Global organizations in 2023 face a complex and fast-changing risk landscape—one that is possibly even more challenging than 2022. A recent Protiviti report found that a majority of security and business executives expect to confront risks of greater severity and magnitude in 2023—compared to the last decade.
Many organizations are already developing comprehensive enterprise risk management (ERM) programs that help them better navigate risk and strengthen business resilience. However, a new study commissioned by Dataminr and conducted by Forrester Consulting found that significant organizational, strategic and technological barriers have hindered these organizations’ ability to implement effective ERM strategies.
Learn More: The 4 Must-haves of Business Resilience
Here, we’ll take a look at three key obstacles that hamper businesses’ progress in developing and implementing successful ERM programs.
Challenge No. 1: A narrow view of an organization’s risk taxonomy and register
While the risk landscape is vast and multifaceted, many security and risk management professionals have a limited understanding of the full scope of risks that can impact their organization. Fewer than a third of the survey’s respondents completely agreed that risks can come from anywhere, suggesting a myopic view of the sources and impacts of different risks. And while 59 percent of respondents said they’re concerned or highly concerned about 10 or more types of business risks, they actively track or monitor only six categories.
This narrow view of risks threatens all elements of a business, including customer experience, brand reputation, regulation compliance and revenue management.
Challenge No. 2: Organizational misalignment
Successful ERM programs require organizational alignment. They are best accomplished when there is an executive who is empowered to work across organizational silos—businesses with highly effective ERM strategies are 27 percent more likely to have a C-suite leader for ERM. However, only 36 percent of organizations have a C-suite champion heading their risk management today.
Without a formal C-suite leader or equivalent role to help promote and support ERM implementations, many risk leaders have difficulty developing comprehensive ERM strategies that recruit and engage other business groups within their organization.
A lack of enterprise-wide alignment about ERM programs also affects an organization’s ability to fully understand their appetite and readiness for risk. In fact, the majority of respondents are concerned about their organizations’ ability to manage risks such as cyber vulnerabilities, data privacy, first-party or internal cyber risks, and more—due to misaligned priorities.
Download eBook: Understand and Plan for the Corporate Risk Landscape
Challenge No. 3: Risk management solutions not fully integrated
More effective ERM strategies tend to be enabled by integrated technology suites. While most respondents are satisfied with individual risk management products and solutions within their organization, they struggle to integrate them across the enterprise.
Just 20 percent of risk leaders have fully integrated the majority of the technology that their organizations use for risk management with other business systems. This misalignment hinders ERM program effectiveness and response times.
Building a successful ERM program
The stakes are high. The study finds that risks are becoming more likely to manifest for enterprises—especially as distributed workforces, connected supply chains, geopolitical forces and the like open up more opportunities for incidents to occur. Nearly 70 percent of respondents experienced at least two separate critical risk events in the past year, more than 40 percent faced at least three and nearly 20 percent suffered six or more incidents. With the sheer number of critical risk events, there’s no doubt that a lack of an effective ERM strategy can lead to far-reaching consequences.
As risk leaders look to enhance their ERM programs, cyber risk tools and real-time alerting capabilities—those like Dataminr Pulse, which gives organizations the earliest signals of high-impact events and emerging risks—are two of the most critical technologies they plan to onboard and invest in, according to the study.
In fact, more than half of security and risk decision-makers plan to implement or increase investment in real-time alerting solutions in the next 12 months; and 70 percent said an effective real-time alerting tool would have helped significantly or completely mitigated the impact of the most disruptive risk incident they encountered last year.
In addition, to ensure you’re on the right path to ERM success, consider the following best practices when creating and implementing your program:
- Audit your risk management strategies
- Remove silos, increase coordination and lay the groundwork for automation
- Improve strategy and consolidate technology investments
- Drive ongoing optimization and demonstrate how your business is prepared to respond to evolving risk
For more, download the Forrester study Constant Disruption Is The New Status Quo to see our recommendations on how to establish an effective ERM program—whether you’re a nascent or mature organization.