Organizations can no longer afford a reactive approach to risk management

Board members and C-suite executives around the globe are most concerned in 2021 with risks associated with COVID-19-related government policies and regulations, economic conditions that may restrict growth and market conditions that may continue to impact customer demand, according to a survey from Protiviti and North Carolina State University.

Amid these near-term headwinds, when asked about top concerns through 2030, business leaders cite challenges that ultimately ladder up to talent.

High ranking risks – including the adoption of technology that requires new or upgraded skills, rapid innovation that threatens business models and the reimagining of creative strategies – point to a need to attract and retain top talent and invest in reskilling and upskilling workforces to ensure agility and resilience in the future.

The study surveyed 1,081 board members and C-suite executives from organizations in a variety of industries and in all regions around the globe.

The top 10 risks for 2021

Survey respondents were asked to rate 36 macroeconomic, strategic and operational risks, including new risks that emerged this year related to the pandemic and social justice. The top 10 risks identified for 2021 are as follows:

• Pandemic-related policies and regulation impact business performance
• Economic conditions constrain growth opportunities
• Pandemic-related market conditions reduce customer demand
• Adoption of digital technologies require new skills or significant efforts to upskill/reskill existing employees
• Privacy/identity management and information security
• Cyber threats
• Impact of regulatory change and scrutiny on operational resilience, products and services
• Succession challenges, ability to attract and retain top talent
• Resistance to change operations and business model
• Ability to compete with “born digital” and other competitors

“More than ever, 2020 demonstrated that organizations can no longer afford a reactive approach to risk management. Pandemic risk loomed on the horizon for a long time – it was a matter of ‘when,’ not ‘if,'” said Jim DeLoach, a Protiviti managing director.

“Business leaders must be vigilant in scanning for emerging issues and make actionable plans to adjust their strategies and business models while being authentic in fostering a trust-based, innovative culture and the organizational resilience necessary to successfully navigate disruptive change. Digitally mature companies with an agile workforce were ready when COVID-19 hit and are the ones best positioned to continue to ride the wave of rapid acceleration of digitally driven change through the pandemic and beyond.”

Consistent with the survey’s findings in previous years, data security and cyber threats again rank in the top 10 risks for both 2021 and 2030. The continuously evolving nature of cyber and privacy risks underscores the need for a secure operating environment in which nimble workforces can regularly refresh the technology and skills in their arsenal to remain competitive.

“If there’s any risk that all organizations across industries and geographies must maintain focus on, it’s cybersecurity and privacy,” said Patrick Scott, executive VP, Industry Programs, Protiviti.

“While the areas that businesses will need to address may change as they transform their business models and increase their resiliency to face the future confidently, cybersecurity and privacy threats will remain a constant and should be at or near the top of the list. These threats have been top risks for quite some time, and they aren’t going away.”

Top risks for 2030

New for this year’s survey, respondents also rated the expected impact of the same 36 risks on their organizations in 2030. The risk landscape of 2030 presents a markedly different picture, according to survey respondents who identified the following as the top 10 risks for 2030:

• Adoption of digital technologies may require new skills or significant efforts to upskill/reskill existing employees
• Impact of regulatory change and scrutiny on operational resilience, products and services
• Rapid speed of disruptive innovation outpace our ability to compete
• Succession challenges, ability to attract and retain top talent
• Privacy/identity management and information security
• Substitute products or services arise that affect our business model
• Sustaining customer loyalty and retention become more difficult as customer preferences and demographic shifts evolve
• Ability to compete with “born digital” and other competitors
• Inability to utilize data analytics and “big data” to achieve market intelligence and increase productivity and efficiency
• Cyber threats

Taking a decade-long view of the risk horizon, executives are concerned about the future of work, particularly when it comes to their organization’s ability to adapt to emerging digital technologies and keep pace with the rapid speed of disruptive innovation.

According to the survey results, an organization’s ability to upskill and reskill employees as well as attract and retain top talent will be paramount to its risk management strategy in the decade ahead.

Dr. Mark Beasley, professor of Enterprise Risk Management and director of NC State‘s ERM Initiative and co-author of the report said, “Following a year of unprecedented adoption of digital tools across industries globally, businesses are facing heightened pressure to pivot to new skills, processes, products and services to meet evolving customer preferences, protect their brand value and remain competitive in an increasingly complex and automated world.

“One of the most important lessons that business leaders need to take away from 2020 is that they must prepare for a disruptive future by positioning their organizations to adapt and evolve with the speed of change.”