Risk Management Challenges in 2019

There has been a lot said and written about the risks businesses are expected to face in 2019, but less about challenges of risk management and the process itself.  Here are our thoughts on what we see as the key challenges :

  • Legislation/regulation and the impact on your risk tolerance– In 2018, we saw a significant advance in legislation/regulation surrounding data privacy and protection (e.g. the GDPR and DPA 18) and cyber security (e.g. the EU Network and Information Systems (NIS) directive). The new legislation will, undoubtedly, have an impact on your risk tolerance.  For many organisations, it is likely that risks falling outside of their risk appetite will increase based on the financial impacts arising from legislation such as the GDPR.  Equally, the societal shift towards greater awareness and expectation around data privacy will, for many, also have an impact on reputational risk.
  • Assessing risks – When weighing up the benefits of a qualitative versus quantitative approach to conducting a risk assessment, there is no denying that qualitative risk assessments can be quicker, less expensive and more practical. However, where more factual and measurable data is available, quantitative risk assessments offer the benefit of being more robust, particularly in terms of comparing risks over a period of time.  Quantitative risk assessments naturally tend to provide more consistent results by removing an element of subjectivity.  We believe most organisations will benefit from adopting a hybrid approach.  A core qualitative approach, with an injection of facts and figures (where they exist), will provide a balance of expediency and accuracy when assessing risks across the business.
  • Current relevance – Keeping abreast of current and rapidly emerging risks and opportunities (e.g. changes in regulation/legislation/political and geopolitical environment) is increasingly important. Understanding any likely impacts to your organisation is critical in reducing risk to an acceptable level.

So that’s our view on the risk management challenges in 2019.  And, as for the key risks in 2019, well, we expect:

  • Brexit – Even if you don’t see it as a direct risk to your business, the risks that uncertainty and the lack of confidence can bring to the wider business community should certainly be considered. You need to be thinking about the likely impact on your customers and suppliers.
  • Supply chain – A perennial risk, but very important as third parties continue to be a major source of incidents. Linked to the Brexit issue, understanding the risks your suppliers face and the measures they are taking to mitigate those risks is vital.
  • Cyber – An increase in cyber attacks, particularly personal phishing (e.g. spear phishing/whaling) attacks targeting specific technologies are expected.
  • New legislation/regulation – You need to understand what the likely impacts are and how to respond and, importantly, any overlaps with other legislation/regulation. A good example is the NIS directive, referenced above and, in particular, its relationship with the GDPR.  It simply isn’t good enough to just know what legislation you need to comply with, you need to understand what specific actions need to be taken and what evidence of compliance is required.
  • Privacy moving to the forefront – We are slowly but surely moving to a privacy-first culture where changes in legislation and public opinion are now impacting large and small organisations alike – just think Facebook and Cambridge Analytica.

One thing is for sure, change is the only constant, and an embedded risk management process is critical to ensuring not only an organisation’s success but it’s very survival!

How can we help