Risk Management

Perspectives on the future of risk highlighted in new report

in

BY Fraser Tennant

Displacement by technology is among the potential threats to the future of risk management, according to a new report by the Institute of Risk Management (IRM).

In ‘Risk Agenda 2025: Perspectives on the future of risk’, the IRM sets out two future scenarios for risk management. The first, which involves risk managers working closely with their boards, sees a future in which risk controls are fully embedded in the frontline which, in turn, frees risk functions to focus on strategic risk, mitigate emerging threats and optimising opportunities.

The second scenario, a much bleaker vision, has risk management merely as a back office, compliance function, remote from the board and possessing no discernible leadership role, with displacement by technology the ultimate worst-case scenario.

That said, the IRM report is quick to reconcile these potential scenarios by observing that it is largely within the power of risk managers to choose and shape the future of their profession.

“The publication of ‘Perspectives on the Future of Risk’ marks the beginning of IRM’s Risk Agenda 2025 project,” said Clive Thompson, IRM board member and chair of the Risk Agenda 2025 project group. “The purpose of this initiative is to stimulate debate within the risk community by examining how enterprise risk management (ERM) might be delivered in 2025 and by then proposing different ways that the risk management profession might prepare itself for the possible future scenarios.”

Alongside the report, the IRM is conducting a survey to gauge the views of risk management professionals as to the future of the profession and how it is likely to evolve in the future. Mr Thompson continued: “The contribution of IRM members and other stakeholders will be critical for the quality and inclusiveness of the project’s output.”

Working alongside the IRM is the ERM solution provider Sword Active Risk, which is acting as technology partner on the Risk Agenda 2025 project, as well as helping to gather opinions and suggestions that will feed into the conversation on the future direction of our industry and inform the IRM’s thinking and strategy in the years to come.

"Such research provides an important long-run perspective on the issues and opportunities facing the risk landscape," said Keith Ricketts, vice president of marketing at Sword Active Risk. "As a company, we believe in innovation and that the way you attain this is you fund research and you learn the facts. Ultimately the IRM research is creating new knowledge for us all.”

Report: Risk Agenda 2025: Perspectives on the future of risk

2017: the year of business risk and uncertainty

in

BY Fraser Tennant

2017 will be a year of heightened risk and uncertainty for businesses, largely driven by the results of the US election and the UK EU referendum (Brexit) and their impact on globalisation and free trade, according to a RiskMap forecast published this week by Control Risks.

The RiskMap – an annual study highlighting the most significant underlying trends in global risk and security – also notes the risks posed by political, cyber and terrorism threats, as well as president-elect Donald Trump’s tough stance regarding the global regulatory environment.

As a result of the uptick in the range of threats, Control Risks reveals that many businesses now see little distinction between perceived safe domestic markets and foreign ones rife with challenges.

In summary, the RiskMap identifies the key risks for businesses in 2017 as being: (i) political populism exemplified by president-elect Trump and Brexit; (ii) persistent terrorist threats; (iii) increasing complexity of cyber security; (iv) intensifying geopolitical pressures driven by nationalism, global power vacuums and proxy conflicts; and (v) the militarisation of strategic confrontations by accident or miscalculation.

“The unexpected US election and Brexit referendum results that caught the world by surprise have tipped the balance to make 2017 one of the most difficult years for business’ strategic decision making since the end of the Cold War,” said Richard Fenning, chief executive of Control Risks.

“The catalysts to international business – geopolitical stability, trade and investment liberalisation and democratisation – are facing erosion. The commercial landscape among government, private sector and non-state actors is getting more complex,” he added. 

In response to the high levels of complexity and uncertainty forecast for 2017, Control Risks suggests that company boards should undertake a comprehensive review of their approach to risk management. The strategies they deploy to “protect value and seize opportunity in 2017”, will, according to the report, determine whether organisations are defined as Arks (having a defensive focus on core markets), Sharks (seeking to target new opportunities) or Whales (becoming too big to fail).

Mr Fenning continued: “With the seismic shift in risk scenario planning now required by businesses, we can expect the competitive playing field in many industries to see significant change as organisations respond in different ways to the multitude of complexities facing them. By the end of 2017 we will know whether or not the global economy withstood the shocks and turbulence of 2016, if the US opted for a new definition of how to exercise its power and if the great experiment in globalisation remains on track.”

Report: RiskMap 2017

The danger within: internal risks increasing, claims new PwC report

in

BY Fraser Tennant

Amid a complex and constantly changing risk landscape, internal cyber attacks are an increasing threat that can damage a company’s profits and reputation, according to PwC’s ‘Global State of Information Security Survey’, published this week.

Indeed, a multitude of data is lost each day in this way through mistakes, misuse or malicious attacks; however, the PwC survey contends that the threat to an organisation no longer comes purely from outsiders and that insider risk is now a matter of growing concern.

Drilling down, the top insider risk and source of security incidents for UK organisations is current employees, with former employees a close second. In addition, third parties, including service providers, consultants or contractors, are also now increasingly likely to be the cause of a cyber threat to a business.

In light of the reconfigured threat, the survey highlights four key trends: (i) digital businesses are adopting new technologies and approaches to cyber security; (ii) threat intelligence and information sharing have become business-critical; (iii) organisations are addressing risks associated with the internet of things (IoT); and (iv) geopolitical threats are rising.

“Organisations spend so much time focusing on protecting themselves from external threats that it’s often easy to forget the insider risk – stemming not only from employees, but also a wider ecosystem of business partners," said Richard Horne, cyber security partner at PwC. “Business leaders need to shine a light on who has access to their critical systems and data. Poor access governance and controls can damage not only your reputation but ultimately profit.”

