Key risk trends for Board of Directors
In the past 30 years not only the origin value of corporate assets changed but also the natural risks of these positions. From a rather pure analogue and physical processing we developed to a digitalised processing within the organizations and between the stakeholders.
With these advantages of interacting more digital and automated with the third parties (suppliers, customers, freelancers, etc) as well as with employees, the efficiency and effectiveness could have been raised for internal and external processing in many organizations.
The transformation towards news strategies and business models implementing digital components brings the digitization of a new corporate risk landscape. Having said that, the risks of interdependencies as well as increasing risks regarding intellectual properties, data losses / breaches, infrastructure attacks and many other patterns, significantly increases.
Quoting the annually published Global Risk Report of the World Economic Forum the trends towards increasing cyber risks are within the top ten (in 2019) regarding likelihood and impact.
Risk & Reward – the dilemma situation for Corporate Boards
What I see during my daily work with clients on Board and C-Level is, that cyber (as well as fraud and non-compliance risks) are treated in the same way as other critical risks when it comes to the question of economical aspect of risk-reward.
Is it possible and savvy to use this approach too or might there be other criteria to be considered for these specific risks? The before mentioned risks have a different DNA than other critical risks with respect to their characteristics.
The complexity of the cyber threats is compared to other critical risks much bigger and evolves rapidly. There are hardly any risks which are growing more dramatically by using the latest technology. The modi operandi are very sophisticated that traditional preventional, detectional and reactional measurements must speed up. The Social Engineers are more diverse with different motivation, rationalisations. All this results in impacting the business beyond data loss. Especially reputation loss is what attacked organizations suffer – next to the financial loss of investigating and recovering the incident with internal and external experts.
Competitive advantage – the pressure on organizations
Corporate leadership teams are under pressure. That is fact. To keep or build the competitive advantage an adaption of the business model is often required. This means that new technologies are required to become more effective and efficient to serve client needs. With implementing new technologies – following the new strategy and business model. New risks are emerging. These also includes an increase in cyber risk.
A comprehensive understanding and strategic leveraging of risk is inevitable for organisation and their boards and their management teams to keep their competitive advantage.
Expectation management for a new Governance
Is this the new war for digitisation? Shareholders and stakeholders will focus more on how boards manage the strategic key risks of cyber and digitisation. The expectation of treating cyber security as a strategic pillar will become a part of a strong governance.
For the corporate risk landscape, the board of directors are in full responsibility. Therefore, the risk-intelligence including new risk trends is the key strategic responsibility of corporate boards to fulfil the need of the expectations of enhanced governance from the shareholder and stakeholder. This means, having a comprehensive understanding of the critical risks evolving due to the organizations’ strategy, business model, interdependencies and connectivity.
No, there is definitively no vaccination available!
“Our own risk-intelligence is the assets to be brought in.“
How could your governance look like taking the critical risk of cyber at a level higher and treat it more strategically?
Yours
Sonja
