《Raconteur:2022年商业风险报告(英文版)(9页).pdf》由会员分享,可在线阅读,更多相关《Raconteur:2022年商业风险报告(英文版)(9页).pdf(9页珍藏版)》请在三个皮匠报告上搜索。
1、28/03/2022INDEPENDEN T P U B L I C AT I O N BY#0797R AC O N T EU R.NE TBUSINESS RISKTHE BENEFITS OF A BOTTOM-UP APPROACH DO YOU NEED A CHIEF WORRY OFFICER?0603THE RISKS OF INACTION ON NET-ZERO GOALS12Realize the transformative power of dataSee us on page 11R A C O N T E U R.N E T03R A C O N T E U R.
2、N E T03/business-risk-2022he traditional approach to risk management puts managers and the senior leadership team in the driving seat,charging them with predict-ing,identifying,avoiding and con-taining risks.But could a bottom-up mindset prevent more issues from occurring in the first place?Many com
3、panies are increasingly offering all their employees a greater degree of training and responsibili-ty for risk management.Progeny,an independent financial planning and asset management company,has adopted this approach.Chief risk officer Charlotte Willis believes risk management and reporting is eve
4、ry-ones responsibility,a way of work-ing that can lead to the quick and effective implementation of actions and problem-solving.“As staff have invested time and energy into helping shape strategies and action plans,their engagement and accountability is almost always assured from the outset,compared
5、 with a top-down only approach,”Willis says.Each business area within Progeny has initial responsibility for identi-fying and quantifying risks using a risk management framework.How-ever,significant work has been undertaken with team heads to help them understand how their deci-sions affect the whol
6、e company,as well as their own specific areas.Along with heads of departments,they can escalate new or emerging risks to a risk and audit committee,which itself works with the CRO,senior leadership team and execu-tive board to prioritise these risks.When teams accept and agree responsibility it also
7、 means greater alignment in pursuing new strate-gies or business goals,Willis adds.However,establishing a consistent approach to risk management is a challenge,she admits.“Some departments are naturally more opportunistic and entrepre-neurial,whereas others are maybe more naturally governed and risk
8、 averse.This places greater impor-tance on the formalising of require-ments and responsibilities for all staff,”she explains.It will always be up to an individu-al risk officer to decide if a bot-tom-up approach is suitable for their company and industry.For Michael Brown,health and safety content m
9、anager at compliance firm Cita-tion,it brings a number of advantag-es in health and safety management,given employers have a legal duty to consult with their employees or rep-resentatives on such matters.“Employees themselves can often offer solutions that are overlooked by management by virtue of b
10、eing more familiar with how work is actu-ally completed,”he says.Such a path can also mitigate risks when new processes or equip-ment are implemented in the work-place,ensuring any concerns are not ignored,according to Brown.“Consultation in these instances helps to identify potential risks and haza
11、rds with a new process before its fully up and running.This can help save time,effort,money and,most importantly,possible injuries from potential misuse of the equip-ment down the line,”he explains.In financial services,risks can be acute.Dr Luke Carrivick is deputy executive director at ORX,a membe
12、r organisation for operational risk professionals in financial services.He thinks a bottom-up approach is a“great way of making the actual risk takers think more clearly about what they do”.However,he points to a downside:an overly narrow focus on informa-tion by individuals or teams can mean some b
13、roader risks are missed.For example,ensuring the aggrega-tion of similar risks,which in isola-tion might be immaterial,but in combination could be important.A more contemporary approach is now being used,akin to crowdsourc-ing,Dr Carrivick explains.This involves polling a diverse set of indi-viduals
14、 on a particular topic within or even across institutions.In cases where people dont know what to monitor or be on the lookout for,what he describes as“noisy infor-mation from a range of sources”needs to be collated when identify-ing new or emerging risks.“Some banks are piloting the crowdsourced co
15、ncept,”he explains.Industry studies such as ORX Hori-zon are built on this principle,he notes,with the latest version identi-fying emerging technology as the financial services industrys most concerning and problematic emerg-ing operational risk.Risk management is also becom-ing increasingly digital
16、,with the digitalisation of finance occurring alongside the automation of previ-ously manual processes.“By embedding risk management into the business-as-usual process and by being increasingly reliant on metrics that can be automatically captured,this bottom up,data-driv-en monitoring of activity t
17、hen begins to drive your understanding of your risk profile,”Carrivick adds.Its important to recognise that employees on the ground are closest to the operation and have“a wealth of experience and knowledge on what causes disruption”,believes Julie Goddard,a business continui-ty consultant at Databa
18、rracks,which provides IT disaster recovery and business continuity services.“They also tend to come up with cre-ative and clever solutions,because theyre probably doing it already as part of their day job,”she says.Goddard also notes the impor-tance of developing trust within the hierarchy,so employ
19、ees know their views are valued,while manage-ment must agree the thresholds within which they would be happy for staff to manage risks them-selves.This could be based on their companys risk appetite,and be a cost value,the number of custom-ers affected,or the extent of disrup-tion.Above the set leve
20、l,issues would then be escalated.A bottom-up approach to risk man-agement should now underpin busi-ness strategy and opportunity,Willis advises.“The more engaged everyone within the firm is with what all too often is a challenging subject,the better it is for everyone,”she says.“Risks can be reduced
21、 and oppor-tunities can increase,both of which can have a really positive impact on business growth and a firms bottom line,while improving customer out-comes and delivering an outstand-ing client service.”To achieve this,CROs could always follow a simple piece of advice from Goddard.“If you are bra
22、ve enough,put a sign on the mirror in the loos saying:You are looking at the organisations risk consultant.”Managing corporate risk from the bottom up BUSINESS RISKraconteur/raconteur_londonRisk management has traditionally been viewed as a leadership role.However,spreading responsibility across the
23、 organisation can help the bottom line and improve customer outcomesDistributed inJonathan WeinbergPublished in association withAlthough this publication is funded through advertising and sponsorship,all editorial is without bias and sponsored features are clearly labelled.For an upcoming schedule,p
24、artnership inquiries or feedback,please call+44(0)20 3877 3800 or email Raconteur is a leading publisher of special-interest content and research.Its publications and articles cover a wide range of topics,including business,finance,sustainability,healthcare,lifestyle and technology.Raconteur special
25、 reports are published exclusively in The Times and The Sunday Times as well as online at The information contained in this publication has been obtained from sources the Proprietors believe to be correct.However,no legal liability can be accepted for any errors.No part of this publication may be re
26、produced without the prior consent of the Publisher.Raconteur MGetty Images/Cavan ImagesDeloitte,2021S T R AT E GYBradley GerrardBusiness and finance journalist with bylines in the Daily Telegraph,FTfm and Investors Chronicle.Tamlin MageeA London-based freelance journalist who has contributed to a w
27、ide range of publications.He specialises in technology and culture.Virginia MatthewsFleet Street-trained reporter,writer,editor and columnist with extensive experience of daily news,business reporting and feature writing/editing for daily and weekly publications.Michelle PerryJournalist,commissionin
28、g editor and copywriter covering the business,finance and property sectors.Jonathan WeinbergFreelance journalist,writer and media consultant/trainer specialising in technology,business,social impact and the future of work and society.Alex WrightBusiness and financial journalist with more than 20 yea
29、rs experience,having worked on international,national,regional and local papers,and trade and consumer magazines.ContributorsPublishing manager Jean-Philippe Le CoqDesign/production assistant Louis NassDesignCelina LuceyColm McDermottSamuele MottaSean Wyatt-LivesleyDesign directorTim WhitlockIllustr
30、ationSara Gelfgren Kellie JerrardDeputy editorFrancesca CassidyManaging editorSarah VizardSub-editorGerrard CowanKate WilliamsonLorraine EamesReports editorIan DeeringHead of productionJustyna OConnellTA MORE BOTTOM-UP APPROACH TO RISK MANAGEMENT COULD HELP BUSINESS ADDRESS EMERGING RISKSPercentage
31、of companies which say their understanding and awareness of the following emerging risk domains is lowestFinancial resilience of third parties in real time40%Ethics 36%Newer forms of anti-bribery,corruption and dishonesty 40%Health and safety of third-party staff 40%Diversity and inclusion35%Adverti
32、se with Raconteur in The Times and reach more senior business decision makers than any other national title.Email to learn more about our calendar of over 80 reports in The Times.If youre looking at this advert,then your prospects are too.R A C O N T E U R.N E TB U S I N E S S R I S K050420122010200
33、82006200420022002020222001enin once said there are decades where nothing happens and weeks where decades happen.This current peri-od appears to be of the latter type.Just as the effects of the pandemic seemed to be on the wane,reignit-ed geopolitical tensions in Europe exposed once again
34、the vulnerability of global markets.While the crisis in Ukraine has thrown supply chains into chaos,causing soaring wheat prices and sending petrol costs to an all-time high,the impact has been far-reach-ing in the digital space too.Global technology providers have pulled their services from the Rus
35、-sian market in droves.Mastercard and Visa have restricted the use of Russian-issued cards outside the country,while Google Pay and Apple Pay are limited for customers of sanctioned banks,leading to queues in the Moscow subway as commuters are forced to pay with cash.The plug has also been pulled on
36、 other digital asset.Some of these are self-imposed such as Russias banning of Facebook and Twitter,while Netflix,Paypal,Adobe,Ora-cle,Amazon Web Services,Micro-soft and SAP have all introduced their own restrictions on services in the country,making business as usual almost impossible.While these a
