Political and economic instability, cyberattacks and disruptive change have global executives and board members on high alert for the year ahead, according to research from Protiviti and North Carolina State University’s ERM Initiative. The report, Executive Perspectives on Top Risks for 2017, and an executive summary are available for download on the Protiviti website.
Concerns about the global economy topped the list for the first time in the five years we’ve been doing the study, surpassing regulatory concerns, which fell to number two. Tech risks followed, with cyber-risk, identity and privacy remaining in the top five.
I had the opportunity to discuss the results — along with Mark Beasley, the Deloitte Professor of Enterprise Risk Management at North Carolina State, and my colleague Pat Scott, executive vice president, global industry and client programs at Protiviti — in a December 15 webinar, and wanted to share some of the highlights.
We surveyed 735 executives and directors at companies around the world, representing a cross-section of industries, and asked them to prioritize 30 risks on a scale of 1 to 10, with 10 being the highest level of concern. Risks were grouped into three categories: macroeconomic, strategic and operational.
The overall risk scores were higher than last year in every category, a sign that executives perceive 2017 as more risky than 2016. Despite that, few organizations plan to invest additional time or resources to risk identification and management — which could reflect either resource constraints, or satisfaction with current resource commitments and prior year investments in risk management capabilities.
From a regional perspective, respondents from companies in the Asia-Pacific region were the most concerned, followed by European companies. Although U.S. executives registered no change from the prior year (i.e., their perception of 2016 risk levels), volatility in global markets and currencies may create significant challenges here as well as abroad.
The next twelve months will be interesting on the regulatory front as a populist wave sweeps across major world economies affecting everything from healthcare, immigration, and trade in many sectors, with implications for many companies, not just the highly regulated ones.
Concern for cyber-threats has been rising over the years, and continues to increase, particularly in the areas of privacy and identity management, as new technology offerings expand faster than the security protections companies have in place.
For other top risks, I refer you to the report.
One parting thought: Just as concerns varied by region, industry and company size, they also varied by the respondent’s role within an organization. This is significant in that I think there is a tendency for companies to assume, internally, that everyone is on the same page when it comes to risk priorities and perception. That’s simply not the case. Therefore, the risk assessment process needs to be inclusive to encourage participation of multiple stakeholders and perspectives.
I think the bottom line is that 2017 is going to be a fun ride that’s not for the timid. So fasten your seat belts!