New Report Identifies the Top 10 Risks Facing Corporate Executives in 2015by
While not ranked No. 1, cybersecurity continues to grow as a major risk that is keeping C-suite executives and corporate board members up at night, according to a new report from global consulting firm Protiviti and North Carolina State University.
Protiviti and a team of NC State researchers recently polled 277 board members and top-level executives from around the world to determine the top macroeconomic, strategic, and operational risks for the coming year. For the third consecutive year, regulatory changes and heightened regulatory scrutiny was ranked as the No. 1 risk on the minds of board members and corporate executives, according to the 47-page report, Executive Perspectives on Top Risks for 2015. Sixty-seven percent of respondents indicated that regulatory risk will “significantly impact” their organizations this year.
While the level of concern about this risk is not as high as in past years, company decision-makers continue to have high anxiety that regulatory challenges may affect their strategic direction, the report stated.
“The pressures created by regulators, plus the potential for major adjustments in light of regulatory change, are understandably tremendous concerns and present substantial risk. Having to comply with new regulatory requirements can dramatically affect the profitability and growth of an organization,” Mark Beasley, PhD, Deloitte professor of enterprise risk management (ERM) and director of the ERM Initiative at NC State, said in a written statement. “Even organizations in industries that are less heavily regulated can feel the indirect effects of new and changing regulations, especially those affecting all types of organizations, on profitability and growth.”
To no one’s surprise, cybersecurity has shot up the list of top corporate risks, in the wake of well-publicized data breaches in the United States that have occurred at Sony Pictures Entertainment Inc., Home Depot Inc., and Target Corp. within the past year or so.
More than half of the global survey respondents (53 percent) indicated that insufficient preparation to manage cyberthreats is a risk that will significantly impact their organizations this year. Reflecting increased concern about operational and reputational damage associated with potential breaches, cybersecurity jumped to the No. 3 biggest risk, up three positions from last year’s survey.
“Most executives recognize the need for ‘cyber resiliency,’ realizing it is not a matter of if a cyber-risk event might occur, but more a matter of when it will occur,” the report stated. “With the apparent level of sophistication of perpetrators and the impact breaches can impose, most organizations recognize the significant risk threat linked to their reliance on technology for executing their global strategies.”
Sandwiched between regulatory changes/heightened regulatory scrutiny and cybersecurity in the No. 2 spot was economic conditions restricting growth, a risk in which 56 percent of respondents said will have a big impact on their organizations in 2015. Economic conditions restricting growth also ranked second in last year’s risk report.
“In rating this risk, executives and directors may be mindful that the pace of economic growth could shift – dramatically and quickly – in any region of the global market,” the report stated. “As a result of this continuing concern, companies may be aggressive in seeking new markets and new ways of serving customers to stimulate fresh sources of growth.”
The following are the top 10 risks identified in the 2015 Protiviti/NC State survey.
1. Regulatory changes and heightened regulatory scrutiny.
2. Economic conditions restricting growth.
3. Cyberthreats disrupting core operations.
4. Succession planning and acquiring and retaining talent.
5. Culture may not encourage the timely identification and escalation of risk issues.
6. Resistance to change may restrict necessary adjustments to the business model and core operations.
7. Privacy/identity management and information security/system protection.
8. Preparedness to manage an unexpected crisis.
9. Sustaining customer loyalty and retention as customer preferences and demographics evolve.
10. Ability of existing operations to meet performance expectations related to quality, time to market, cost, and innovation.