Diligent is the global leader in modern governance providing SaaS solutions across governance, risk, compliance, audit and ESG
Amid global developments from inflation to war, the role risk and compliance teams hold is more important and complex than ever. Risk professionals today are faced with ever-changing compliance requirements, calls for increased transparency to stakeholders, brand reputation concerns, and, amidst a remote and global workforce, increased exposure to third-party risk.
This rings true even more so for cyber risk professionals, who are faced with increased cyber incidents—from both outside entities and malicious insiders, such as contractors or former employees who misuse insider knowledge of an organization’s proprietary information—enhanced regulatory requirements, and an increasing need to clearly communicate intricate technical issues to boards who can be unfamiliar with the space.
Research from a new national survey conducted by Diligent of more than 450 senior risk, compliance, and security professionals in the U.S. reveals what concerns currently plague risk professionals the most.
Data breaches as the top risk for revenue growth
When looking at risks for revenue growth, 40% of respondents cited a data breach as their organization’s top risk. This outweighed concerns of an economic slowdown or recession, as well as security and fraud, with 37% seeing both as top risks for revenue.
It’s unsurprising then that 90% of organizations have recently adopted a heightened cybersecurity posture. When asked how they’re responding to data privacy threats, nearly half (45%) said they are building out education and awareness, and a slightly larger number (47%) are focused on automation at scale through technology.
In order of highest to lowest percentage, the biggest cybersecurity risks respondents say their organization has experienced so far in 2022 are:
- Social engineering (17%)
- Cloud vulnerabilities (13%)
- Third-party exposure (11%)
- Internet of things (10%)
- Mobile device vulnerabilities (10%)
- Configuration mistakes (8%)
- Inadequate post-attack procedures (8%)
- Poor cyber hygiene (8%)
- Poor data management (8%)
- Ransomware (5%)
Information security and data management as top reputational and compliance risks
Beyond revenue loss, risk professionals identify information security as the top reputational risk, with 40% agreeing that this is their organization’s greatest risk for reputational damage. In comparison, only 35% agree environmental impact is the greatest reputational risk and only 38% see social responsibility as a top risk.
As for compliance, respondents are most likely to say data management is their organization’s top compliance risk (45%), followed by corruption and/or fraud (42%) and workplace health and safety (41%). Almost 2 in 5 respondents deem employee behavior—such as harassment or discrimination—as one of their organization’s top compliance risks, while similar percentages feel this way about quality assurance and environmental impact.
Overall, data breaches and management are a top risk, regardless of the area.
Insufficient systems and lack of buy-in from the board are professional challenges
When asked about the greatest cause of concern in their role, challenges were a balance of both technology issues, such as insufficient systems and a lack of automation, as well as people issues such as a lack of buy-in and poor communication with the board. Forty-two percent of risk professionals say they’re faced with an inability to connect data from disparate systems to paint a holistic picture of risk, and 39% say they struggle with a lack of time and resources to automate workflows. Similarly, 39% say a lack of buy-in from the C-suite or board is a major issue.
Companies are investing — but are they prepared?
The good news is organizations recognize the need for risk and compliance software solutions and are allocating resources in this direction.
Over three quarters (79%) of organizations have increased spending on risk or compliance software in the last two years. By comparison, only 7% decreased spending and only 14% said spending remained the same. And organizations only expect to grow their resources here. Looking ahead to the next two years, a sizable 68% expect to further increase their spend on risk or compliance software.
And yet, only 34% of risk professionals are currently taking an integrated approach to risk management by using technology to gain a holistic view of risk across their company. With organizations facing pressures from all directions, it can be easy to get tangled in a web of siloed risk management strategies. As the scope of a company’s risk portfolio continues to grow, traditional approaches to risk must also evolve.
By taking an integrated approach to risk management—where IT is connected to other areas of the business-like audit, business continuity or corporate compliance—risk data across the organization is brought under one roof to strategically manage risk across the entire business. This provides leadership with an overall view of risk across the company, and positions IT teams and other internal stakeholders to harness strategic opportunities to come out ahead.
When it comes to risk and compliance — from evolving regulations to global reputations — what companies don’t know can hurt them, in terms of fines, growth, stock price and shareholder value. Risk, compliance and security professionals understand the landscape, as our survey demonstrated. The next step is strengthening their ability to monitor and measure it.
Diligent is the global leader in modern governance, providing SaaS solutions across governance, risk, compliance, audit and ESG. Serving more than 1 million users from over 25,000 customers around the world, we empower transformational leaders with software, insights and confidence to drive greater impact and lead with purpose. Learn more at diligent.com.