Cybersecurity Risk Issues: Where do Executives Rank Cyber Risk Now, and in 2030?

by Security Centric, on 17/01/2022 4:09:40 PM

Organisational risk covers a lot of bases within a business, from issues such as staff shortages and regulatory changes through to global pandemics and cyber threats. Knowing what to focus on presently, and what to be prepared for in the future, can help businesses be more strategic in their decision-making. 

A survey of over 1,000 board members and executives by NC State University asked respondents to rank 36 pre-defined risk issues from highest to lowest impact. These risk issues were grouped into macroeconomic risk, strategic risk, and operational risk. The survey respondents were from a range of industries, and they were asked to rank the perceived risk level at the time of response, as well as indicate how each of these risks was likely to affect their organisations 10 years in the future. 

The risks directly and indirectly related to information and cyber security throughout the three groups were:

Macroeconomic Risk Issues: 

  • The adoption of digital technologies in the marketplace and in our organisation may require new skills that either are in short supply in the market for talent or require significant efforts to Upskill and reskill existing employees. 

Strategic Risk Issues: 

  • Rapid speed of disruptive innovations enabled by new and emerging technologies may outpace our organisation ability to manage the risk appropriately.
  • Social Media developments, 5G networks to improve mobility, extended bandwidth and data transmission, and other emerging innovations may significantly impact our brand, customer relationships, regulatory compliance processes and/or how we do business
  • Our organisation may not be sufficiently prepared to manage an unexpected crisis significantly impact our reputation. 

Operational Risk Issues:

  • Our organisation may not be sufficiently prepared to manage cyber threats that have the potential to significantly disrupt core operations and/or damage our brand.
  • Ensuring privacy/identity management and information security/system protection may require significant resources for us. 

At the time of the survey, the top ten immediate risks included three of the cyber-linked risks at positions four, five, and six.

Screen Shot 2022-01-12 at 3.42.47 pm

For the Top Risks for 2030, the cyber-linked risks came in at one, five, and ten. 

Screen Shot 2022-01-12 at 3.42.31 pm

Additionally, the survey divided risk metrics by organisational income tiers, as well as giving risk level indicators per board and executive position. 

Analysis across different industries. 

  • The healthcare industry indicated that the risk associated with digital technology and upskilling as significant both immediately and for 2030, with Financial Services, Consumer products and services, Manufacturing and distribution, Technology, Energy and Utilities, and “Other” marking this as a potential impact. 
  • Rapid speed of disruptive innovations was a potential risk across all industries both now and in 2030. 
  • Healthcare is most concerned about being sufficiently prepared to manage cyber threats that have the potential to significantly disrupt core operations and/or damage their brand, highlight this as a significant risk immediately, with all other industries highlighting this as a potential risk now and in 2030. 
  • Ensuring privacy and identity management and information security/system protection as requiring significant resources is a potential risk across all industries now and in 2030, with healthcare highlighting this as a significant risk in 2030. 

Find the full report here: https://erm.ncsu.edu/library/article/report-executive-perspectives-on-top-risks-for-2021-2030

Looking to understand your business risk as it relates to cybersecurity? Contact us here and one of our knowledgeable team members will be happy to assist. 

Topics:Risk Assessmentrisk profileReport Roundup

Comments

Finally, an actionable blog

The purpose of this blog is to make available the real-world lessons, experience, observations and mistakes that are part of the daily life of a group of cyber security professionals.

Read about:

  • What mistakes organisations are making (anonymously of course!)
  • What effective actions are available to quickly and economically achieve effective protection (without buying new kit)
  • Trends we're seeing, via our incident response and forensic investigation capabilities
  • And sometimes, just frustrations about what is wrong with cyber :|

Subscribe to Updates