Enterprise risks run the gamut -- from threats to cybersecurity to an organization's ability to adapt quickly.
Top executives believe that the greatest enterprise risks facing organizations today are the rapid pace of disruptive innovation, internal cultural resistance to change, regulatory challenges, and cyberterrorism. Combating these risks will be an ever-present concern in 2018, according to new research.
Identifying the top risks for 2018 is the focus of the report presented by North Carolina State’s Poole College of Management. The report is based on a survey of 728 executives and board members in a cross-section of industries across the world.
Respondents were asked to gauge the severity of potential impacts of 30 risks on their organizations. While there are variances based on location, industry, and institutional role, there are trends that emerge regarding which risks are top of mind among the executives.
The risks are further categorized in three areas:
- Macroeconomic risks, which are most likely to affect the organization’s growth potential
- Strategic risks, which can adversely impact the validity of strategic assumptions for pursuing growth
- Operational risks, which can hinder key functional areas as organizations seek to grow
Here is a deeper dive into each of the top identified risks.
- The Speed of Disruptive Innovation
The economy and regulatory oversight have sat atop the list of risks in each previous iteration of the survey, until this year. Disruptive innovation now holds the crown, with 67 percent of respondents indicating it would have a significant impact.
The concern is that the rapid pace of innovation and new technologies can overtake organizational capacity and ability to respond and keep up. In a few short years, technologies have disrupted multiple industries.
Consider the impact the Internet of Things, powerful analytics programs, automation, augmented reality, and 3D printing are having on companies in multiple industries. As these technologies evolve and new ones emerge, companies are faced with pondering the impact on business processes and, in some cases, entire business models. At the same time, nontraditional players are entering traditional industrial spaces, adding further disruption and threatening market share and, for some organizations, their very existence.
- Corporate Culture
Corporate culture issues often present a considerable risk, especially if organizations have an inherent resistance to change. Executives are focusing more attention on their organization’s adaptability and willingness to respond quickly and changing business processes or business models, ever-mindful of organizations that have failed to heed the signals that changes are imminent and necessary for long-term success.
Similarly, business leaders found mounting concern that their companies would not be able to identify and respond to the risks that may manifest. Sixty-one percent of respondents reported this as a significant risk to the enterprise.
- Cyber Insecurity
There are stories every day about the need for better cyber protections, with mounting concern about how such disruptive events could impact a wide swath of an organization. There are, of course, the most pressing issues related to cybersecurity, namely, protecting corporate and customer data and intellectual property.
Just as urgent, and contributing to the risk assessment, is the need to have response plans in place that ensure operational continuity, with minimal downtime and impact on applications, customers, and consumers. Related is the need to ensure that communications and response plans are developed, honed, and practiced, ready to be put into action when needed.
Finally, a major component of cyber threats is the potential loss of brand reputation that can arise as companies struggle to maintain credibility in the aftermath of a catastrophic data breach event. This risk is, not surprisingly, uniformly high across company sizes, industry groupings, and respondent roles.
- Regulatory Oversight
Pharma and food and beverage industries have faced increased demand from regulators across the world in recent years, requiring more systematic monitoring, reporting, and inspections.
Regulatory issues have been a top-2 identified risk in every previous iteration of the survey but dropped to fourth this year. It is still an issue top of mind for many executives, who continue to worry about the burdens these regulations place on company systems and bottom lines as investments need to be made in monitoring, tracking, and reporting systems, while a lack of compliance can add fines and other penalties to the cost.
The report’s authors also surmise that the issue may have dropped in some assessments, especially among U.S. organizations, due to political gridlock and early signs that the presidential administration is seeking to reduce the regulatory burden on companies.
- Geopolitical Instability and Terrorism
The dire reality is that in many regions of the world, there is a high degree of political uncertainty and conflict. This presents two types of risks. First, there is the challenge related to unstable regimes that may change at any point, putting companies and their employees at great risk.
