Most breaches largely caused by staff working from home

Diligent announces a survey of 450 senior finance and risk professionals in UK-listed businesses. The results show that UK businesses lost £374 million in 2021, largely due to cyberbreaches caused by staff having to work from home.

The survey also shows that businesses are concerned by risks associated with lack of strategy around ESG, complex regulatory landscapes, and a disconnect between the board and the operational team.

The results below provide unique insights into what UK risk professionals see as significant challenges for their organizations in 2022.

Work from home cyberbreaches

• 64% of companies say they have experienced a cyberattack or data breach in the past 18 months
• 82% of those who reported a breach say it resulted from tech issues or behavior related to working from home
• 75% say their organization lost money or revenue – a total of £374 million – due to a breach

ESG as a box-ticking exercise

• 40% of risk professionals view their organization’s current ESG strategy as a box-ticking exercise, rather than driving real impact
• 56% say their company’s ESG strategy is not aligned with its wider GRC goals
• There is an evident lack of ownership when it comes to setting and leading on ESG goals, with 42% stating the responsibility lies with GRC/risk teams, 40% with the investor relations team and 37% with the communications department

Risk at the board level

• Risks that are currently top of mind at board meetings are regulatory changes and compliance (18%), human capital, including talent management, retention and recruitment (18%) and lack of diversity within the board or management team (17%)
• 35% of risk professionals say an inability to provide real-time or near-real-time reporting hinders their ability to paint an accurate picture of risk for the board
• The areas of risk that boards have the least insight into are climate change and sustainability (17%), cybersecurity and data breaches (17%) and capital and liquidity risk (17%)

Top risks in 2022

• Increased regulations – 85% of organizations are concerned about complying with changing regulatory requirements in 2022
• Geopolitics – Tension within international politics is the top macro risk for businesses in 2022 (32%), followed by inflation (31%) and shareholder activism (30%)
• Workforce turnover – Human capital (talent management, recruitment, retention) is the top operational risk for businesses in 2022 (21%), followed by technology associated with working from home, and not keeping pace with emerging technologies (16%)

“UK PLCs fielded an incredible number of challenges over the last 18 months, and our research shows that leaders are wary of evolving risks moving into 2022,” said Dan Zitting, Chief Product and Strategy Officer at Diligent.

“From cyber attacks to ESG and regulatory compliance, businesses need to better understand and incorporate risk into their long-term planning to ensure a sustainable future. Technology will play a crucial role by painting a complete picture of risk and enabling decision-makers to monitor and mitigate risk quickly and efficiently. This builds resiliency into organizations and drives confidence among stakeholders.”