The New Riskonomy

Section 4:
Macro risk

Technology at a macro scale presents a number of risks to businesses, but adopting digital advancements can also mitigate external risks and empower business leaders to seize opportunities that fast-track goals and boost productivity.

Riskonomy radar reading

Our Riskonomy Radar supports C-suite and GCs’ belief that external factors present the biggest exposure to tech risk for organisations, with just 8% of responses falling into the low risk range.

8%

High
risk range

75%

Moderate
risk range

17%

Low
risk range

Navigating global uncertainty across the board

International politics is a critical piece of the cyber risk equation, as conflict can trigger increased cyberattacks to steal data, disrupt operations and inflict economic damage. Businesses are sensitive to this:

three in five (61%) of organisations say their business model has changed to some extent over the last three years as a result of geopolitical and economic events.

Geopolitical tensions, such as those between the US and China, have created uncertainty about the direction of restrictions in areas like direct investments, or the sale and development of technology. A lot of companies that have previously operated on a fully integrated basis across their supply chains are now separating, which impacts internal organisational structures as well.

Kelly Ann Shaw, Partner, Global Regulatory

This can manifest in many ways; half (50%) of business leaders have invested in more innovation and technology, and 43% have enhanced their risk management and scenario planning. Over a third (36%) have diversified their supply chain.

But are businesses playing their best hand, or could more be done to protect organisational stability and build resilience in the new riskonomy? Just 15% of organisations have responded to geopolitical and economic events by increasing their outsourcing of resources, and even fewer (13%) have formed more strategic partnerships – key mechanisms that can be used to increase corporate performance. Withdrawing from volatile markets can also reduce exposure to multi-layered legal and tech risks, but only 9% of business leaders say their organisation has done so.

%

My organisation has changed its business model to some extent over the last three years as a result of geopolitical and economic events.

Expert perspectives

Innovating by the rules

Regulation is a key aspect of external tech risk – particularly when an organisation is operating across jurisdictions with inconsistent or conflicting requirements. Ambiguity in any legislation can create confusion over legal obligations, and the rapidly developing rules and restrictions surrounding tech carry heightened risks of non-compliance.

Surprisingly, only 66% of business leaders believe that navigating different, and conflicting, industry regulations heighten the risk of technology use within their organisation. And just 44% are concerned about inconsistent regulations having a significant impact on potential litigation disputes and investigations over the next three years. Just over a quarter (27%) believe it will have no impact or very little impact.

Expert perspectives

The digital defence

Vigilant cybersecurity is more important as the digital environment becomes more complex. Larger organisations can face hundreds of cyber security attacks a day, targeting personal or financial data, trade secrets, or business operational information (confidential or otherwise). Data is the prize asset for all organisations.

A cybersecurity breach – resulting in information theft, unauthorised network access, malware attacks etc. – can result in operational disruption and dire financial, reputational and legal consequences. Penalties include fines, enforcement notices or an investigation from regulators, and breaches can easily lead to litigation or class action.

An effective response to a cyberattack requires identifying its source, containing the damage, recovering the affected systems and then reporting and responding to the damage according to the relevant legislation. Ultimately, prevention is the best strategy, making robust cybersecurity an important element of sustainable business growth.

Business leaders cite cyber security as their second-highest concern when it comes to potential litigation disputes and investigations, but this isn’t translating into action.

Overall

Over a third (36%) of C-suite and GCs identify their organisation’s cyber security strategy as being in its infancy, and consider their organisation to have a high level of exposure to cyber security threats. Just 12% of GCs say their organisation has a mature and sophisticated cyber security strategy and is proactive in safeguarding against cyber security threats.

Cyber risk management relies on up-to-date security protocols, employee training and incident response plans. But most business leaders are working in organisations that are leaving themselves exposed to rapidly evolving technology risks. Regarding cyber defence strategies, almost half (47%) of C-suite and GCs admit their organisation only undertakes a review of relevant policies and procedures annually – and a further 7% do not perform one regularly. Similarly, 49% of C-suite and GCs say their organisation only undertakes an internal audit and assessment annually (and a further 6% do not perform internal audits regularly.

And buy-in is inconsistent. Despite the majority (74%) of GCs and C-suite leaders claiming that their board is fully engaged in their cyber risk management, three in five (61%) admit there are cyber security vulnerabilities in their organisation due to poor alignment and collaboration across functions.

For example, 31% reveal that their legal team is not involved in the creation of their incident response plan, withholding valuable expertise from their cyber security strategy.

Although cybersecurity is a priority for all industries, financial institutions are most likely to see cybersecurity as the most impactful risk (23%) – with automotive coming a close second (22%). This is in contrast with the consumer sector, where only 12% see it as their most impactful risk. Instead, an above average number of business leaders from the consumer sector see data management as the most impactful risk.

Sector spotlight

Cyber and data

Expert perspectives