4 minute read 28 Mar 2019
Business people having meeting in tech start-up office

Five fast questions for CROs contemplating the year ahead

By

Richard Watson

EY Asia-Pacific Cybersecurity Risk Advisory Leader

Cybersecurity leader in the EY Asia-Pacific region. Public speaker. Trusted advisor on cyber risk and digital trust. Golfer, traveler and dad.

4 minute read 28 Mar 2019
Related topics Trust Growth

Show resources

Business today demands forward-thinking CROs who can make digitally-confident and data-driven decisions to support growth and maintain trust.

The future is notoriously difficult to predict, as any chief risk officer (CRO) will attest. But there are several global risks that should be on every CRO’s radar this year.

The first is privacy. Business leaders are just starting to get their heads around the European Union's General Data Protection Regulation, the world’s toughest privacy and security law. It may be an EU law, but it has implications for organizations the world over. The penalties are stiff and we’ve already seen one tech titan cop a £50 million fine for failing to meet its new obligations. Other jurisdictions – Australia, Singapore and China to name three – are also introducing privacy legislation. As a result, companies are being compelled to reconsider how they manage the risks around using and monetizing data.

The second global risk is cybersecurity. In our digital and increasingly interconnected world, risks can travel at lightspeed – within organizations, along value chains, between industries and across national boundaries. A good illustration of this impact is the WannaCry ransomware attack in 2017, which infected more than 230,000 computers in 150-plus countries in less than 24 hours. Hospitals on both sides of the Atlantic turned away non-critical patients, European manufacturers closed factory floors and rail travel in Russia ground to a halt.

When a malware worm – or even bad PR – can be shared in an instant, it’s no longer enough to manage your own organization and its impact on the world. And this is why third-party risk is also now a key talking point in the boardroom. Legislation to combat modern slavery – first in the UK and now in Australia – requires some of the world’s biggest companies to shine a light along the length of their supply chains. And what they’re learning is that one organization’s risk is every organization’s risk.

The complex business world demands CROs who can make digitally-confident and data-driven decisions to support growth, increase business value and maintain stakeholder trust.

At the heart of these global risks is trust – trust in an organization’s ability to protect data and privacy, manage their supply chains and operate ethically. More and more organizations now understand that risk and trust are inextricably linked. In fact, loss of trust is arguably the biggest risk that a business can face since everything else depends on it.

Add to these risks the uncertainty of the global economy and 2019 is set to be a challenging year for risk professionals. With that in mind, I have five fast questions for CROs contemplating the year ahead:

  1. Do I have the right risk function? Forget the traditional risk management approach of updating a risk register every quarter. This analogue and after-the-fact approach is no longer adequate in a dynamic, digital world. It is imperative nowadays to bring risk professionals into the business decision-making process from the outset.
  2. Do I have the right people? Do your people understand the future direction of risk management and operate in real time? Do they have the digital skills necessary to steer decision-making? Fast-paced businesses of today need risk professionals sitting around the boardroom table with business leaders, informing them of the downside risk of business decisions, but also how to capture upside opportunities by taking calculated risks.
  3. Are we focused on the right risks? Many CROs fall into the trap of focusing exclusively on risk avoidance – and on managing the downside and outside risks outside an organization’s control. Forward-looking organizations are also focused on upside risk – the risk of missing out on a new business model or market opportunity. With the right risk lens, market disruption is possible – and profitable. Just ask the airlines moving into financial services, the property companies evolving into energy providers and the technology giants taking over city-building.
  4. Are we looking at the right risk role models? Don’t benchmark your risk function against the competitors in your own industry. Instead, compare yourself to best practice in adjacent industries. Can you learn from how the financial services sector harness both upside and downside risk, for example?
  5. Do I have the right infrastructure? Consider whether you have the right infrastructure – technology, data and systems – to tackle the privacy, compliance and third-party risks looming large on the horizon. Are you investing in the right technology to maintain trust? How are you automating data capture and analytics to make real-time decisions? 

We’re witnessing a seismic shift in the way risk professionals operate. No longer are they hiding in the back room, emerging every quarter to complete a spreadsheet.

My call to arms is clear. We’re witnessing a seismic shift in the way risk professionals operate. No longer are they hiding in the back room, emerging every quarter to complete a spreadsheet. The complex business world demands flexible and forward-thinking people who can look at business decisions through a risk lens. And it demands CROs who can make digitally-confident and data-driven decisions to support growth, increase business value and maintain stakeholder trust.

The EY “Trust by Design” framework addresses clients’ growing demands for advice on how to manage risks and how trust can be embedded into their businesses in the digital era. To find out more, contact me.

Summary

The future is notoriously difficult to predict, as any chief risk officer (CRO) will attest. But there are several global risks that should be on every CRO’s radar this year. At the heart of these global risks is trust. More and more organizations now understand that risk and trust are inextricably linked. Add to these risks the uncertainty of the global economy and 2019 is set to be a challenging year for risk professionals. With that in mind, I have five fast questions for CROs contemplating the year ahead.

About this article

By

Richard Watson

EY Asia-Pacific Cybersecurity Risk Advisory Leader

Cybersecurity leader in the EY Asia-Pacific region. Public speaker. Trusted advisor on cyber risk and digital trust. Golfer, traveler and dad.

Related topics Trust Growth