Corporate Risk

Global organizations in 2023 face a complex and fast-changing risk landscape—one that is possibly even more challenging than 2022. A recent Protiviti report found that a majority of security and business executives expect to confront risks of greater severity and magnitude in 2023—compared to the last decade.

Many organizations are already developing comprehensive enterprise risk management (ERM) programs that help them better navigate risk and strengthen business resilience. However, a new study commissioned by Dataminr and conducted by Forrester Consulting found that significant organizational, strategic and technological barriers have hindered these organizations’ ability to implement effective ERM strategies.

Learn More: The 4 Must-haves of Business Resilience

Here, we’ll take a look at three key obstacles that hamper businesses’ progress in developing and implementing successful ERM programs.

Challenge No. 1: A narrow view of an organization’s risk taxonomy and register

While the risk landscape is vast and multifaceted, many security and risk management professionals have a limited understanding of the full scope of risks that can impact their organization. Fewer than a third of the survey’s respondents completely agreed that risks can come from anywhere, suggesting a myopic view of the sources and impacts of different risks. And while 59 percent of respondents said they’re concerned or highly concerned about 10 or more types of business risks, they actively track or monitor only six categories.

This narrow view of risks threatens all elements of a business, including customer experience, brand reputation, regulation compliance and revenue management.

Challenge No. 2: Organizational misalignment

Successful ERM programs require organizational alignment. They are best accomplished when there is an executive who is empowered to work across organizational silos—businesses with highly effective ERM strategies are 27 percent more likely to have a C-suite leader for ERM. However, only 36 percent of organizations have a C-suite champion heading their risk management today.

Without a formal C-suite leader or equivalent role to help promote and support ERM implementations, many risk leaders have difficulty developing comprehensive ERM strategies that recruit and engage other business groups within their organization.

A lack of enterprise-wide alignment about ERM programs also affects an organization’s ability to fully understand their appetite and readiness for risk. In fact, the majority of respondents are concerned about their organizations’ ability to manage risks such as cyber vulnerabilities, data privacy, first-party or internal cyber risks, and more—due to misaligned priorities.

Download eBook: Understand and Plan for the Corporate Risk Landscape

Challenge No. 3: Risk management solutions not fully integrated

More effective ERM strategies tend to be enabled by integrated technology suites. While most respondents are satisfied with individual risk management products and solutions within their organization, they struggle to integrate them across the enterprise.

Just 20 percent of risk leaders have fully integrated the majority of the technology that their organizations use for risk management with other business systems. This misalignment hinders ERM program effectiveness and response times.

Building a successful ERM program

The stakes are high. The study finds that risks are becoming more likely to manifest for enterprises—especially as distributed workforces, connected supply chains, geopolitical forces and the like open up more opportunities for incidents to occur. Nearly 70 percent of respondents experienced at least two separate critical risk events in the past year, more than 40 percent faced at least three and nearly 20 percent suffered six or more incidents. With the sheer number of critical risk events, there’s no doubt that a lack of an effective ERM strategy can lead to far-reaching consequences.

As risk leaders look to enhance their ERM programs, cyber risk tools and real-time alerting capabilities—those like Dataminr Pulse, which gives organizations the earliest signals of high-impact events and emerging risks—are two of the most critical technologies they plan to onboard and invest in, according to the study.

In fact, more than half of security and risk decision-makers plan to implement or increase investment in real-time alerting solutions in the next 12 months; and 70 percent said an effective real-time alerting tool would have helped significantly or completely mitigated the impact of the most disruptive risk incident they encountered last year.

In addition, to ensure you’re on the right path to ERM success, consider the following best practices when creating and implementing your program:

  • Audit your risk management strategies
  • Remove silos, increase coordination and lay the groundwork for automation
  • Improve strategy and consolidate technology investments
  • Drive ongoing optimization and demonstrate how your business is prepared to respond to evolving risk

For more, download the Forrester study Constant Disruption Is The New Status Quo to see our recommendations on how to establish an effective ERM program—whether you’re a nascent or mature organization.

Author
Rob Begg
Vice President,
Product Marketing
March 28, 2023
  • Corporate Risk
  • Blog

Related resources

Blog

Why NATO Must Embrace Private-sector AI to Counter Cyber Threats

As NATO bolsters its cyber defenses and responds to the rising tide of cyber attacks, the alliance should strengthen its private sector partnerships and employ AI-powered solutions.

Blog

Public Safety Challenges and Tips for Paris 2024 Olympics

Explore must-have strategies for ensuring public safety during the Paris 2024 Olympics, including expert insights and practical tips for public sector organizations to address complex security challenges.

Blog

Olympic Security: Event Detection From Paris 1924 to Paris 2024

It's been 100 years since Paris last hosted the Olympic Games. Many of the same security challenges remain, but AI and an unprecedented amount of public data has changed how to protect large-scale events.