Forward-looking thinking is essential in risk management to be equipped for what might be thrown our way. If we take a look at how the landscape developed in 2018, one can get a sense of how organizations should approach risk management going forward. Here are a few prognostications:
Forward-leaning organizations will utilize risk management as a competitive advantage. While hard to measure, using risk as a competitive advantage continues to swirl within risk management circles. Every business today is meeting some disruptive capacity from digital transformation or the “new economy”—whether it is a “born in the cloud” numeric approach into their market or a digitally-driven shift in commodities or services. As such, organizations must take opportunities for new business possibilities and models—particularly when it comes to digital initiatives. Today’s arena is not for the faint-hearted and therefore, taking chances is part of the game. What this means for 2019 is that we will recapitulate to see organizations employ in risk management conversations and the discussion will change from operational to imperative risk management. Whether this represents an enlargement of executive risk management or a shift to an extended enterprise risk management strategy is upon the organization.
Compliance management and added inspection from non-regulators will obstruct long-term strategic planning. Although the regulators raised their game in 2018, and we also saw a growth in data privacy disrepute and issues—some triggered by public objection—that have subjected businesses to new levels of scrutiny. However, the topic of third-party risk resides as an important discussion point for all organizations. What this indicates for 2019 is that the winds of political change will continue, and organizations and controllers will adjust as required. Look out for talk of trade wars, supply chain interruptions, and other shifts that could hinder long-term strategic plans.
Data will be at the helm of risk management because it continues to be the new business x-factor as businesses consider “What can we do with the information we have? Can we stimulate revenue? Can we reduce costs?” However, the possibility of what data can hold for an organization also adds to the risks professed to—or by—that data. Data infringements and data misuse recommence to put a damper on unhitching the full potential of this new “currency.” What this means for 2019 is that according to PricewaterhouseCoopers 21st Annual Global CEO Survey, cyber threats have exceeded regulation as the chief concern for those C-suite executives surveyed, and data is the principal target of cyber attacks.
Organized incident response will become a market priority.
2018 had its percentage of self-imposed, headline-grabbing mishaps like data breaches and corporate collapses. Unfortunately for the organizations involved, the pain of those events affected not only their reputations but reflected across their culture. The tribunal is still out on how well those businesses bounced back, but it became apparent that every company should have a reliable crisis management plan in place. What this means for 2019 is that these circumstances highlight the need for a coordinated occurrence recognition, regardless of the source of the incident, across organizational purposes.
Traditional preservation and risk etiquettes will disappoint to keep up. As an industry, one of the new difficulties we are facing is that the security and risk purposes within our organizations are striving to keep up with expedited business operations. Even more, the lines that used to divide traditional cybersecurity and focus risk functions are becoming increasingly blurred. What this means for 2019 is that active development is not just for IT anymore, but a core business strategy. A yearly risk assessment will no longer cut it because a safety display designed for a waterfall product lifecycle will not agree with these new DevOps methods.