Through a tumultuous 2020, financial organisations agree risk management is key to survival, and security, governance and compliance are more important than ever. The financial services industry, as a whole, has been pushed to the absolute limit to continue servicing customers without interruption — bending but not breaking. LogicGate surveyed nearly 200 c-suite and upper management risk decision-makers about what keeps them up at night, how their risk programs are faring, and where they’re focusing their efforts in 2021.
With risk touching every aspect of an organisation, companies have become more risk-aware. As a result, responsibility for risk management is dispersed broadly across multiple functions—including risk, compliance, information security, legal, the C-Suite, and the Board—further reinforcing the fact that effective risk management requires an organisational-wide focus.
91% of those surveyed said that risk management is extremely to very important for their organisations. This comes as no surprise as the disruptions from the global pandemic had a ripple effect that forced organisations to rethink risk management priorities in order to be more flexible, adaptable, and operationally resilient. However, only 45% said their risk management programs are extremely to very effective. This disconnect suggests a recognition that risk management programs could and should be better.
A surprising 43% of respondents are using spreadsheets and emails to manage their risk programs. When further asked about how effective their programs are, the consensus was they were acceptable for risk identification, with declining levels of satisfaction when it came to assessing, managing, and monitoring risk. It’s clear that manual processes no longer cut it. There is a need for more dynamic and nuanced systems to capture and monitor risks.
The respondents unanimously agreed that the impact of the pandemic was the risk they were most concerned with. New competitors were no longer seen as a big risk, although security breaches and vulnerabilities were a growing concern. This comes as a result of the growing amount of phishing attacks and fraudulent scams that have taken place in 2020 and 2021. This only reinforces the idea that a more dynamic system is needed to deal with risks in organisations.
Discussing the findings, Matt Kunkel, CEO of LogicGate said, “In 2021, according to our survey, risk professionals are focused on managing operational risks and building operational resilience. In order for businesses to build robust risk management programs — especially with more stakeholders, board members and executives are involved in GRC processes — and strengthen internal procedures, they need to invest in flexible systems that better adapt to changing needs. As a result, there will be a much greater investment in risk this year as 99% plan to invest the same or more in their risk management programs.”
Heath Anderson, Director of Information Security and Technology at LogicGate added, “This past year gave companies a not-so-subtle reminder that risk influences every department, revenue and entire industries — whether they realise it or not. It’s why leaders should take risk into account when structuring organisations and when making strategic revenue, product and market decisions. Additionally, company leadership must prioritise growing awareness of risk management throughout the company by cultivating a culture that incorporates consistent risk assessments and flexible, adaptable processes as a matter of course. Our report, Operational Resilience: The New Paradigm for Risk, showcases companies’ willingness to rethink risk management priorities and their desire to build more resilient processes.”