The New Riskonomy

Conclusion and recommendations

Risk isn’t trivial; the consequences of underestimating organisational exposure are real and potentially severe. Technology risk management can only take an organisation so far if its leaders aren’t clear on where the threats are coming from or how to respond.

Securing sustainable business success in the new riskonomy requires business leaders to maximise the transformative opportunities that tech innovation presents, by confidently minimising the risks.

Despite identifying data management, digital skills gaps and misuse of generative AI as top concerns, C-suite and GCs rank internal systems and processes below the macro factors and their network as the biggest source of risk exposure.

In the complex new riskonomy, knowledge is the winning hand; business leaders can’t afford to leave their future up to chance.

Hogan Lovells’

insights

Just because data, skills and tools are within the remit of the organisation doesn’t automatically mean they are being addressed. An important step in cybersecurity and minimising other technology-associated risks is ensuring your own house is in order. Work with legal counsel to ensure the appropriate strategies and policies are in place, and take proactive measures to anticipate and manage problem areas.

Although a third of C-suite and GCs are uncertain whether their suppliers can identify and mitigate cyber security and data management vulnerabilities, generally, network risk exposure is lower than risks emerging from the macro environment or inside the business.

Hogan Lovells’

insights

Partnerships and dependencies will always involve a certain level of risk. Where second-party risk is difficult to manage or account for, it may be that a certain level of expected exposure is accounted for in risk planning.

C-suite can work with General Counsel and external legal support to make sure thorough due diligence is carried out and everyone is satisfied that compliance and regulations are being met. Consistently assessing the tech risk profile of relevant suppliers will offer additional peace of mind.

At the same time, given that network risk exposure is revealed to be lower than that from purely external and internal sources, business leaders may want to consider what practices they can take from their supply chain risk management to apply elsewhere in the organisation.

It’s important to recognise that technology offers opportunities for optimisation and competitive advantage, but also that the associated policies and processes require careful consideration, communication, testing, auditing, refinement, and learning.

Hogan Lovells’

insights

Investing and utilising new available technologies yourselves is the only way you’re going to be able to manage the complexities surrounding tech risk. Technologies can be used to support and enhance your compliance team, which will be key in building resilience and a strong corporate performance in the new riskonomy.

People continue to play a strategic role in organisational growth, even amidst rapid technological change. Ensuring that employees collectively and individually have the skills to thrive in the new riskonomy will support the long-term sustainability of the business. Similarly, being conscious of early technology adoption amongst the workforce can be promoted or discouraged, but in either case it should be governed.

Hogan Lovells’

insights

Technology will continue to evolve rapidly, and investigating new opportunities can help organisations secure a competitive advantage. However, business leaders will need to stay alert to the associated challenges and consider implementing policies or safeguards even for tech they are not yet adopting.

When businesses span multiple sectors and/or markets, vulnerabilities can multiply. Following technology-related laws and regulations is increasingly difficult across jurisdictions, so expert insight is usually imperative for understanding and managing those risks.

Hogan Lovells’

insights

Accepting that regulations will constantly change and evolve is the first step in being able to get ahead. Utilising experts with knowledge in specific jurisdictions and sectors will enable you to understand where they differ and how they impact your business. A solid foundation will act as a huge accelerator as organisations look to grow and expand into new and different markets.

When it comes to cyber-attacks, preparation protects the business from what can’t be prevented. Having a practiced and formalised response to threats not only minimises the risk, it positions your organisation more favourably should it come to crisis management or litigation.

Hogan Lovells’

insights

Conducting a cyber health check will be hugely valuable. It provides a safe place for individuals and teams to understand their roles in times of crisis, as well as identify any risks or holes in your strategy before it is too late. Scenario planning can help business leaders develop their preferred approaches to heightened situations, enabling them to act more quickly in the event of an incident, potentially reducing financial and reputational loss.

Ultimately, strategies for reducing tech risks will be specific to an organisation’s areas of exposure. Our Riskonomy Radar can indicate where a business is most vulnerable, and help business leaders identify areas that are being underestimated. In the complex new riskonomy, knowledge is the winning hand; business leaders can’t afford to leave their future up to chance.