The report also examines the likely impact of the EU’s General Data Protection Regulation (GDPR), which is due to come into effect in April 2018. In essence, the GDPR means an uptick in privacy demands that will require companies to refocus their data privacy arrangements.

“GDPR requires a level of internal control over privacy practices we’ve never seen before,” said Jay Cline, cyber security and privacy principal at PwC. “A half-billion EU citizens will be poised to hold multinationals accountable to this higher bar through new rights they will begin exercising one spring morning a year and a half from now.”

The ‘Global State of Information Security Survey’ showcases the views of more than 10,000 CEOs, CFOs, CIOs, CISOs, CSOs, VPs and directors of IT and security practices from more than 133 countries (34 percent of respondents are from North America, 31 percent from Europe, 20 percent from Asia Pacific, 13 percent from South America and 3 percent from the Middle East and Africa).

Report: Moving forward with cybersecurity and privacy - Key findings from The Global State of Information Security® Survey 2017

Three-quarters of FIs hacked during last two years, claims new KPMG report

in , ,

BY Fraser Tennant

A hard-hitting report released this week makes the startling claim that three-quarters (almost 8 in 10) of financial institutions (FIs) have experienced a cyber attack in the past two years, leading to many personal bank accounts being compromised.

The report, KPMG’s ‘Consumer Loss Barometer’, states that despite the financial services sector being proactive when it comes to matters of information security, more than one-third of consumers have said that their personal bank accounts have been compromised.

Furthermore, the report reveals that the vast majority of consumers would change banks if their provider of financial services did not take the proper steps to deal with the consequences of a cyber attack.  

“Financial institutions have a real opportunity to solidify trust with their customers by demonstrating that security is a strategic imperative, and that they are taking every possible precaution to protect consumers,” said Jitendra Sharma, KPMG’s advisory line of business leader, financial services. “Consumers have a lot of options in this environment, so companies must get it right as the battle for customers is fierce.”

Having surveyed 400 senior cyber security executives (including 100 operating in financial services) and 440 banking consumers, the report found that: (i) 66 percent of finance executives said their companies invested in information protection in the past year; (ii) 85 percent of executives confirmed that they have a person in their company whose sole role is to oversee matters pertaining to information security; and (iii) 37 percent of banking consumers made it known  that they would move to a new financial services provider if their bank refused to cover their losses.

In addition, consumers indicated that they would like their bank to guarantee to cover losses, issue frequent communications and updates and provide a free credit report in the event of a cyber security incident. KPMG also found that the financial services sector is the most proactive of all the sectors surveyed, with many FI’s investing heavily in information protection.  

“It is encouraging to see that financial institutions are clearly making the investment in information security and are ahead of their peers from other sectors,” said Charles Jacco, advisory principal, financial services at KPMG. “But in order to retain loyal customers and attract new ones, they will need to continue demonstrating their commitment and ability to protect their customer’s assets and to put their minds at ease.”

Report: Consumer Loss Barometer

Fighting a losing battle on cyber crime

in ,

BY Richard Summerfield

The war on cyber crime in the UK is going badly, according to a new report from the National Crime Agency. In its 'Cyber Crime Assessment 2016', released in collaboration with a number of industry partners, the The NCA acknowledges that it is falling behind cyber-criminals in many respects.

Cyber criminality is not only becoming more prevalent, but also increasingly sophisticated. The capabilities of cyber criminals are rapidly outstripping both law enforcement agencies and companies operating in the private sector. Techniques including DDoS attacks and ransomware increased significantly in 2015, and the majority of these attacks can be traced back to a few hundred international cyber criminals. The NCA tracked 2.46 million ‘cyber incidents’ in 2015, including 700,000 cases of fraud.

The report highlights that cyber criminals of all kinds, from "international serious organised crime groups" to hacktivists, have been targeting both UK businesses and individuals, emboldened by "the growing online criminal marketplace, which provides easy access to sophisticated and bespoke tools and expertise, allowing these less skilled cyber criminals to exploit a wide range of vulnerabilities".

In light of the heightened security risk posed by cyber criminals, the NCA has called on organisations to step up their defences and to work more closely with law enforcement agencies, the government, industry regulators and business leaders to fight back against attackers. If cyber criminals are to be defeated,  it will require companies to overcome the stigma attached with reporting cyber attacks. The UK government has pledged £1.9bn to help develop and deliver a national defence response and strategy over the next five years.

However, these efforts may be hindered by the chronic under-reporting of cyber breaches by UK firms. According to the NCA, under-reporting is a major issue, particularly given that companies are not required to notify regulators if they have been subject to a data breach or a cyber attack.

Under reporting has, according to the report, obscured the full impact of cyber crime in the UK, and impaired the efforts of law enforcement agencies that have been struggling to understand the operating methods of cyber criminals and are attempting to respond to the threats they pose. Only by working together will the public and private sectors in the UK be able to turn the tide.

Report: http://www.nationalcrimeagency.gov.uk/publications/709-cyber-crime-assessment-2016/file

©2001-2024 Financier Worldwide Ltd. All rights reserved. Any statements expressed on this website are understood to be general opinions and should not be relied upon as legal, financial or any other form of professional advice. Opinions expressed do not necessarily represent the views of the authors’ current or previous employers, or clients. The publisher, authors and authors' firms are not responsible for any loss third parties may suffer in connection with information or materials presented on this website, or use of any such information or materials by any third parties.