AI is everywhere these days—and that means so is AI risk.
Among S&P 500 companies, 72% mentioned AI as a material risk on their Form 10-Ks this year, the Conference Board found, up from 58% last year and 12% in 2023. The shift is reflective of how AI use within business has matured from the experimental to the widespread, the organization wrote in a report. (The Conference Board’s report defines “AI” broadly, including not only LLMs but also robotics, automation, machine learning, and other types of AI.)
The companies most likely to disclose AI risk were those in “frontline adopter” industries, such as the finance, healthcare, industrial, IT, and consumer discretionary sectors.
S&P companies were most concerned about the reputational risks of AI, the Conference Board reported; 38% of them disclosed potential reputational threats from AI on their 10-Ks. Forty-five companies mentioned “implementation and adoption” risks, such as overpromising on AI projects or AI not meeting expectations, while 42 stated that consumer-facing AI was a risk. Other reputational risks companies mentioned included privacy and data risks, hallucinations, competitive threats, and issues with bias and fairness.
One in five S&P companies mentioned AI-related threats to cybersecurity as a risk on annual filings. While 40 companies simply stated that cybersecurity in general was a risk, 18 called out third party or vendor risks, and 17 said data breaches were a risk.
Companies also foresaw potential compliance risks from AI. Forty-one listed “evolving regulation and uncertainty” as a risk area, and some specifically referred to the EU AI Act, which has steep penalties for noncompliance.
This report was originally published by CFO Brew.
