A new survey of top business risks, as identified by chief internal auditors in Europe, has found that companies there are most concerned about cybersecurity and data security, increased regulation, and disruptive technology.
The survey of 528 chief internal auditors conducted by a group of eight internal audit professional associations across Europe asked respondents to rank their top five risks they expect to face in 2020. The results indicate that 78 percent included cybersecurity in their top five risks, 59 percent included regulatory change, and 58 percent included disruptive technology. It marks the second year in a row that cybersecuity topped the list of risks, according to the survey.
“Cybersecurity is undoubtedly the perennial risk of the modern era; it should therefore come as no surprise that year in, year out it features prominently in the minds of chief audit executives (CAEs) and in their audit plans,” the report states.
Other risks chief auditors included in their top five are: third-party risk (36 percent), business continuity risk (31 percent), and financial risks (30 percent). The survey is part of the Risk in Focus 2020 report, issued by the Chartered Institute of Internal Auditors, a professional association representing internal auditors in the United Kingdom and Ireland.
Fighting Cyber-Theft
Risk in Focus 2020 also contains guidance for organizations about tackling the major risks they face. The report recommends a number of ways that businesses can increase protection against cyber-threats, including:
- Assessing how their customer service “chatbots” are protected against breaches.
- Recruiting an internal or external cybersecurity expert to minimize corporate risks.
- Reviewing the security of their cloud services, including ensuring robust systems and processes are in place to prevent misconfigurations.
The increasing burden of regulatory change felt by businesses with the introduction of GDPR and new legal frameworks for online payments was also analyzed by Risk in Focus 2020. It advises businesses to consider whether they are taking a sufficiently forward-looking approach to regulatory changes, such as adopting a regulatory implementation calendar.
See Also, “How to Keep Your Cyber Risk Under Control.”
Top Risks for 2020
The top ten risks that Chief Internal Auditors said their organization will face in 2020, according to the Risk in Focus 2020 survey, were:
1) Cybersecurity and data security – 78%
2) Regulatory change and compliance – 59%
3) Digitalization, disruptive technology, and other innovation – 58%
Outsourcing, supply chains, and third-party risk – 36%
Business continuity / resilience – 31%
Financial risks – 30%
Macroeconomic and political uncertainty – 29%
Human resources – 27%
Corporate governance and reporting – 26%
Communications and reputation – 22%
Risk in Focus 2020 also focuses on digitalization and advances in technologies such as artificial intelligence and blockchain. The report includes guidance for business to consider whether they have sufficient capacity and capabilities to innovate and if projects are sufficiently controlled and appropriately measured.
Risk in Focus 2020 is the fourth annual report analyzing the business risks that organizations across Europe face. Cybersecurity and digitalization have both appeared in the top three risks over the last two years. This year, the number of Chief Internal Auditors citing cybersecurity as a top five risk has increased by 18 percent, further strengthening its position as the clear number one risk.
“For the second year running, cybersecurity has been identified as the number one business risk faced by organizations in Europe,” said Ian Peters, chief executive of the Chartered IIA. “Cybersecurity is a problem we regularly see on the news from the theft of 500 million Marriott hotel guests’ personal information, to the security breach that exposed 50 million Facebook user identities. Risk in Focus 2020 includes guidance for businesses to better manage the cyber risks they face.”
“Risk in Focus 2020 also analyses the impact of regulatory change after the introduction of GDPR and new legal frameworks for online payments. This risk is likely to become more severe for UK and Irish businesses, as they face the prospect of further regulatory change because of Brexit,” added Peters. “I urge businesses and other organizations to use the guidance in Risk in Focus 2020 to better protect themselves against the biggest risks they are facing, particularly from cybersecurity, regulatory change and digitalization.”
The report included responses from chief audit executives in the U.K., Ireland, Belgium, France, Germany, Italy, Netherlands, Spain and Sweden, and can be downloaded From the Chartered IIA website. 