The second is the ever-present specter of terrorism, both on a global and local scale. Corporations have been the target not just of cyber attacks but physical assaults as well. Knowing how to keep employees safe and secure continues to be a powerful challenge for companies that face known and unknown terrorist threats.
The global impact of shifting trade agreements, regulations, and political instability are top risks, according to a recent report.
Other Top Threats
As noted, the report tracks responses to 30 different risks. Among the other top-10 identified risks were:
- Succession planning or the ability to attract and retain talent is lacking at some organizations, which can hinder continuity, growth, and achievement of strategic objectives.
- Security preparations provide a challenge for organizations, specifically around identity management, privacy management, and the related issues of system protection and access.
- Economic uncertainty can hinder the opportunities for growth, especially global market and currency volatility. Companies worry about being able to access capital and liquidity to promote growth.
- Data insights are lacking in some organizations that cannot leverage the capabilities of big data and analytics programs. Leveraging these tools would result in improved operational efficiency, market intelligence, and better business decisions.
- Competing with digital is an issue for companies that are more traditional in their makeup, competing against companies that were “born digital.” These traditional companies may not have the performance flexibility to improve quality, reduce time to market, lower costs, and innovate. Their competitors often also have a lower cost basis.
A Collection of Risks By Type
Below is a list of other risks issues articulated in the report, sorted by category.
- Macroeconomic Risks
- Significantly low interest rates that can impact operations
- Anticipated labor cost increases that threaten profitability targets
- Uncertain political leadership that can hamper growth
- Potential changes to global trade policies that may adversely hinder the ability to operate in international markets
- Imprecise health care insurance policies that could affect costs and growth
- Strategic Risks
- Ease of entrance of new competitors that threaten market share
- Retaining customers and customer loyalty as customer preferences and expectations evolve and the customer base demographics vary
- The impact of social media and mobile or desktop applications that can erode brand identity, customer relationships, and regulatory issues
- Shifting customer expectations and preferences, shaped by social and environmental factors that may be elusive and hard to pinpoint
- Ability to respond to crises that threaten reputation
- Difficulty in growth via acquisitions, joint ventures, and other partnerships
- Limitations in organic growth via enhancements or customer acquisition
- Alternative products and services that threaten business models and strategic objectives
- Shareholder activism against the organization that can affect strategic plans
- Operational Risks
- Inability to obtain appropriate, affordable insurance coverages for previously insured risks
- Overreliance on outsourcing, strategic sourcing, IT vendors, joint ventures, and partnerships that can hinder meeting targets
- Supply chain challenges due to lack of supplier visibility or supply scarcity
Addressing and Managing Risk
To manage the many potential risks that threaten business operations, strategic objectives, and future growth, companies need dynamic tools to monitor, measure, and track risks. At Continuity Logic, we provide our customers with a single solution that enables comprehensive risk management. Our platform includes multiple components that will provide for efficiency, planning, response, and business continuity.
The key features include:
- Business continuity management enables users to manage the planning and monitoring of business continuity. Dependencies can be captured in real time, an extensive library of templates is available, and dynamic dashboards allow for sound project management.
- Disaster recovery management provides automated management of disaster recovery, including dependency mapping, dashboards, and real-time gap calculation. The module allows for task distribution, leadership notification, and plan population, too.
- Incident management offers a virtual command center that can calculate the downtime, tasks, and impacts of failed processes, suppliers, or technologies.
- Crisis management enables mobile access to plans and tasks, integration with GPS mapping programs, and enterprise views of the crisis and resolution efforts.
- Enterprise risk management uses a risk assessment tool and scorecard to measure and track internal risk appetite, generate heat maps, and create enterprise-wide dashboards.
- Vendor risk management captures third-party risks, including contracts, service level agreements, and scorecards.
- Cybersecurity creates a security environment where business can remain resilient during a breach. Integrating cybersecurity and business continuity management allows organizations to prepare customers, respond to incidents, recover operations, and identify and respond to threats in an integrated space.
Contact us to learn more about how Continuity Logic’s integrated risk management software platform can help identify, address, and respond to risks within your organization.