Why tech risk identification and management need to stay near the top of the Boardroom agenda
As global businesses reel from the second major cyber-attack in two months, security experts continue to warn further attacks may be imminent.
Our recent report, which examines the confidence and risk perceptions of 500 business leaders and risk managers of multinational UK companies, sheds some light on business leaders’ and risk managers’ current preparedness.
Results of the CNA Hardy Risk and Confidence Survey reveal that in March this year technology risk was among the top three risks companies worry about. While business leaders we spoke to see technology as key to agility, speed of adaptation and their ability to compete, on the flip side, technology failure or cyber risk in terms of data security, fraud, corruption, viruses, hacking, privacy, compliance and reputation are persistent worries.
However, when we asked the same question about how companies see the risk environment evolving by Autumn 2017, technology was bottom of the heap. Only 27% of businesses believed that technology risk was likely to increase and over two thirds (67%) believed it would stay the same or reduce. This either suggests businesses are already factoring risk into their planning, or, more concerningly, that it is still not commanding the attention it requires in the boardroom.
Either way, we believe the Wannacry and GoldenEye attacks should have alerted business leaders to the scale of the problem and lack of preparation and underlines how, in today’s digital and interconnected world, tech risk is a key driver of boardroom risk – which our survey showed was the top concern for business leaders as they look ahead to Autumn 2017.
If IT managers, business unit heads or boards are found for example not to have:
- paid attention to warnings from hackers;
- taken heed of relevant information in the public domain;
- reviewed processes and protocols or not ensured that protection is up to date
Then a Board’s directors may be judged to have not performed their duties with due care and diligence, particularly as the regulatory environment becomes more demanding with the introduction in May 2018 of the General Data Protection Regulations (GDPR).
The pattern of global cyber-attacks bring the issue of technology and boardroom risks to the fore and highlights why it is so important that businesses identify, map and continually monitor all potential risks at Boardroom level to minimise the impact caused when the unexpected happens.
Download your copy of the CNA Hardy Risk and Confidence Survey at www.cnahardy.com/pulse