37、ctions may be aimed at penalising the regime of Rus-sias president Vladimir Putin,they also affect consumers,startups and small businesses the vast majority of which have nothing to do with the something similar if the relation-ship with the US deteriorates in a similar fashion,”Bjola says.He highli
38、ghts that Chinas digi-tal yuan could theoretically bypass SWIFT payments.“At the moment,the amount of international transi-tions seems to be low,but the mat-ter could change rapidly if Russian companies discover ways to use it to evade sanctions.”That makes China a country to watch,since it is not c
39、lear whether its companies will comply with the US/EU/UK sanctions,says Bjola.“The Biden administration has already signalled its determination to sanction Chinese companies if they aid Russia,so it will be interest-ing to see how China reacts to this.Purchasing Russian tech companies at a discount
40、may prove tempting for some Chinese companies.”As moves are made on the geo-political chessboard it is usually ordinary citizens who suffer.Of course,the immediate impact of displacement,death and regional instability has rightfully taken prec-edence in headlines during Russias invasion of Ukraine.B
41、ut organisa-tions need to focus on resilience and business continuity plans.Although it is“hard to plan for such a devastating event”,business-es should always have a disaster recovery plan in place,says Siob-han Aalders,vice-president of glob-al communications for the freelance marketplace Fiverr.A
42、s tensions increased in mid-Jan-uary,Fiverr raced to secure the safe-ty of its staff by evacuating its Kyiv employees comprising 15%of the companys worldwide development team to safer regions in Ukraine or outside the country.Developers in Fiverrs Tel Aviv headquarters also backed up areas of the bu
43、siness the Kyiv team were focusing on.“As we developed a plan for our employees,we knew the R&D centre in Tel Aviv would be able to pick up any slack and execute on our roadmap,”Aalders explains.Meanwhile,as rumours persisted that Putin could take down com-munications and digital services in Ukraine
44、,Fiverrs operations centre was standing up alternative means of communication for employees in the country just in case connectivity was compromised.Shane Henry,CEO of disaster risk consultancy Reconnaissance Group,says its vital that business-es plan for the worst kinds of risk,from natural disaste
45、rs to man-made crises.That means conducting a“reality check”on the culture of an organisation,taking stock of its cur-rent standard of preparedness and being open to blunt feedback from internal and external stakeholders.“How is it set up to calmly prepare for a crisis,whatever that crisis may be?”a
46、sks Henry.“And what is the impact on our people?“A core component of that is to look at your leaders not your executive team,but people that will probably emerge as leaders at all levels.We see that,between earthquakes,the aftermath of hurricanes and politi-cal fallout,companies have had peo-ple eme
47、rge as leaders at all levels.“That raises the question:what can you do beforehand to help iden-tify potentially emergent leaders?Because theyre the people youre going to rely on in the aftermath.”in late 2019,designers in the country reluctantly turned to software theft because they had no other cho
48、ice.Russia is considering legislating for this approach by re-evaluating its copyright laws,as the Ministry of Economic Development proposes relaxing piracy rules to offset dam-age from digital sanctions.Meanwhile Russians are turning to virtual private networks(VPN)to access digital services,says C
49、or-neliu Bjola,author of Digital Diplo-macy:Theory and Practice.But this workaround may be short-lived.“The most popular VPN apps are based in France,the UK and the US,so in principle they could become part of the package of digital sanc-tions as well,”he points out.There are also rumours that Rus-s
50、ia will cut itself off from the glob-al internet,making a splinternet where countries choose to silo web access by national borders seem closer than ever.And this software flight may rip-ple into undesirable longer-term consequences for the West,such as a strengthening technological rela-tionship be
51、tween Russia and China,born from sheer necessity,and a recalibration of digital power.“Chinese authorities are taking notes about how these sanctions are implemented and how it might be able to protect itself against invasion and are also suffering the consequences.So notes Nigel Green,founder and C
52、EO of financial ser-vices business deVere Group,which continues to operate in Russia.“A few hundred,named Russian individuals are on the internation-al sanctions list and,of course,we strictly adhere to it,”Green says.“But we are not going to roll out a blanket ban on ordinary,inno-cent Russian user
53、s.The situation is inevitably going to get worse,with potentially devastating con-sequences,as they are frozen out of the financial system.”This move to bring digital servic-es into geopolitics has been slow but steady.In 2019,a raft of new sanc-tions against Venezuela meant that Adobe services were
54、 no longer acces-sible in the country.Microsofts soft-ware sales in Russia were affected by previous US-led sanctions over the Crimea dispute,while developer platform GitHub was forced to block users in Syria,Crimea and Iran.There is very little that businesses affected by these digital sanctions ca
55、n do,other than await the out-come of a request for exemptions via the US Office of Foreign Assets Con-trol,the authority in charge of over-seeing sanctions compliance.If that doesnt happen,theres pira-cy.Before Adobe was granted an exemption to operate in Venezuela Tamlin MageeDigital sanctions hav
56、e tangible effects Digital sanctions represent a new frontier in global conflicts,with business-critical technology able to be switched off remotely.What impact will this have-in Russia and beyond?G E O P O L I T I C SLWhat can you do to help identify potentially emergent leaders?Because theyre the
57、people youre going to rely on in the aftermathDecember 2010September 2008May 2004March 2003December 2001September 2001March 2011March 2014November 2016February 2022The Arab Spring begins in response to corruption and economic stagnation,first of all in TunisiaInvestment bank Lehman Brothers collapse
58、s,leading to the global financial crashTen more states join the EU including Poland,Hungary,Lavia and SlovakiaUS-led coalition forces invade IraqChina joins the World Trade OrganizationAl-Qaeda attacks the US,leading to the US and a NATO-led alliance invading Afghanistan a month laterPro-democracy d
59、emonstrations erupt in Deraa,leading to the Syrian civil warRussia annexes the Republic of CrimeaDonald Trumps wins the US electionRussia launches a full-scale invasion of UkraineGeopolitical events are a major risk factor for companiesSome of the biggest geopolitical events of the 21st CenturyRussi
60、a is facing digital sanctions after its invasion of Ukraine(pictured)last monthiStockphoto/SCM JeansCommercial featureisks are all around.The prin-cipal risk is,of course,the risk to the executives of an organ-isation.The directors and officers of a business shoulder the greatest responsibilities an
61、d face personal and corporate liabilities if they make the wrong decisions.“In the last five to 10 years,there has been a major shift in the application of director and officer liability(D&O)insurance cover,”says Catherina MacCabe,focus group leader inter-national management liability at Beazley.“On
62、ce reserved for financial problems arising from the need to restate earnings or profits,there are many more event driven D&O claims made today.”ESG and reputational risks go far beyond concerns about climate change.Today the diversity of board members,claims about greenwashing a firms green credenti
63、als,mismanaging the firms adherence to ever changing regulations and governance require-ments and the personal and financial conduct of senior executives all fall under D&O risk,and can result in costly disputes and litigation.Employer risks,covering everything from how you recruit,reward and retain
64、 staff are also under close scru-tiny not only from business analysts,but shareholders,regulators,lobbyists and employees.high priority for many business lead-ers.Cyber risk has,rightly,become a primary concern for business lead-ers,and the impact of a cyber breach is not only increasing each year,b
65、ut becoming more expensive to resolve.This is because cyber threat actors are becoming more aggressive in their exfil-tration of targets data and are looking at more inventive and aggressive ways to extort money from their targets.The Covid-19 pandemic forced organisations to open up their systems i
66、n ways that they had never envisaged in order to permit employees to work remotely,says Raf Sanchez,head of cyber services at Beazley.“This sudden shift to homeworking meant organisa-tions had to implement remote access to business systems often before they had the time to understand and miti-gate t
67、he risks this entailed”he says.“Some businesses rolled out train-ing and adopted additional security measures such as multi-factor authen-tication(MFA)but many had neither the resources nor the budget to ensure these measures were implemented in time.Optimism about business risk does not equate to m
68、itigation.”Ultimately,adopting new technology practice is only part of the process of building business resilience and reducing the threat of cyber risks.Cyber risk cannot be ignoredOne of the greatest misconceptions about cyber risk is a belief that attackers only want access to high-profile,blue-c
69、hip companies,Sanchez says.“The reality is that just like in any market-place,we see attackers that specialise the mass-market and who can deploy automated attacks with almost zero cost(or risk of being caught)against any business or organisation regard-less of size or sophistication,”he adds.“Busin
70、esses that find their operations disrupted are as likely to be small enter-prises or even sole traders as a multina-tional bank or entertainment company.”The risks,and therefore the impacts,are not contained to just financial considerations.They are operational,financial,legal and reputational.Data
71、exfiltration raises trust issues with cli-ents and employees,data unavailabil-ity results in immediate operational impact and organisations may be under contractual duties to notify their clients of cybersecurity incidents that can result in automatic termination of customer contracts.Since many att
72、ackers use extortion,specifically the threat of publicising the cyber attack,as a lever to encour-age payment,it can be tempting for organisations to consider paying off the criminals,but this comes with its own risks,Beazley argues.Sanchez asks:“How can you ensure that the criminals will honour the
73、ir commitment to delete the exfiltrated data?Is your organisation contravening legal or regulatory prohi-bitions against interacting with them?”He adds:“The data you have paid to be destroyed is just as likely to turn up on the dark web,be shared among threat groups or even be accidentally released.
