Skip to main content

Appendix E | Market Size Modelling Methodology

The base case market size modelling herein was developed by averaging the results of the following three methods. Each method differs by utilising alternative underlying datasets and slightly changes to the benchmarks used in the interim calculations.

Below is a short summary of each methodology, the related findings from our research, and the results of the key interim calculations. Additionally, we provide both a discussion on the implicit assumptions embedded in all three methods, as well as a full list of sources containing the quantitative variables discussed below.

Method One:

The simplest and most conservative approach: AIAT as a proportion of the overall AI market.

2023: $2.0 Bn | 2030: $197 Bn | CAGR: 93%

This approach is grounded in the median value for the current and future size of the global market for AI technologies, provided by six global market research firms (e.g., IDC, Precedence Research, Grand View Research): $202 Bn in 2023 and $1.8 Tn in 2030.

From here, we apply established benchmarks that pertain to the proportion of industry revenues dedicated to governance, risk management, and compliance (GRC) expenses. For 2023 and 2030, these were set at approximately 0.8% and 6.5%, respectively.

The latter of these two benchmarks was grounded in comparable statistics from the Banking, Financial Services, and Insurance (BFSI) sector, given our expectations for the AI market to experience a comparable degree of regulation (For more details refer to the discussion note below, titled "GRC comparable from BFSI").

However, given the nascency of AI regulations to-date and limited enterprise risk preparedness, the 2030 benchmark would not be reasonable for 2023.

To discount this mature market benchmark, we assume that AI will see a similar increase in regulatory intensity from 2023-2030 as the BFSI sector saw in the years following the Global Financial Crisis. This results in a 700% adjustment, bringing the 2023 GCR expense allocation to 0.8%, a figure far closer to the current state of affairs for AI regulations.

Next, we apply benchmarks for the degree of related spending that is typically outsourced or allocated towards independent third-party businesses (i.e., AIAT companies in our case): 37% and 51%, for 2023 and 2030, respectively. These amounts are derived from Finance and IT sector market comparables, as well as subject-matter advisor input.

Moreover, the trend towards a larger proportion of third-party business, reflects our expectations that maturing markets will shift spending for both compliance and efficiency reasons(e.g., the Trust & Safety services market).

Finally, we extrapolate our estimate—which was previously only focused on the AI industry itself—to include other sectors implementing AI as well. This extrapolation is grounded in the expectation that these additional AI-adopting sectors will contribute approximately 70% of the overall demand for AIAT.

Method Two:

The most assumption-heavy and optimistic approach: AIAT based on AI-driven growth in other assurance industries.

2023: $0.5 Bn | 2030: $362 Bn | CAGR: 153%

This modelling method estimates the AIAT market size by apportioning the growth of existing, comparable industries, including but not limited to: hardware security, cybersecurity, data management, financial auditing, incident response, enterprise GRC platforms, trust and safety, and more.

We start by researching the current market size of each industry and subsequently forecast their growth based on global market research firm data. We arrive at a total of $965 Bn in 2023, and $2.4 Tn in 2030.

Next, we estimate the degree to which each of these markets' growth is attributable to a widening scope of offerings related to the risks of AI technologies (i.e., solutions to safeguard, audit, govern, and verify). To arrive at this figure, we multiply the market size of each comparable assurance industry by:

  • the % of current assurance companies technologically-savvy enough to offer AI-related assurance services;
  • the % of their existing customer base that will adopt AI technologies and require assurance;
  • the % of those customers familiar with the risk management implications of AI;
  • the % of those customers that are investing in GRC programs; and
  • the % of each comparable industry that is oriented towards assurance or GRC -related spending.

The first variable is approximated by taking the square (^2) of each assurance industry's AI adoption rates. Squaring, while an imperfect approach, acts as a proxy for the technological-savviness to have integrated AI risks into their assurance offerings (or have pre-existing offerings relevant to AI risk mitigation).

This assumption amounts to nearly 10% in 2023 and 58% in 2030). Due to the influence of this assumption on the final estimates, we also vary the amount in the market sensitivity analysis to understand the low and high alternatives.

The subsequent three variables are derived from industry surveys listed in the references below. And lastly, the fifth variable is applied to apportion the assurance-related share of industries that were not wholly oriented towards safeguarding, auditing, governing, or verifying (e.g., data management) data by applying the 0.8% and 6.5% GRC benchmarks from Method One.

The final product of the above five-step calculation results in a factor of 0.06% for 2023 and 15.4% for 2030. This factor represents our estimated proportion of assurance industries' sales resulting from AI-related solution offerings in 2023 and 2030. The near-zero figure for 2023 reflects the limited awareness, compliance and enforcement around AI risks at present.

Due to the complicated assumptions and the optimistic projections for 2030, we consider this model potentially the most optimistic scenario. However, we also recognize that the methodology may be conservative due to likely correlations or double-counting of the factors used to attribute the impact of AI on assurance.

Method Three:

A moderately-detailed approach and our highest confidence method: AIAT derived from AI adoption in downstream sectors.

