Cyber-Security Remains a Top Concern in the C-Suite
Calls for Better Risk Management
Pressure from boards, volatile markets, intense competition, demanding regulatory requirements, fear of catastrophic events and other dynamic forces are prompting more calls for management to design and implement risk management programs to reduce risks.
Budgeting Risk Management
Most respondents said they are more likely to invest more resources towards risk management this year compared to 2014 and 2013.
Nature of Top Risks Varies
Of the top 10 risks, six represent operational concerns. Three relate to strategic risks and only one relates to macroeconomic issues. The two previous surveys indicated greater concerns over strategic risks.
Risk 1: Regulatory Changes
67% of respondents said the impact of regulatory changes and increased regulatory scrutiny may affect products will be “significant.” 11% and 22% acknowledged a “potential impact” and “less significant impact,” respectively.
Risk 2: Economic Conditions
56% of respondents said they expect a significant impact from economic conditions in their markets that may significantly restrict growth opportunities.
Risk 3: Operations Disrupted by Cyber-Threats
53% of respondents admit that their organization may not be sufficiently prepared to manage cyber-threats that could disrupt core operations and/or damage their brand.
Risk 4: Attracting the Best Personnel
Success and challenges and the ability to attract and retain talent is expected to have a significant impact by 56% of respondents.
Risk 5: Culture Hampers Risk Management
51% of respondents believe their organization’s culture may not sufficiently encourage the timely identification and escalation of risk issues that could affect core operations and their company’s ability to reach strategic objectives.
Risk 6: Resistance to Change
49% of respondents said resistance to change could have a significant impact on their company’s business model and operations.
Risk 7: Ensuring Privacy
52% said ensuring privacy/identity management and information security/system protection may require significant resources, but 40% thought this risk would have a less significant impact.
Risk 8: Unexpected Crises
Of the statement, “our organization may not be sufficiently prepared to manage an unexpected crisis significantly impacting our reputation,” 46% thought it could have a significant impact.
Risk 9: Customer Loyalty
For the statement, “Sustaining customer loyalty and retention may be increasingly difficult due to evolving customer preference,” 48% said it could have a significant impact.
Risk 10: Performance of Operations
Asked whether existing operations may not meet performance expectations for quality, time-to-market, cost and innovation as well as those of customers, respondents’ answers were as follows: significant impact: 46%, potential impact: 13%, less significant impact: 41%.