74、The only sensible way to deal with these risks is to implement mitiga-tions for them and try to prevent them from happening in the first place.”Mitigating these risks is not as dif-ficult as it may appear at first sight.Businesses can materially decrease their exposure to cyber risk by taking a smal
75、l number of key actions.For instance,implementing multi-factor authentication for all remote access to their systems is a simple and effective step that will greatly reduce the risk of having an incident.It is also important for organisations to understand that implementing these actions in a con-si
76、stent and comprehensive manner are essential to their success.The team at Beazley has seen exam-ples in which MFA has been imple-mented,but those at the greatest risk of targeted phishing attacks such as senior executives have been excused from complying with that control.It is also not just a quest
77、ion of expediency or consistency;senior management and executives should also be lead-ing by example to ensure that a cul-ture of security is cultivated within the business.Also,a mismanaged cyber incident could turn into a D&O claim against the executives of a firm.A stitch in time saves more than
78、nineSome of these risk management meas-ures will cost money and many will take time to implement.However,the fast-paced nature of technology innovation is also helping businesses.Where once a business would need to invest in new hardware and software and the IT staff to manage it new cloud services
79、and solutions allow companies to imple-ment and scale sophisticated risk man-agement solutions that were previously only available to a large enterprise.Executives must be seen to be mon-itoring cyber risk to strengthen busi-ness resilience.“We understand theres no silver bullet,”says Sanchez.“Nor i
80、s there a magic money tree to cover every conceivable risk.But we can help clients identify which con-trols will have best effect and give them insight into cyber risk trends.”MacCabe adds:“We dont get paid for telling clients how to reduce their risks and improve their operational resil-ience.Our r
81、eward comes from clients with good risk management that pro-tects their business and reduces both the corporate and personal risk so they dont become subject of a claim.”However,if the worst happens and a business does have to make a claim,then business leaders need to be sure that they have the rig
82、ht insurance partner who will help to successfully manage the claim on their behalf.The more inclusive the discussion is between insurers,those responsible for risk management,the CFO,compli-ance,the responsible business team,human resources and beyond,the more comprehensive,coordinated and effectiv
83、e the risk planning,and there-fore more valuable,it will be.Visit the risk&resilience reports for further risk insight and analysis risk is also a reputational risk with the potential to not only disrupt the business in the short term,but to cause permanent damage.“This is where insurers with a dept
84、h of experience and claims data insight can help.By sharing their vast experi-ence of risk to identify not only where businesses experience losses,but also to help identify the specific risks within a clients organisation,and tailor D&O cover to suit their needs”says MacCabe.Understanding the busine
85、ss mindset Specialist insurer Beazleys annual risk&resilience report asks C-suite directors to identify the key risks they believe threaten their business.The list includes supply chain instability,business interruption,boardroom risk,crime and both reputational and employer risks.Employer risk was
86、considered to be a key concern in 2021 by 11%of respond-ents.They also predicted it would remain the same for 2022,but it has actually increased dramatically in the last 12 months,with almost a fifth(19%)now considering it a major concern.Some of this may be associated with reputational risks from E
87、SG concerns.ESG was a new entry into Beazleys questionnaire for 2022,it jumped up the agenda for 18%of those surveyed.According to Beazleys research,boardroom risks have remained a Navigating the shifting business risk landscapeAs the business risk landscape continues to shift,now,more than ever,bus
88、inesses should consider their insurer less as a last resort and more as a trusted adviser.Developing a long-term relationship can provide the added value,insight and risk management that is invaluable at to help protect their operationsEvery risk is also a reputational risk with the potential to cau
89、se permanent damageof respondents rank cyber as their top tech risk now.34%of companies cite employer risk as a major concern,up five points from last year19%of business leaders feel they are operating in a moderate to high risk environment85%Beazley,2022Rfeel prepared to respond to it44%.butR A C O
90、 N T E U R.N E TB U S I N E S S R I S K0706Commercial featureansomware has been front page news in 2021.In a world of escalating cyberattacks,ransomware garnered attention with a series of attacks that targeted every type of organisation from utility providers to food suppliers to healthcare and loc
91、al authorities.These services can struggle to recover months after an attack.Such is the threat,the head of the National Cyber Security Centre(NCSC)described ransomware as“the biggest online threat to people in UK.”The problem is that some busi-ness decision makers still dont see ransomware in the s
92、ame context as other disasters,like fires or flooding.Cybercrime is the only industry where the scale of innovation happens on the criminal side.The more they achieve success the more we will see a rise in volume and severity,argues Andy Fernandez,senior manager,product marketing at Zerto,a leader i
93、n disaster recovery,backup and cloudmobility.“At some point every organisation will be faced with a ransomware attack and will need to recover,”he says.“If I was an organisation,my bigger concern is Forget fires and floods why disaster recovery should focus on ransomware Dubbed the biggest online th
94、reat to people in the UK,organisations should prioritise ransomware in their disaster planning,argues Zerto,a Hewlett Packard Enterprise companynot will a natural disaster or outage happen?Its I know Im going to get hit by ransomware.How am I going to respond tothat?”Weeks of downtime post-attackMan
95、y organisations with a disaster recovery and business continuity plan in place will be confident in their abil-ity to recover following an attack.But one critical question remains:how long will it take them to recover their data,and how much damage will be done in themeantime?“Often companies will b
96、e using legacy data protection,”says Fernandez.“Its not just about:can I recover?Its about how quickly I can recover.By the time those organisations are able to recover their data to become operational again the business has suffered massive dis-ruption.It can take days,even weeks,to recover data in
97、 those instances.Weve seen organisations pay the ransom,even when they have backups available because they cannot afford to spend the time recovering frombackups.Importantly,data loss and downtime are separatethings.“There are two important metrics,”says Fernandez.“The first is the recov-ery point o
98、bjective(RPO),which refers to the potential data loss the organisa-tion faces in the aftermath of an attack.When was the data last copied?Six hours ago,12 hours,one day?The second is the recovery time objective(RTO),which is how short is the timeline from the point of encryption to the point ofrecov
99、ery?”Continuous data protectionOne answer is continuous data pro-tection(CDP).CDP can reduce ser-vice levels both RPO and RTO from hours to minutes,even seconds.In fact,CDP recoveries can assist organi-sations in recovering to a state seconds before an attack,in justminutes.While traditional methods
100、 of data protection take timed snapshots as a way of backing up data,CDP solutions like Zerto continuously replicate that data.This can be to multiple sites,with no snapshots or performance impact with data being replicated every five seconds.This means customers can quickly restore entire sites and
101、 appli-cations in minutes,atscale.“Its about finding solutions that can get you back up and running without paying the ransom,”says Fernandez.When,not ifResearch suggestsit is a case of when,not if an organisation falls victim to a cyberattack.One IDC survey shows 95%of mid-sized and enterprise orga
102、nisations have suffered a mali-cious attack and more than a third have suffered more than 25attacks.Eight out of 10 of those attacks resulted in data corruption,with 43%of organisations experiencing unrecov-erable data within the past 12months.“Whether youre the CEO or CIO,ran-somware is not your IT
103、 managers prob-lem.Its your problem,”says Fernandez.“Because its a complete disruption that could tank your business and will if you dont prepare correctly.”To find out more please visit Its about finding solutions that can get you back up and running without paying the ransomR79%of boards believe t
104、hat improved risk management will be critical in enabling their organisation to protect and build value in the next five yearst may be comforting for business leaders to look on the Covid pandemic and the invasion of Ukraine as once-in-a-gen-eration events that could be neither anticipated nor plann
105、ed for.Yet some would argue that far from being black swans,both the pandemic and the Russian invasion should have been high on the corporate radar,even if their precise impacts on busi-ness were less certain.In order to better prepare for the next major threat,risk professionals must get a firmer h
106、andle on the infor-mation already available to them,says Oliver Harvey,global head of governance,risk and compliance at the intelligence software firm Nuix.“One of the remarkable features of our age is that the world has never been more awash with data and,in theory,this provides a massive opportuni
107、ty to reduce the number of out-of-the-blue events,”he says.Yet he points out that many chief risk officers(CROs)are“over-whelmed by the sheer volume of intelligence”from many different sources.The UKs National Risk Reg-ister mentioned a global pandemic back in 2008 but few took heed.He believes that
108、 many businesses lack the skills necessary to interpret the relevance of such information to their own organisation.Wheth-er the risk is an unexpected malware attack or a nega-tive media report,picking up the signs of an impending event requires vigilance across a business.“This is the perfect examp
