-party breach, automate your third-party risk management processes around unified internal controls assessments and continuous cyber monitoring, remediate findings, and leverage new AI tools to simplify workflows and risk analysis.”

Given the growing number of systems hosting enterprise data, the accelerating pace of changes to them, and the frequent policy changes that SaaS providers make to their terms of service, CIOs have every right to be paranoid. GenAI is a new catalyst, and 54% of workers say they rely on AI tools, while 51% have managers that encourage AI usage, according to the AI at work pulse survey. In many organizations, the velocity to add SaaS and genAI tools is outpacing IT, infosec, and data governance efforts. Meanwhile, organizations are managing the risks of just one-third of their vendors, according to the third-party risk management study.