The New Riskonomy

About this
report

The Riskonomy Radar Methodology

Benchmarking organisational technology risk exposure

Using business leaders’ responses to a number of benchmarking data points from our research, our Riskonomy Radar reveals an organisation’s exposure to technology risk, mapping it to one of three ranges:

Prioritise &
invest

Indicates high exposure to tech risk, suggesting businesses will be vulnerable if they do not urgently prioritise and invest in their tech-risk management.

Revisit & improve

Indicates moderate levels of tech-risk exposure – it’s recommended that businesses revisit their strategy and improve current practices.

Continue & monitor

Indicates low levels of tech-risk exposure and suggests businesses can maintain current practices and monitor for any changes.

In the research, we included key benchmarking questions to gauge organisations’ performances in key areas for technology-associated risk. Scores were applied to each of the answers to the benchmarking questions, with a low score for poor performance (high risk) and a high score for strong performance (low risk).

This data was then used to assess technology risk exposure across different areas: internal tech risks, network tech risks and macro tech risks.

Internal tech risks

originate from operational processes and systems. This research focuses on data management practices (for example, having a designated team for data management), ungoverned use of generative AI, and a lack of relevant skills in employees.

Network tech risks

emerge when suppliers and partners fail to manage their own risk – exposing the primary organisation by association, connection or dependency. However, these risks (and their impact) can be limited through supplier risk assessment, implementing robust supply chain practices and managing resource scarcity.

Macro tech risks

involve external factors that are beyond an organisation’s control and can impact operational strategy and response – for example, regulation, geopolitics and cyber-attacks.

The maximum score overall is 1,500, subdivided into the 3 areas (internal tech risks, network tech risks and macro tech risks). Internal risks has a maximum score of 436, network risks has a maximum score of 600 and macro risks has a maximum score of 464.

Once the main scoring exercise was completed, segmentation was applied to each of the three areas to demonstrate low, moderate or high risk. The scoring process involved looking at the range of scores between the maximum and minimum values, then subdividing this range into thirds and plotting the respondent scores for each area within these ranges.

Gartner’s Data Governance Maturity Model

Gartner’s maturity model for enterprise information management provides the building blocks to achieve a strong enterprise information (EIM) program. The maturity model will help data and analytics leaders advocate EIM principles and resources within their organisation. The model has 6 phases of maturity, each with its own characteristics and action items.

Credits

The New Riskonomy is based on in-depth research commissioned by Hogan Lovells. The concept and research were designed by Man Bites Dog.


Disclaimer

The information in the whitepaper is provided for guidance and informational purposes only. The information contained herein has been compiled from sources deemed reliable and it is accurate to the best of our knowledge and belief. However, Hogan Lovells cannot guarantee its accuracy, completeness, and validity and cannot be held liable for any errors or omissions, as the results change depending on the working condition/environment. Changes are periodically made to this information and may be made at any time. All information contained herein should be independently verified and confirmed.