109、le of how diverse teams bring big business benefits,”says Ahmed Badr,chief legal and risk officer at online pay-ments platform GoCardless.“The more perspectives you have,the bet-ter you become at spotting whats coming down the line and anticipat-ing risks that may seem out of the blue to everyone el
110、se.”In the aftermath of the pandemic,risk and resilience have climbed up the boardroom agenda.While many firms have traditionally carried out risk assessments annually,should their frequency now be increased?Yes,says Bolade Atitebi,senior vice-president of Mastercard Data&Services,who argues that th
111、e disrup-tion caused by both Covid and now Ukraine should trigger a re-appraisal of risk and mitigation planning.“Volatility,disruption and shocks will occur in the future,and main-taining an emphasis on emerging risks while not losing sight of risks already under the surface is the bal-ance to stri
112、ke,”she says.“Most organisations should have learned that the agility to assess business strategies on an ad hoc basis in order to address rising con-cerns is now critical.Preparation is key and likely to be more effective than prediction when it comes to out-of-the-blue risk.”Among the potential ev
113、ents that require specific mitigation are indus-trial action,terrorist attack,plane crash,flood,power,international conflict and future global pandem-ics,Atitebi adds.While the impact of Covid caught many organisations by surprise,a global cyber attack potentially as fall-out from the Ukraine confli
114、ct could be equally devastating.“A major attack on a public cloud provider could include the loss of data centres and suppliers,an ina-bility to access your bank account and an office and team whose roles would be rendered fairly meaning-less,”Groucutt says.become sidetracked by trying to predict bo
115、th the nature of the next threat and its precise timing.“While the potential impacts of a whole range of cataclysmic events are terrifying,they are easier to pre-pare for than the scenarios them-selves.Many CROs seem to lack the insight to understand this,”he says Information and agility are key for
116、 risk professionals,who need to look beyond current threats to predict the next major challengeThinking the unthinkableVirginia MatthewsWhatever their nature,all current and future risks to a business share a number of likely outcomes which should form the basis of the mitiga-tion process,says Peter
117、 Groucutt,co-founder of IT disaster recovery consultancy Databarracks.While many organisations,he says,base their risk and resilience assess-ment on theoretical what if scenari-os,he urges greater attention to the practical,on-the-ground impacts that risks tend to share.“Regardless of whether its wa
118、rfare,malware,a climate change event or a nuclear disaster,your organisation could be locked out of its headquar-ters,face a serious loss of data,a cut-off of supplies and be vulnerable to a full-scale business collapse,”he says.While part of the job of being CRO is to“think about the unthinkable”,a
119、s Groucutt puts it,many risk execs can In todays world,it all depends how far theyre prepared to go and how much theyre willing to pay to protect their business“The worst-case scenario for a commercial firm would be the loss of the entire business but,hopefully,there would be insurance to cover it.I
120、n the case of a hospital,say,the threat to patients would be at an entirely different level.”While such a major event may appear unlikely,routine malware attacks on businesses of all sizes have already become all too com-monplace,he says.Yet many victims prefer to pay up rather than put com-prehensi
121、ve mitigation plans in place.More than three-quarters of UK businesses were hit with ransom-ware demands in 2021,according to a report by data security company Proofpoint.As many as 82%paid the hackers to restore their data.“Even when we do meet clients who are prepared to go the extra mile to keep
122、their systems and data highly secure,we tell them that you can only plan so far,”Groucutt says.“We can back up their data,leave a copy of it on site,encrypt another copy and keep it safe in a cloud pro-vider,copy it all to another cloud pro-vider and even put it all on tape and bury it underground i
123、n a bomb-proof bunker lined with lead In todays world,it all depends how far theyre prepared to go and how much theyre willing to pay to protect their business.”Facebook co-founder Mark Zuckerberg once famously presented a business card with the title chief worry officer on it,while Coca-Cola boss J
124、ames Quincey is said to use the same descriptor as a joke in internal meetings.Post-Covid,the chief risk officer,someone who looks beyond a businesss status quo to predict and mitigate against future risks,is an indispensable part of many C-suite line-ups.Yet being a professional worrier is only one
125、 of the qualifications needed to succeed.A good CRO must also“understand psychology to prevent them from being adversely impacted by cognitive biases”,says Oliver Harvey from Nuix.As well as this,they need a strong understanding of the business to effectively challenge internal norms,he adds.The nee
126、d to play devils advocate is particularly suited to neurodiverse risk professionals,he argues,Often more adept than neurotypical colleagues at“seeing existing data in new ways”,such CROs may also be able to“identify risks earlier and more dynamically”.While associating risk with worry could obscure
127、the many and varied opportunities that come from challenging conditions,consultant Claire Trachet dislikes the worry word altogether.“I doubt a chief worry officer would be all that helpful to a company because while its easy to find problems,what is often needed is the ability to take calculated ri
128、sks the definition of enterprise and have a plan for when a crisis looms.”She believes that the best risk management“is done as a team”.And she warns:“By always crying wolf,a chief worry officer would most likely end up not being listened to at all.”Do brands need a chief worry officer?L E A D E R S
129、 H I PIThe agility to assess business strategies to address rising concerns is now critical.Preparation is more effective than prediction42%of risk management leaders look more than five years into the future when scenario planning28%of risk management leaders look more than five years into the futu
130、re when setting their organisations business strategyEY,202183%of board members believe market disruptions have become more impactfuliStockphoto/ipik1R A C O N T E U R.N E TB U S I N E S S R I S K0908Cyber incidents1Business interruption2Natural catastrophes3Pandemic outbreak4Changes in legislation
131、and regulations5Climate change6Fire,explosion7Market developments8Shortage of skilled workforce9Macroeconomic developments922022Ranking changePercentage of risk management experts who cite the following as a risk for their businessPercentage of respondentsPercentage of respondents2021Prev
132、ious rank2021 was a year of unprecedented disruption for businesses as cyberattacks,supply chain issues and climate catastrophes impacted companies operations.Combined with the ongoing impact of the Covid pandemic and,more recently,war in Ukraine,business resilience is being tested like never before
133、.But does the C-suite agree on the key risks and challenges for business-and therefore where they should focus attention?THE THE BUSINESS RISKBUSINESS RISK OUTLOOK FOR 2022 OUTLOOK FOR 2022Consistently volatile with multiple surprisesFractured trajectories separating relative winners and losersAccel
134、erating global recovery recoveryProgressive tipping points with increasing catastrophic outcomesBUSINESS EXPECTS THE WORLD TO BE MORE VOLATILE IN THE FUTUREPercentage of risk experts who give the following as their view for the world outlook over the next three yearsCMOs SEE TALENT ISSUES AS THE BIG
135、GEST CHALLENGE IN 2022Percentage of CMOs who ranked the following as the biggest headwind to growth in 2022CFOs SEE LABOUR SHORTAGES AS THE BIGGEST RISKRisks as cited by CFOs on a scale of 0 to 100 where 0 is no risk and 100 is high riskPersistent labour shortagesFurther interest rate risesLong-term
136、 effects of climate changePoor productivityMedium-term supply chain disruptionsEconomic weakness in USEffects of the Covid pandemicRising geopolitical risk globallyThe risk of high inflation/housing bubbleEffects of Brexit585055442Deloitte,2022FOR COOs,WORKER SHORTAGES AND EMPLOYEE TURNOV
137、ER IS THE BIGGEST CHALLENGEPercentage of CMOs who ranked the following as the biggest headwind to growth in 2022Worker shortages and employee turnoverCovid-19 variants extending remote or restricted workMaking supply chains more sustainableIntegrating new acquisitionsRethinking real estate footprint
138、sDigital transformation initiativesContinued global supply chain disruptionsInventory management44%28%17%22%36%43%29%18%PwC,2022TALENT IS ALSO A BOARD-LEVEL CHALLENGEPercentage of corporate board members who cite the following as important to their companys ability to grow in 2022Hiring and retainin
139、g talentDeveloping new products and servicesSupply chain resilienceCapitalising on digital transformation initiativesIncreasing agility44%28%36%43%29%PwC,2022Chief Outsiders,2022*may not add up to 100 due to roundingCEOs ARE MOST CONCERNED ABOUT CYBER RISKSPercentage of CEOs who are very or extremel
140、y concerned about the following global threats negatively impacting their company in 202249%32%18%43%48%33%PwC,2022Cyber risksMacroeconomic volatilityGeopolitical conflictSocial inequalityHealth risksClimate change43%29%24%6%Talent/labour issuesNew Covid measuresSupply chain issuesInflationAllianz R
141、isk Barometer,2022World Economic Forum,202242%37%11%10%44%40%42%42%25%22%19%17%17%15%13%11%17%19%40%11%16%19%8%11%R A C O N T E U R.N E TB U S I N E S S R I S K1110ORGANISATIONS ARE REALISING THE VALUE OF TAKING THIRD-PARTY RISK MANAGEMENT MORE SERIOUSLYPercentage of organisations citing the followi
142、ng as their level of third-party risk management(TPRM)maturitylobal supply chains have been exposed to unprece-dented risk in recent years.A host of issues,ranging from Brexit and the Suez Canal blockage to the Covid-19 crisis and,most recently,the war in Ukraine,have all caused huge disruption.But
143、supply chain risk is not limited to the physical sphere.As business-es have grown exponentially thanks to increased digitalisation and reli-ance on third-party digital prod-ucts,they have left themselves exposed to a growing cyber threat.Supply chain attacks are when a companys data is compromised v
144、ia the hacking of a third-party suppli-er with legitimate access to its cus-tomers systems.Hackers can insert malicious code into trusted hard-ware or software at the source,com-promising the data of its customers and then their customers in an onward chain.One of the most devastating exam-ples of t
145、his is the 2020 SolarWinds incident,referred to by Microsoft president Brad Smith as the“largest and most sophisticated attack ever”.In late 2019,the major US IT firm was targeted by hackers later One company that has considered these issues at length is E.ON.The European utility provider,which serv
146、es 53 million customers across 30 countries,recognised the need to expand its processes and proce-dures to protect itself and its cus-tomers from potential data loss via its third-party online ecosystem.“To tackle the issue,E.ON first had to understand the risks it was exposed to,”says Ran Nahmias,c
147、o-founder and chief business officer at Cyberpion,whose ecosys-tem security platform E.ON used to gain full visibility of its vulnerabili-ty to cyber attacks.By carrying out an inventory of E.ONs internet-facing assets and the third-party assets it relies on,as well as the chains of vendor relation-
148、ships,the company was able to understand its total risk exposure and allocate resources accordingly,reducing its exposure to operational disruptions and data loss.While the complex threat from supply chain attacks remains,busi-nesses that focus on analysing their exposure profile and mitigating the
149、risks they discover give themselves the best chance of staying one step ahead of the hackers.product inside the code and in situ from a penetrability perspective.”When assessing third-party sup-pliers,companies must ensure that they are thoroughly vetted and that their security practices meet the re
150、quired standards.They also need to put in place a contract with the appropriate clauses to ensure they comply with the necessary regulato-ry and legislative privacy and secu-rity requirements.Firms also need to analyse emerg-ing third-party risks,as well as mon-itoring for suspicious activities on t
151、heir systems and network.They should also only give network and systems access to those third-party vendors and apps that require it to perform their duties,and identify and monitor all access points.Patching should be carried out on an ongoing basis,by ranking and scheduling updates in order of imp
152、ortance.In addition,organisa-tions should regularly backup their systems to maintain their data.This is in addition to having all necessary cybersecurity protocols in place and complying with the rel-evant data protection laws and regu-lations,as well as implementing ongoing staff training and knowl
153、-edge updates.Should the worst happen and a breach occur,companies must have a robust incident response and risk management strategy in place,as well as a disaster recovery and busi-ness interruption plan to ensure they get back on their feet with min-imal disruption to services.Organisations also n
154、eed to under-stand and learn from previous cyber attacks,and shore up their vulnera-ble areas by carrying out internal penetration tests.exploited,as evidenced by Log4S-hell,a critical vulnerability in the logging tool Log4j that is used by millions of computers worldwide.Hackers target victims thro
155、ugh the key communication channels and software of third-party suppli-ers to gain access to their customers.A favoured attack method is through hijacked software updates as in the SolarWinds case which accounts for 60%of software supply chain attacks and disclosures,according to research by US think
156、 tank The Atlantic Council.“Over the past few years,there has been an increase in next-generation supply chain attacks,”says Ilkka Turunen,field chief technology officer at supply chain security firm Sonatype.“These direct attacks can involve,for example,malicious actors injecting new vulnerabilitie
157、s into open source projects.”To combat the threat from these attacks,companies must have full visibility of all of their third-party relationships and dependencies.That means reducing the number of third-party providers they use,wherever possible,so there are fewer entities they have to monitor.Of c
158、ourse,this does not guarantee the integrity of their products.“Regardless of the vendors reputa-tion,the product itself might have security gaps,”says Heinrich Smit,who is deputy chief information security officer at cybersecurity spe-cialists Semperis.“When working with newer com-panies,be sure tha
159、t you can view the companys product controls.Inde-pendent code reviews and applica-tion vulnerability reports are also very helpful because they evaluate a With complex third-party cyber attacks exposing vulnerabilities in the digital supply chain,businesses need to be increasingly vigilant to prote
160、ct both themselves and their customersidentified as originating in Russia who used malicious code to gain access to the sensitive data of many of SolarWinds clients,including technology giants Microsoft and Cisco,and the US Department of Homeland Security.In March 2020,SolarWinds began unwittingly s
161、ent out software updates to its custom-ers that included the hacked code,which enabled the hackers to access their IT systems and data too.The breach went undetected for months,with some victims not knowing whether they had been hacked at all.The full extent of the attack is yet to be determined,mea
162、ning it could take years to fully secure all the systems affected.As companies have accelerated their digitalisation strategies to con-tinue operating and to support their staff remotely during the pandemic,so they have become more depend-ent on third-party software and tech.This,in turn,has increas
163、ed firms attack surface exposure and points of vulnerability.Supply chain attacks often start due to a mismanagement of critical access points.Known weaknesses in IT management platforms are then Deloitte,2021Alex WrightOver the past few years,there has been an increase in next-generation supply cha
164、in attacksCode red:the growing threat from supply chain attacksGT E C H N O L O GYInitialNone or very few TPRM elements addressed53ManagedConsideration given to addressing all TPRM elements with room for improvement4549IntegratedMost TRPM elements addressed and evolved2226OptimisedTPRM elements addr
165、essed and evolved45Pre-Covid-19 assessmentPost-Covid-19 aspirationDefinedSome TPRM elements addressed with limited effort2316Solarwinds was hit by a cyber attack that affected other businesses in its supply chainiStockphoto/BalkansCatCommercial featureHas your company reached data maturity?Data is c
166、rucial to decision-making,even more so when facing an unexpected challenge.Companies need to make sure they are serving the right data,to the right people,at the right timeata is the foundation of any strong business.If you dont have insight into how your business is operating then you wont be able
167、to manage-let alone see-the risks youre taking.Recent history has taught us the value of planning for the unexpected.Yet beyond global pandemics,there are new technical,legal and business challenges spring-ing up all the time.As this happens,the companies that succeed are those which can best exploi
168、t the data they have to gain insights and make decisions about where to go next.The issue often isnt a lack of data but that companies can end up with too much data spread across differ-ent systems that require different skills to access and analyse.Nearly four in five organisations make use of data
169、 from more than 100 different sources,with 30%making use of over 1,000,while nearly 80%store more than half of that data across multi-ple cloud services.The data usually exists,somewhere,but all too often cannot be accessed or analysed to give useful insights.Organisations need more than just data,t
170、hey need data maturity,which means serving the right data,to the right people,at the right time.The data needs to be high quality,highly rele-vant and compliant with regulations.The correct people need access to it-whether thats the CEO who needs high-level strategic insights or a marketing manager
171、who wants to understand the performance of a specific campaign.And the time needs to be right:its not good enough to understand whats already happened,you need to be able to see whats happening now and have a view of the future through tools such as predictive analytics.Yet with the business landsca
172、pe constantly changing,even the data a company is managing can present risks as the important information they need to collect evolves.For instance,the amount of data relating to envi-ronmental,social and governance(ESG)issues that a business needs to understand is increasing.In the next few months,
173、new regulations for firms operating in the UK will require report-ing on the risks and opportunities pre-sented by climate change,while those operating in the EU will need to abide by new rules requiring disclosure of the impact the firm has on climate change mitigation and adaptation.Beyond regulat
174、ion,firms are dealing with consumers who have a growing environmental,political,and social conscience about what they buy,how they buy and who they buy from.Its not enough to label a product as sustainable,businesses need to truly understand their entire supply chain to ensure every part of it actua
175、lly lives up to the environmental and societal impacts they want to claim on the final product.Conversely,suppli-ers need to ensure they can deliver high-quality data about what theyre supplying;companies themselves will increasingly make purchasing deci-sions based on the accountability of the supp
176、ly chain theyre hooking into.One answer is to use a standard-ised data management platform that can deliver this level of maturity by ensuring the right level of data qual-ity,compliance and access is avail-able to help staff drive business decisions.This process doesnt nec-essarily require thousand
177、s of hours of manual work;increasingly machine learning and AI can be leveraged to ensure that the data is of high qual-ity and that its presentation complies with GDPR and other governance rules,for example masking personal data where necessary.With this in place,firms can better understand the dat
178、a theyve gathered and turn it into actionable insight.As Greg Hanson of Informatica puts it:“Our intelligent data management cloud has helped organisations drive acquisition and retention with a more accurate view of a customer and their interactions with the business.”He points to the example of Ve
179、rizon,who gained better insight into their customers journeys through having a cohesive data management platform.As a result they were able to deliver self-service digital resources that ultimately reduced call service vol-umes by 26 million a year.The pandemic saw organisa-tions of all kinds pivoti