2023: $2.3 Bn | 2030: $269 Bn | CAGR: 97%

Our third AIAT market sizing approach is predicated on the adoption of AI-centric technologies across major global sectors—i.e., the future customers of AIAT players. Likewise, we begin by aggregating datasets and projections for consumer goods and retail, financial services, healthcare and pharmaceuticals, technology, media, and telecommunications, manufacturing and advanced industries, and more.

These underlying figures total $79 Tn in 2023, and $138 Tn in 2030.

For each sector, we then estimate the share of revenues allocated towards IT budgets as well as the share of those budgets allocated to AI technology. Roughly-speaking, the former proportions remain mostly constant with some slight growth; whereas the latter proportions grow substantially—with AI spending rising from an average of one-twelfth, up to one-third of budgets.

While we arrive at different proportions for each industry, the product of these two benchmarks produces a weighted average for the proportion of revenues spent on AI technologies of 1% and 4% for 2023 and 2030, respectively.

Next we apply the estimates for the share of AI budgets allocated towards GRC spending, as well as the share of AI GRC spending spent on third-party products and services (as opposed to in-house governance and risk management programs). Our designated base case benchmarks for GRC spending in 2023 and 2030 are 0.5% and 6.5%, respectively.

And our benchmarks for the share of these budgets outsourced or spent on third-party solutions is 37% and 51%, for each year—same as in Method One.

Finally, the sum total of each sector's contribution to the AIAT market is subsequently divided by our estimated ratio of AIAT customers that are non-AI companies: 70%. This assumed ratio is derived from interviews with subject-matter advisors and is supported by comparisons between Method One and Method Three.

Discussion of methods and assumptions:

Included in the above methods were implicit modelling design choices and informed assumptions about the current and future AI Assurance Tech market dynamics. Some noteworthy model characteristics include:

  • “External”, “outsourced”, and “third party”: For clarity, we use outsourcing, external solution provider, and third-party interchangeably to refer to external companies or individuals with whom organisations may establish a business relationship—and in our case these third-parties are AIAT companies. This report is focused on sizing the market opportunity for independent or third-party marketable products and services; to do so, we estimate the total potential AIAT revenues by determining the share of wallet that addressable companies may allocate towards external solution providers. That said, it is worth noting that the governance of AI technologies extends far beyond the AI Assurance Tech market, with a range of implications for chip makers, cloud computing providers, AI labs, downstream developers, private sector enterprises, insurance companies, public sector institutions, and so on.

  • The years 2023 and 2030: The former allows for comparisons to global market research firms leveraging recent or historical data points, given it is the most recent year to have passed. This enables partial validation of the modelling methodology, given the convergence between our 2023 calculations and a similar range of figures from secondary sources (i.e., global research firm insights on the AI TRiSM market). The latter allows ample time for regulations to mature and be implemented to the point of being enforceable, and it also coincides with the typical five to seven year time horizons of startup investing. Additionally, it is important to note that the 2023 figures are not attributable to legislated compliance requirements; instead these figures are representative of forward-thinking voluntary investments in GRC as well as pre-existing assurance industries that are also relevant to advanced AI.

  • Shared benchmarks between Methods: While each modelling methodology starts with a wholly different underlying dataset (e.g., the AI market, existing GRC-related industries, and major global sectors), there are a few shared benchmarks that may influence some of the similarities in the order of magnitude between methods. These benchmarks and estimates are the (i) proportion of revenues allocated to GRC expenses; (ii) the percentage of budgets outsourced versus in-house; and (iii) the AIAT customer ratio of AI companies versus other sectors. Based on our research and expert interviews, we consider it reasonable for these shared metrics to have limited variance across our modelling methods. Any fluctuations in AI regulations and external GRC spending are likely to remain within a confined range. Consequently, these factors, being tightly bound, are unlikely to significantly impact the findings of our model. Lastly, while shifts in the customer base from other sectors to AI companies might alter the market composition, they are not expected to materially affect the overall AIAT market size.

  • GRC comparable from BFSI: Our estimated percentage of governance, risk management, and compliance (GRC) spending was primarily derived from likening AI Governance to the governance practices of the heavily-regulated Banking, Financial Services, and Insurance sectors. Banks are subject to extensive compliance requirements to protect consumers' financial well-being, but banks also invest a considerable amount in risk management capabilities to minimise fraud and other accidents that would damage their public trust and reputation. Similarly, we expect both AI developers and enterprises deploying AI to face not only a minimum degree of legislated GRC spending but also to prioritise strategic investments in governance and risk management for market competitiveness. Since AI and financial services have in common that they are technically advanced industries that [will] play a crucial role in the global economy and society in years to come, we believe that this is a reasonable benchmark.

Method One References

Underlying market size:

Governance, risk management, and compliance:

Outsourcing to third-parties:

Method Two References

Underlying market size:

AI preparedness:

AI adoption rates:

Method Three References

Underlying market size:

Governance, risk management, and compliance:

Share of IT expenditures:

Share of AI expenditures:

Outsourcing to third-parties:

Sensitivity Analysis References: