Canadian Underwriter
News

Cyber, regulatory risks top of mind for directors, senior executives: Survey


February 10, 2015   by Canadian Underwriter


Print this page Share

Executives for organizations surveyed “continue to have significant anxiety” about regulatory risk, while most see reliance on technology as a “significant risk threat,” suggests a report announced Monday by Protiviti Inc. and the enterprise risk management (ERM) initiative at North Carolina State University.

The report, Executive Perspectives on Top Risks for 2015, was based on a survey of 277 executives and board members and published by Protiviti and the ERM Initiative in the Poole College of Management at North Carolina State University. This was the third year of the survey.

Each respondent was asked to rate 27 risk issues on a scale of one to 10, where a score of one reflects “no impact at all” and a score of 10 reflects and “extensive impact” to their organization over the next year. Nearly a third of respondents were chief risk officers.

Chief risk officers were among executives surveyed on their perceptions of risk by Protiviti Inc. and the enterprise risk management (ERM) initiative at North Carolina State University. 

Of all respondents, more than half – 53% – gave a rating of 6 or more to the statement: “Our organization may not be sufficiently prepared to manage cyberthreats that have the potential to significantly disrupt core operations and/or damage our brand.”

That risk ranked third in this year’s survey, with 14% of respondents rating it 5 and a third rating it 4 or less.

“Following a string of data breaches in the past year, cyber threats jumped to number three this year, up three rank positions in year-over-year survey results, reflecting increased concern about operational and reputational damage associated with potential breaches,” Protiviti and NC State said in a release.

“Given publicity about data breaches at major retailers, global financial institutions and other high-profile companies, most executives recognize the need for ‘cyber resiliency,’ realizing it is not a matter of if a cyber risk event might occur, but more a matter of when it will occur,” according to the report. “With the apparent level of sophistication of perpetrators and the impact breaches can impose, most organizations recognize the significant risk threat linked to their reliance on technology for executing their global strategies.”

The top risk related to regulation.

Two-thirds of respondents gave a rating of 6 or higher to the following statement: “Regulatory changes and heightened regulatory scrutiny may affect the manner in which our products or services will be produced or delivered.” About one in 10 (11%) rated it 5 while 22% rated it 4 or lower.

“While the level of concern about this risk is not as high as the prior year, this risk is at the top of the list for all three years that we have conducted this survey, suggesting companies continue to have significant anxiety that regulatory challenges may affect their strategic direction,” Protiviti and NC State said in the report. “The stakes are high since, without effective management of regulatory risks, organizations are reactive, at best, and noncompliant, at worst, with all of the attendant consequences. Even marginally incremental regulatory change can add tremendous cost to an organization, and the mere threat of change can create significant uncertainty that can hamper hiring and investment decisions.”

Ranking seventh this year was “ensuring privacy/identity management and information security/system protection may require significant resources for us.” More than half (52%) of respondents gave this risk a rating of six or more.

Of the respondents, 206 were in organizations with revenues with more than US$100 million. Sixteen were on the boards of directors, 20 were chief executive officers, 19 were chief financial officers, 87 were chief risk officers, 70 were chief audit executives, 30 were “other C-suite” executives and 35 were others.

Other risks that made the top 10 in this year’s survey were:

  • Economic conditions in markets we currently serve may significantly restrict growth opportunities for our organization (2nd)
  • Our organization’s succession challenges and ability to attract and retain top talent may limit our ability to achieve operational targets (4th)
  • Our organization’s culture may not sufficiently encourage the timely identification and escalation of risk issues that have the potential to significantly affect our core operations and achievement of strategic objectives (5th)
  • Resistance to change may restrict our organization from making necessary adjustments to the business model and core operations (6th)
  • Our organization may not be sufficiently prepared to manage an unexpected crisis significantly impacting our reputation (8th)
  • Sustaining customer loyalty and retention may be increasingly difficult due to evolving customer preferences and/or demographic shifts in our existing customer base (9th); and
  • Our existing operations may not be able to meet performance expectations related to quality, time to market, cost and innovation as well as our competitors (10th).

Protiviti is a consulting and internal audit firm owned by Robert Half International Inc. Faculty members with the Enterprise Risk Management (ERM) Initiative in the Poole College of Management at NC State work with boards of directors and senior managers to help “link ERM to strategy and governance, host executive workshops and educational training sessions, and issue research and thought papers on practical approaches to implementing more effective risk oversight techniques.”


Print this page Share

Have your say:

Your email address will not be published. Required fields are marked *

*