180、ng to a digi-tal-first approach and dealing with fast-changing levels of demand.Those that were able to implement,or were already implementing,intelligent data management experienced huge benefits.NYC Health+Hospitals,the operator of New Yorks public health system,was able to make use of intel-ligen
181、t data management to streamline its response.This covered everything from ensuring healthcare workers had better diagnostic tools to the rapid creation of dashboards to document and forecast the impacts on the ser-vice.The technology now in place can be reapplied to any future,large-scale health eve
182、nts.In a different field,meal delivery firm HelloFresh was able to rapidly scale as it experienced increased demand as people opted to eat at home.This is because its robust ana-lytics and forecasting systems meant that change in demand was immedi-ately obvious to those who needed to see it,even wit
183、h most employees working remotely.By definition,it is not possible to plan for unpredict-able events,but when they happen,ensuring that high-quality data is immediately accessible to the right decision-makers means they can respond quickly and appropriately.The pandemic and ESG regulations are just
184、two examples of how the risks faced by businesses will continue to shift-both through sudden shocks and as legislation,technology and the consumer environment change.Businesses need to evolve to match changing risks.Those that succeed will be the companies that use data on past performance alongside
185、 real-time updates and predictive fore-casting to make high-quality choices about how they operate.Too often,data management as a discipline hasnt received the pri-ority or focus it deserves,but if its done intelligently it can actually push a business forward.Understanding the risks means understan
186、ding the opportunities.As Hanson puts it:“Digital maturity is a continuous pro-cess,not an endpoint.Truly mature organisations will rethink data man-agement implementations and make the strategic decisions that will allow them to identify risks,pivot quickly and drive value.”For more information ple
187、ase visit mature organisations will rethink data management implementations and make the strategic decisions that will allow them to identify risks,pivot quickly and drive valueDIDC GLOBAL SURVEY OF THE OFFICE OF THE CHIEF DATA OFFICER The study highlighted how critical data management is to digital
188、 transformation,noting that organisations with a high level of data maturity generate 250%more value from their databarrier to digital transformation is data fragmentation and complexity#1Informaticaof organisations are using more than 100 data sources;30%are using more than 1,000 sources79%of data
189、leaders are barely keeping the lights on when it comes to data management rather than driving strategy or innovation with data37%of organisations list migrating data management functions to the cloud as a priority30%of organisations do not yet have the architecture in place to manage end-to-end data
190、 activities75%of organisations store more than half of their data on hybrid and multi-cloud infrastructures80%#1R A C O N T E U R.N E TB U S I N E S S R I S K1312Commercial featureith the threat of cyber attack ever on the horizon,both the European Commissions Digital Operational Resilience Act(Dora
191、)and the Financial Conduct Authoritys Operational Resilience regulations have been implemented to ensure all financial services com-panies adhere to a common set of standards around cybersecurity and operational resilience.The first major institutional framework for ensuring operational resilience,i
192、t is fundamen-tally changing the ways in which com-panies manage risk.“You need to have a wider enterprise integrated risk management solution to cater for the requirement.Because what you generally find is that these solutions get built up in their siloes.With something like the Archer plat-form,”s
193、ays Chris Mann director for Archer European business,“youre able to achieve control harmonisa-tion.”With uniform regulation in place,companies can look across their busi-ness units and centralise risk and resil-ience strategies to ensure no gaps are left in the corporate defences.But in the 10 years
194、 or so that oper-ational resilience has become a key corporate need,ownership of it has sat within individual teams.Finance,say,looked after its own resilience strategy while digital did so as well.Now,the shift to centralisation is seeing organisation put the reins in the hands of a single leader w
195、ithin the company,says Mann.“Its starting to become the bridge to all of these dif-ferent siloes,”he adds.Thats been the case for global wealth management platform FNZ,which has built a culture of risk man-agement that uses a strong framework How centralising risk management can improve resilience O
196、perational resilience has traditionally been siloed across many teams,but a single vision can help companies mitigate against future riskfor risk management that links to its operational resilience strategy.It has deployed Archers Operational Resilience tool,which enables teams across the organisati
197、on to operate within the same framework and stand-ard for risk management.The system is configured to allow teams to use the same syntax across the company,while still enabling them to draw indi-vidualised,meaningful analysis from the data itself.“Operational resilience is strong risk management and
198、 risk management done well,”Kirsty McLaughlin,global risk systems manager at FNZ,says.“All we had to do was pull all those threads of data together.”Mann adds that ability to gain visi-bility across the organisation not only leads to a more resilient business,but a stronger reputation as well.“If yo
199、u dont have the appropriate risk con-trols in place to sustain business long-term,youre going to have shareholder value issues and youre going to have reputational damage.”By aligning a companys many data sources and providing a more insight-ful analysis of that data will lead to“a single source of
200、truth.”The two plus years of disruption the world has experienced has only eluci-dated further need for better insight and a stronger,more resilient business.Not only has Covid-19 affected busi-ness,but climate change has posed a risk to businesses around the world.The Dora and FCA regulations are c
201、oming into force at an optimal time to encourage the financial sector to achieve operational resilience.“This regulation just takes that idea that youre never too big to fail and turns the dial a bit more,”Mann says.He points to key aspects that could lead to an“oper-ational downfall”the likes of th
202、e ongo-ing climate crisis,supply chain disrup-tion or cyber attack as indicators that theres a greater need for organisations to prove to shareholders that they are mitigating risk wherever possible.If companies can implement improved scenario analysis and risk quantification,as FNZ has done through
203、 the Archer Operational Resilience platform,they will be better placed to address future disruption.Similarly,quantification of risk,like with Archer Insight,can support deci-sion-making with actionable informa-tion.Rachael Ward,head of group risk oversight operational resilience at FNZ says,“Effect
204、ive risk management enables our own management to safely deliver business strategy and plansIt maintains focus on the prevention of consumer harm,it supports risk-based decision-making,and also then deliv-ers clear accountabilities across all of our lines of defence.”Defending a company in the finan
205、-cial services sector against disruption is of the utmost importance,affect-ing businesses and individuals around the world.With the new regulations in place,it is now the charge of compa-nies to create operational resilience strategies that enable their businesses to come together behind a centrali
206、sed framework and resource for under-standing and mitigating risk.For more,please visit archerIRM.com/operational-resilienceWARCHERFirms cannot risk inaction on net zeroith humanitys impact on the warming of the planet now deemed unequivocal by the UN,the pressure is on every business to cut its car
207、bon footprint.However,the problem can seem so overwhelming that it leads to the opposite result no action at all.Its a paradox.While customers increasingly pressure firms to blaze a sustainable,carbon-cutting trail,progress is too often confounded by a range of obstacles.These include fears over poo
208、r investment deci-sions,perceived concerns of a lack of knowledge,or worries about engag-ing someone without the genuine expertise demanded.There will always be risks when change is necessary.But when it comes to climate change,its rapid-ly become unviable to do nothing.For many businesses,particula
209、rly smaller firms,it can sometimes seem that only transformational and radical change will make an impact.But think of it like running:if youre new to the exercise,its best to stick with 5km jogs than attempt-ing a marathon.Nicolas Lefevre-Marton is a man-aging director of sustainability solu-tions
210、at Engie Impact,which helps public and private organisations including its sister energy firm Engie to plan and implement sus-tainable strategies.“Net zero is not a switch;there are milestones and steps,”he says.“The most rewarding and easiest thing to do is to get a handle on the data and start to
211、understand your emissions where they come from and how they can change rather than drowning in the concept.”Lefevre-Marton realises that even with the affordability of renewable energy falling and the likes of elec-tric vehicles becoming cheaper,cost is one of the biggest risks for compa-nies in ach
212、ieving net zero.“Theres the economic risk,but theres also the regulatory risk.If you dont preempt these actions then its possible you get caught out as the regulations can move faster than expected,and if youre not ready to act,thats an issue,”he says.they want to do,where they want to go and how th
213、ey want to do it.However,she acknowledges that not all small businesses will believe there is a benefit unless theres lots of pressure to report it or demand from their customers.Theres another major issue for some firms,Conor realises:if they spend money improving the energy efficiency of their bui
214、ldings,their business rates will rise,which can feel like theyre being penalised for trying to do the right thing.While a business rates relief for green improvements to buildings is set to be introduced in April 2023,many think the government can do more to encourage the transition to net zero,alth
