Identifying, assessing and prioritizing risk management has been recognized as an essential part of running a business for a long while. As the reliance on technology grows across industries, tech-related risk management has become an especially important fixture of wise organizational planning. And it’s not simply a question of anticipating risks to the technology infrastructure itself; it’s also vital to consider the ways the everyday use of technology can introduce risks to companies’ valuable assets.
Technology has come to play such a large role in day-to-day business operations that it can be a challenge to develop a comprehensive technology risk-management plan. Below, 16 industry experts from Forbes Technology Council share tech-related risks executives frequently overlook or underestimate.
People keep forgetting that all software eventually runs on a piece of hardware. Hardware-based attacks using the supply chain and internal abusers will dominate the future landscape of attacks, as they provide the easiest and most successful path to an enterprise’s crown jewels. While everybody is putting more and more locks on the door, the attackers get in through the window. – Bentsi Benatar, Sepio
Key tech-related risks that are often overlooked
Vendor Risks: Rapid growth can cause companies to overlook third-party risk management, which should include security standards and ongoing audits.
Incomplete Testing and Remediation: Rushed projects often skip thorough testing, leading to overlooked vulnerabilities—especially in security controls.
Risk Accountability: Organizations may accept risk as a business cost but often fail to assign accountability, leaving mitigation efforts unclear.
Data Risk: While financial and operational risks are well-understood, data risks are frequently undervalued. This includes both preventing data loss and leveraging data effectively.
Physical Security Infrastructure: Outdated and siloed physical security systems are often neglected, despite being crucial to protecting digital assets.
Monetary Impact of Cyberthreats: Quantifying the dollar cost of each cyber threat is vital to prioritize risk mitigation strategies effectively.
Hardware-Based Attacks: Bentsi Ben Atar of Sepio warns that attackers are shifting focus from software to hardware. Exploiting the supply chain and internal abuse allows them to bypass software defenses, accessing critical systems through the “window” while organizations lock the “door.”
Technical Debt: Short-term tech decisions can create long-term risk by slowing down future innovation and causing architectural inefficiencies.
Unmonitored SaaS Usage: Employees may adopt third-party apps without oversight, risking data exposure or noncompliance with internal policies.
Lack of Penetration Testing: Skipping regular pen testing leads to undetected vulnerabilities, especially in younger companies.
Incomplete Disaster Recovery Plans: Recovery plans often focus on infrastructure and ignore data—yet access to data is critical for operations continuity.
Poor Change Management: Without strong change-management processes, organizations may struggle to adapt securely to evolving environments and threats.
Neglecting Adoption Planning for New Tech: Without proper onboarding and usability considerations, new technologies may fail to deliver intended value or introduce risk.
Uncontrolled AI Bot Access: AI systems can become entry points for attackers if not governed properly, especially when bots access sensitive information.
Technical Skills Gaps: Legacy systems become liabilities when companies lack the skilled personnel to maintain or upgrade them.
Noncompliance with Data Governance: Hybrid work has led to relaxed data governance, especially with bring-your-own-device practices, risking compliance and data loss.
For more detailed insights, you can read the full article on Forbes:
16 Underestimated Tech-Related Risks Businesses Need to Consider