By Carrie Cook, our guest author of the Fairmar blog. Carrie is the Editorial Content Writer at RiskBusiness , the leading supplier of augmented governance, risk, audit and compliance solutions for the financial services sector.
What a difference a year makes. If we’ve learned anything over the past 12 months, it’s that geographical location is not a valid risk mitigation method. COVID-19 was seen as a “Chinese problem” just over a year ago, but now it’s almost impossible to identify any element of our daily lives which is yet to be impacted by it. It was the Grey Swan event we had all been waiting for.
Here, I take a look at some of the crucial areas of concern for businesses in the year ahead. The topics aren’t listed in any particular order, but comprise some of the major issues being prioritised by those working in risk management-related roles right now.
Cyber and IT security
Mass remote working has thrown our sense of cyber and IT security into disarray. The relative safety of a system largely accessed from a central location is now a distant memory, with the majority of staff still working from home. This has put pressure on those tasked with cyber security to adapt quickly, no doubt providing criminals with an opportunity to take advantage of gaps in IT controls.
George Clark, director of CC Risk Limited and former Chair of the Institute of Operational Risk, agrees. “I would consider this one of the top five risks facing all organisations at this time. The recent SolarWinds event shows how vulnerable systems - which could reasonably be expected to be well controlled - are to sophisticated attack.”
Climate risk
We all hoped 2020 might be the year of change when it came to climate-related issues, but like most things, it took somewhat of a backseat thanks to COVID-19. Last year we highlighted a letter written by BlackRock CEO Harry Fink, who suggested companies could not expect to achieve long-term profits if they did not consider the bigger picture and the ethical impact of their actions, adding that BlackRock would be exiting investments that presented a high sustainability-related risk, such as thermal coal producers. ESG (environmental, social and governance) issues are still a key concern for firms, both from the perspective of their own impact on the world and that of the businesses they fund.
Digitalisation and AI
Technology provides firms with at least as many opportunities as it does risks and the most powerful tool for firms in both respects is knowledge. AI (artificial intelligence) in particular is a term which is bandied about a lot, and often by people who don’t really know what it means. The concept of AI is commonly misunderstood, says Husan Mahey, Co-Founder of SkySoft UK and a specialist in robotic processing automation training. So, what is it in a nutshell? “A vital part of our daily life involves making decisions,” explains Mahey. “If we were to automate these decisions, they can be broken down into two distinctive categories: either the decision is derived using a rule-based system, or using a machine-learning algorithm, the latter being an implementation of AI. It’s similar to applying a decision based on knowledge rather than a predefined set of conditions. [But] as the use of artificial intelligence, machine learning and deep learning technologies are increasing to help with running businesses in a more digitised and effective way, these technologies are also being used by hackers to create more sophisticated and effective malware,” he warns.
Ransomware
Despite headlines to the contrary, it wasn’t the public sector that was hit hardest by ransomware attacks in 2020. According to The State of Ransomware 2020, a global survey by cyber security software provider Sophos, 45% of public sector organisations were hit by ransomware last year, compared to a global average of 51%, and a high of 60% in the media, leisure, and entertainment industries, and 48% in financial services.
Political risk
As recent events in the US have demonstrated, political risk knows no bounds. Even seemingly politically “stable” countries are not immune. Politics may seem outside of the remit of risk management, but the regulatory landscape is directly determined by those in power. Donald Trump’s administration saw the dismantling of almost a decade’s worth of post-2008 financial crisis regulation. Brexit will also have inevitable impacts on the management of regulatory risk and London’s position as a global hub for financial services.
Corporate diversity demands
2020 was a monumental year for the Black Lives Matter movement, with the brutal killing of African American George Floyd bringing the issue of racial inequality and police brutality to the fore. From a business risk point of view, never has corporate diversity been so high on the agenda. Just as 2017-2019 witnessed a revolution in how sexual misconduct and discrimination were viewed in Hollywood via the Me-Too movement, last year was a pivotal moment in the way America and the rest of the world sees and treats people of colour.
Third-party risk/supply chain disruption/vendor solvency
This area of risk will always appear in reports of this kind, but the SolarWinds hack in the US in December 2020 certainly reignited concerns over vendor security. This major cyber espionage incident was one of the worst in US history, with hackers gaining access to sensitive Government data for approximately nine months. This allowed hackers access to the networks of the US Treasury Department, the National Telecommunications and Information Administration (NTIA), plus hundreds of private sector organisations, including several Fortune 500 companies.
Treatment of consumers
The (UK) FCA’s Financial Lives Survey in 2019 showed 50% of UK adults displayed one or more characteristics of being “potentially vulnerable” (showing characteristics related to low financial resilience, a recent experience such as divorce or bereavement, low financial capability, or a health issue that affects day-to-day activities a lot.) The survey took place before the pandemic took hold, so the situation is likely to have worsened considerably with the growth in unemployment – in both the UK and elsewhere. With this added pressure on consumers’ financial wellbeing, firms will be expected to make the welfare of their clients a priority.
This blog is an abridged version of RiskBusiness’ annual report, Key concerns for 2021 and beyond. You can view the full report here.