215、ough this doesnt mean companies should entirely abdicate their responsibility to parliament.First Wealth has a commitment to be net zero by 2030,which it intro-duced as part of plans to become B Corp-certified.Anthony Villis is the firms manag-ing director.He says the company was initially weak in t
216、erms of under-standing its environmental impact when securing B Corp status,but that measuring its carbon footprint in terms of scope one and scope two emissions was“fairly straightfor-ward to get your head around”.Scope one covers direct emissions,while scope two means the emis-sions that come from
217、 things such as electricity and heating bills.More challenging are scope three emissions,which are those in the supply chain.First Wealth invests in roughly 10,000 companies through a range of funds and so quantifying that carbon footprint is almost impossible.But the quality of report-ing around em
218、issions is improving,meaning that wealth managers like Villis may soon be able to identify greener funds via verifiable data.While that will be a slow process,Villis is pleased with what his firm has already done and hopes that oth-ers will follow suit.“We all have a role to play and everyone has a
219、responsibility to do something,whether as a family or a company,”he says.“Its about how businesses want to run:is it all about the bottom line and profit for share-holders or,like us,do you see an opportunity to grow a business that does good things too?”For business owners and managers daunted by t
220、he prospect of tackling their carbon footprint,engaging employees should be the first step.Villis says his firm has a shadow board with various subcommittees,including one focused on its envi-ronmental efforts.Robinson,mean-while,suggests that the“single most important thing managers can do is to gi
221、ve permission for their people to make changes”.Lefevre-Marton adds:“Having a mission is hugely empowering for teams to work on,and there are few greater things that they can get hold of than decarbonising the world.”Many businesses feel overwhelmed by the challenge of cutting emissions,but doing no
222、thing could be the most dangerous strategy of allPreparedness therefore seems cru-cial.But even with improved knowl-edge and understanding,enacting change can be challenging.“Mobilising organisations at the scale net zero demands has not been done before,”he says.With energy production represent-ing
223、 close to 75%of global green-house gas emissions,its intuitive that large energy firms,in particu-lar,are prioritising the problem.But for smaller businesses and organisa-tions,comprehending the issue and identifying the actions required can be a demanding task.Mike Robinson is chief executive of th
224、e Royal Scottish Geographical Society(RSGS).It launched a Cli-mate Solutions course two years ago to help distil the vast quantities of information available on climate change into manageable chunks and to help firms develop strategies and action plans.“Were trying to reassure business-es that some
225、things they can do are clear-cut,”he says.“While some businesses might feel they want to wait,a lot of what were trying to do is say that this is the direction of travel,so its not about whether to do it,but when.”iStockphoto/Panya RiamthaisongTHE MOST SEVERE RISKS ON A GLOBAL SCALE OVER THE NEXT 10
226、 YEARSChief risk officers rank the most severe risksNet zero is not a switch;there are milestones and stepsBradley GerrardWorld Economic Forum,2021S U S TA I N A B I L I T YWHow are world events impacting how firms manage risk?The pandemic,global warm-ing and now events in Ukraine have forced organi
227、sations to rethink how they keep up with the speed of new risks emerging,the profile of known risks changing and how risk management practices need to adapt.Gone are the days when a board reviewed its principal risks on an annual basis.Managing risk today must be a dynamic and continuous process-and
228、 on every board meet-ing agenda.It cannot be written up as part of an annual report then put away for the rest of the year.Even in a great report,theres often still too much focus on the short term and the downside of risk,to the exclusion of thinking longer term and about the myriad opportunities w
229、ell-managed risk can offer.RJOver the past few weeks,we have seen once again how the velocity and context of risk can change dramatically within a mat-ter of days,if not hours,and how companies are affected no matter where they are based or what line of business they are in.Recent crises have forced
230、 organisations to rethink how they keep up with the speed of risk and they can only do that if they get their risk management frame-work-the principles,processes and the practices-better aligned.We have seen even the most mature enterprise risk frameworks become disconnected from opera-tional teams.
231、Getting risk manage-ment into every conversation and decision across the organisation is key.It is the responsibility of the board to ensure that the risk man-agement framework is fit for pur-pose,and properly resourced and aligned with the purpose and cul-ture of the organisation.How do companies b
232、etter set themselves up to manage risk?Space exploration,medical advances and new technolo-gies all create seismic change and expand human frontiers,yet bring with them different and new risks.These are often hard to understand and difficult to insure,which means decision-makers must widen their fie
233、ld of vision to consider risks that could emerge or change as the world and business evolves.As the frequency of global turbu-lence is increasing,managing risk is changing.Companies should use scenario analysis to understand the emergence and the consequences of risks.They can then use the outputs t
234、o inform ambiguities and identify any connectivity between risks,and as the basis for designing controls,including response plans and rehearsals for when things go wrong.RJRisk professionals have been candid about the questions they have to ask themselves and their teams.They need to stop look-ing a
235、t the past and instead offer more analysis about what is ahead-more foresight about what our expected and unexpected losses look like-if we are to remain rele-vant or have any success at steering organisations in the right direction.How can risk professionals play a more strategic role in the future
236、?In dealing with the risks we face,risk professionals have become multi-disciplinary and have had to work with others in a more continuous and coordinated way.Risk has never been so tied to perfor-mance,so it must be embedded in an organisations strategy and,cru-cially,in the heart of its culture.JG
237、Risk professionals need to communicate effectively with the board and stand as trusted advi-sors.Companies that look longer term to build an organisation that is adaptable,agile and resilient will drive more sustainable growth.The modern risk professional has a lead-ing part to play.Managing risk mu
238、st be a dynamic and continuous process-and on every boards agendaI N S I G H TJulia Graham CEO of Airmic(left)Rachael JohnsonHead of risk management and corporate governance,ACCA(right)Julia Graham,CEO of Airmic,and Rachael Johnson,head of risk management and corporate governance at ACCA,together ex
239、amine how risk management must change and become more strategic as the world becomes more volatile JGQJGQRJQThe RSGS believes there is a lot of opportunity in acting now,he says.“While there might be risks if you are a really early adopter of a new technology,there are plenty of things most organisa
240、tions can do now to make a difference.”Robinson thinks many organisa-tions that have taken steps to reduce their emissions seldom publish their efforts,believing their work will be criticised as insufficient.However,Climate Solutions has“accidentally created a safe space where people can ask daft qu
241、estions and feel con-fident,which has been an important thing”,he says.Helping organisations to bridge the knowledge gap is one of the key aims of West Yorkshires Manufac-turing Task Force,established by Mayor Tracy Brabin,the former Labour MP for Batley and Spen.Fiona Conor,managing director at Tru
242、st Electric Heating,is chair of the task forces net-zero group.It is working to help businesses under-stand how to measure and cut their emissions andidentify how to get funding to help implement changes,as well as trying to provide compa-nies with comprehensive,but man-ageable,amounts of informatio
243、n.Conor acknowledges that because small companies do not have the regulatory imperative to report their carbon reduction plans like their larger counterparts,progress could be slow.But perhaps because of her mar-keting background,Conor sees pub-lishing this information as an opportunity for firms to
244、 detail what Economic EnvironmentalGeopolitical SocietalClimate action failure01Extreme weather02Biodiversity loss03Social cohesion erosion04Livelihood crises05Infectious diseases06Human environmental damage07Natural resource crises08Debt crises09Geoeconomic confrontation10R A C O N T E U R.N E TB U
245、 S I N E S S R I S K1514Commercial featurehe global risk landscape has never been more compli-cated,nor moved at such rapid speed.Data has an essential role to play in risk mitigation,informing faster and better decision-making,but there are only so many highly skilled data scientists to go round.To
246、 unlock data-driven decisions across all departments and at all levels,organisations must democratise ana-lytics.The key to intelligent risk miti-gation is enabling everyone to become citizen data scientists,says David Sweenor,senior director of product marketing at Alteryx.How has the heightened ri
247、sk landscape impacted businesses?The pandemic disrupted everything.The sheer necessity to continue operating through gov-ernment-mandated lockdowns has accelerated digital transformation by several years in just a few months.Business leaders realised their tradi-tional operating models were just not
248、 viable;neither was making decisions on gut instinct.Two-thirds of decisions are more complex than they were two years ago,according to Gartner.We can see pretty clearly that those who were able to use data and ana-lytics to make decisions were much better able to thrive in that vola-tile environmen
249、t.But that doesnt end when the pandemic ends.From supply chain chaos to geopoliti-cal confl icts,disruption is the new normal and winning in this landscape relies on an ability to make fast,accu-rate,data-driven decisions.What is holding organisations back from embracing data-driven decision-making?
250、Almost all organisations under-stand the importance of data-driven decision-making,but only a minority are making it work.Data is everywhere and is ever-increasing in volume,but the reality is its not being used effi ciently.Some 62.4 billion work hours the equivalent of 100,000 life-times are waste
251、d each year on inef-fi ciencies in data work,according to research by Alteryx and IDC.Thats a fi fth of the total working week spent redoing the same calculations from the week before using spreadsheet and PDF data.Risks are continually evolving but solutions exist,they just often arent put together
252、 in a meaningful way.The key to data-driven decision-making isnt just technology its people upskilling.Why are companies struggling to build enough analytic capacity?Organisations are facing a huge challenge in securing a limited amount of analytic capacity.Some 91%of businesses surveyed told Altery
253、x they cant meet their potential due to this data skills gap.Fortunately,how-ever,there is another way to solve the problem:by democratising the insight generation process.The best people to solve challenges and mitigate the risk of a lack of busi-ness intelligence are those closest to the problem.T
254、hese are the manag-ers and knowledge workers across the organisation with domain expertise in their specifi c line of business.If busi-nesses can give them tools to easily understand data and transform data into insights,they are empowered to solve their own micro-problems.And by solving millions of
255、 little prob-lems and making decisions that are fuelled by analytics,companies natu-rally become data driven.There is still a need for data scientists,but they can focus their efforts on bigger problems.What kind of technology ena-bles organisations to democra-tise insight generation?Accessible,low-
256、code/no-code solutions bridge the gap by trans-forming standard workers into citizen data scientists.The Alteryx mission is to empower every person around the world to use data and analytics.We have lots of examples where people not trained in data and analytics can use the software to create workfl
257、 ows that,for instance,automate tax processes,receipts or shipping invoices.Thats a form of artifi cial intelligence but the users dont even realise theyre using AI.Alteryx has a very active community of more than 300,000 people globally working across every line of business because of the incredibl
258、e ease-of-use of the software.If you can get insights to the right people at the right time,they will make better decisions and be able to thrive in a volatile and uncer-tain landscape.For more information,visit Democratising data science to better mitigate riskQ&ABusinesses with agility react bette
259、r to disruption,but a data skills gap is holding them backThe best people to solve challenges and mitigate the risk of a lack of business intelligence are those closest to the problemDemocratising data science mitigate riskbetter to disruption,but a data skills gap is holding them backThours are was
260、ted each year on ineffi ciencies in data work-the equivalent of 100,000 lifetimes62.4 billionAlteryx&IDC 2022of decisions are more complex today than they were two years ago 2/3Gartner,2022of businesses say they cant meet their potential due to the data skills gap91%Alteryx&YouGov 2022our days after
261、 Vladimir Putins soldiers invaded Ukraine,the price compar-ison website Compare The Market pulled its TV ads featuring the ani-mated Russian billionaire meerkat Aleksandr Orlov and his faithful sidekick Sergei from news bulletins.The popular price comparison websites owner,BGL Group,said the fiction
262、al meerkat characters have no association with Russia and the cur-rent situation,and that it was con-tinually reviewing its advertising.The speed of the action would sug-gest a defensive move to distance the company from any association with Russia,as the world looked on aghast at Putins attackReput
263、ational damage caused by any number of risks account-ing scandal,data breach or sup-ply-chain issues can ultimately destroy a company if management does not handle it well.Historically,risk management including reputational risk has been overseen in a silo separate from executive leadership.In recen
264、t years,however,it looks as if execu-tives are finally taking reputational risk seriously.“Theyve pre-emptively decided not to put themselves in a situation where they can be reputationally damaged,”Tricia Fox,of Cunningly Good Group,says of Compare The Markets move.“That makes sense.That implies th
265、at there are com-panies that take reputational risks very seriously and act upon it.”Compare The Markets decision is a modern-day example of how to tackle reputational risks before they become an issue.But few organisa-tions have such a proactive commu-nications division with a direct line to the bo
266、ardroom.So,how should leaders act if faced with a damaging reputational event and how can they mitigate this risk?Identifying potential issues and building a risk register are the first steps.Next,is devising a risk man-agement strategy and ensuring all those responsible for this aspect of the busin
267、ess,including the commu-nications department,are up to date.The level of each risk will change depending on a range of internal and external factors,so the need to monitor the risk register and strat-egy regularly is critical.It must be a dynamic process.“In general,there is a poor under-standing of
268、 the sources of reputa-tional risk and how to manage them.Situational awareness is everything.Monitor evolving threats and test their potential impact.Ask what if?in relation to the current landscape,forward risks,historical issues and unforeseen events,”says Ryan McSharry,head of crisis and litiga-
269、tion at PR firm Infinite Global.Compliance is also vital.“The most effective way to mitigate rep-utational risks is to build a culture of compliance and resiliency.This means ensuring everyone knows what is expected of them by hav-ing a clearly articulated policy and procedure,”says Lauren Kornutick
270、,solutions manager for compliance at Fusion Risk Management.Often,when an organisation comes up against a risk,it only becomes a reputational issue when it hasnt been handled swiftly,clearly and honestly.In todays world of social media and citizen journalism,the so-called golden hour no longer exist
271、s.This means that,irrespective of whether the companys leaders know all the facts,its critical that they publicly acknowledge the issue and explain how they plan to deal with it.“Tell it first,tell it fast and tell it clearly.If you become aware of the issue and can head it off at the pass before th
272、e media gets wind of it,then do so.Take the initiative and,in doing so,you can control the message,”says Paul MacKenzie-Cummins,founder and manag-ing director of Clearly,a reputation management and PR agency.If,however,the issue becomes public first,management can still recover control by acting qui
273、ckly and honestly.“In this instance,the advice is to acknowledge it and explain what steps are being taken to remedy the situation.Whatever you do,dont go into hibernation mode and hope it will go away that will only fan the flames and exacerbate the damage to the organisations reputation,”MacKenzie
274、-Cummins says.Customers,employees and stake-holders are savvy.If they feel they have been deceived,the damage to reputation can spiral downwards very quickly.Take the data breach at TalkTalk in 2015,when the company failed to publicly acknowledge the prob-lem of hackers stealing thousands of custome
275、rs personal details,includ-ing bank accounts.At the time,the company faced a record fine and,ultimately,its CEO Dido Harding had to resign.Recently,in the wake of a reputa-tionally damaging incident,busi-ness leaders have tried shifting the negative public focus by adopt-ing a new“favourable purpose
276、”in its recovery.If this is a genu-ine,well-managed core strategy of change within the business,it can work.But often,companies choose this route of purpose for inauthentic reasons,which shrewd consumers and investors will quickly uncover.“Consumers are an unforgiving bunch and will drop a brand or
277、busi-ness in an instant if they feel misled.This is where responsible reporting is needed.Businesses need to hold themselves to account and demon-strate the tangible impact they are making,rather than paying lip ser-vice,”MacKenzie-Cummins says.In a fast-moving,interconnected world of global busines
278、s,prevention is always better than cure.Its not uncommon for a company to lose as much as a third of its value because of a reputational risk.The investment a company makes in developing and managing a robust and well-monitored reputa-tional risk management infrastruc-ture is,ultimately,far less tha
279、n the cost of responding to a crisis and the ensuing reputational fallout.Its worth remembering that it takes years to build a good reputa-tion but minutes to destroy it.Historically,there has been a poor understanding of the potential sources of reputational harm but risk management is moving up th
280、e executive agenda with new,proactive approachesRisking your reputationMichelle PerryConsumers are an unforgiving bunch and will drop a brand or business in an instant if they feel misledB R A N DFCOMPANIES FACE MAJOR LOSSES IF THEIR REPUTATION IS DAMAGED Percentage of companies that cite the follow
281、ing as negative business outcomes that come as a result of reputation damageLoss of income,reduced customer base86%Less attractive as employer57%Loss of license to operate37%Investor activism33%Lowered ESG rating27%Loss of talent62%Loss of benefit of doubt in time of crisis37%Increase of regulation
282、35%Impacted supply chain30%Loss of support policies that are favourable to the organisation27%Willis Towers Watson,2021In 2020,SolarWinds,a large US IT company with customers including the US Department of Homeland Security and the Treasury Department was hit by a sophisticated cyberattack that led
283、to a data breach.Sudhakar Ramakrishna,its CEO and president,took up the role just days before the data breach became public knowledge.Despite having the option of walking away,he instead took on the challenge of resolving the breach,fixing the damage to the companys reputation and building back lost
284、 trust.Remarkably,just over a year into his role,he has achieved those goals.The company is almost back at its historical 90%customer retention rate,which had dropped to between 80%and 85%following the supply-chain attack.The firm has also recently begun acquiring new customers again.Due to Ramakris
285、hnas swift actions,the damage that the hack could have created ended up being far less severe than was feared.Ramakrishna stabilised the company and fixed the breach by following a strict framework he devised.Called secure by design it focused on three key things:what happened,how it happened and wh
286、at we are doing about it.Coupled with the framework,Ramakrishna enacted the strict operational principles of transparency,relentless communication,humility,belief in a solution and collaboration.“Our focus was our customers and our business,while also dealing with the press,PRs,regulators and govern
287、ment.If the government wants to know something,collaborate with it,do not try to hide the issue and do not wish the problem goes away,”Ramakrishna says.He also spent months working with worried customers.“They have a right to be confused.They have a right to be angry.Dont brush it off,work towards e
288、ngaging them,he suggests.SolarWinds fixed the issues that allowed the original breach to occur,publicised the changes and communicated them to customers and the wider industry.Today,the firm is,arguably,among the most secure in the world and one its customers trust again.SolarWinds and how it fixed
289、a major reputational riskUnsplash/Loic Leray Copyright Informatica Inc.2022.Learn more at of the Fortune 100cloud technology partners5,000+active customersTrusted by:At Informatica,we create a world where data is poised for greatness,ready to deliver outcomes of unprecedented brilliance at a scale never imagined.With our Intelligent Data Management Cloud,powered by CLAIRE,our AI engine,you can manage,govern,and unify all your data on a single platform.Transform your data from binary to the extraordinary.Cloud First.Data Always.Realize the transformative power of data