In addition to cyber we are now faced with a new array of emerging risks from disruptive technologies
The Institute of Directors says two key themes - IT and people - dominate its annual Directors’ Risk Survey report.
From external, to internal, to emerging risks, directors raised concerns about cyber, IT disruption, the loss of a key person, talent attraction and retention, according to the report, which was produced in conjunction with Marsh.
Marcus Pearson, country head for Marsh New Zealand, says when the first Directors’ Risk Survey came out in 2013, cyber risks were perceived to be an emerging risk, or did not have an impact on businesses on a daily basis.
Five years later, cyber is the number one external risk and the number one emerging risk, he says.
“In addition to cyber we are now faced with a new array of emerging risks from disruptive technologies,” he says. “Artificial intelligence, blockchain and robotics are all set to interrupt and/or revolutionise the way we do things.”
Often referred to as the 4th Industrial Revolution, these innovations bring with them a new set of risks from a governance and societal perspective.
“Organisations need to work as a team to effectively manage these cyber risks. By sharing oversight responsibility among stakeholders – including boards, C-suite executives, risk professionals and IT professionals – the managerial and technological challenges presented can be reduced,” says Pearson.
The report was based on the results of a survey conducted in March among 570 IoD members.
Suppliers can be used as a 'back door' to get into a larger, more high profile organisation
Pearson explains the areas of concern were split into external and internal facing risks.
For external risks, cyber risk was considered the biggest risk for the second year running, with with 86 per cent of businesses rating it as medium or high.
This result is very consistent with two other surveys that have recently been run in New Zealand, he says.
The World Economic Forum Global Risk Survey ranked cyber as the third greatest risk for NZ, while 60 per cent of respondents to the Global Cyber Risk Perception Survey, run by Marsh and Microsoft, said that cyber was in their top five risks.
Nearly 30 per cent of those surveyed by IoD, meanwhile, say that they did not have an effective risk management framework in place to manage this risk. Part of this could be due to not knowing where to start, the report states.
Key findings from the Global Cyber Risk Perception Survey were that only 35 per cent of NZ respondents were highly confident in understanding and assessing their cyber risks, 43 per cent of respondents did not assess the cyber risks of their vendors or suppliers and 20 per cent did not know if they were even exposed to any risks from their supply chain.
“Boards must not only feel confident that there are plans in place to address and deal with cyber attacks, they must also understand the implications from the same happening to a supplier or vendor,” says Pearson.
Suppliers can be used as a “back door” to get into a larger, more high profile organisation. Attackers often identify smaller business partners that are typically less well protected to get to a bigger target, he says.
With many business owners being baby boomers, thinking about a succession plan for your retirement or in the case of illness is imperative
The war on talent
The IoD and Marsh survey, meanwhile, finds the organisation’s most important asset - people - is also a big concern of directors.
A vast majority - 83 per cent - of respondents say their ability to replace a key person is the biggest internal risk to their organisation.
Concerns over talent attraction and retention also ranked highly, with respondents ranking this as the fifth largest internal risk and the second largest emerging risk.
Despite this concern, nearly a third (32 per cent) of directors said they did not have plans in place to manage their talent attraction and retention risks.
“Directors today are operating in a complex environment, where digital disruption is changing the playing field for established businesses,” notes Kirsten Patterson, IoD chief executive.
“Many organisations are finding themselves in the midst of what McKinsey called a ‘war on talent’, where the gig economy coupled with shifts in how often workers change jobs is creating pressure to attract and retain workers.”
According to an ACC BERL report, the number one reason small businesses in New Zealand stop trading is due to injury and illness. This is due to the fact that many SMEs are owner-operated and there is no back-up if they become incapacitated.
Larger organisations that have colleagues with a very specialised skill set or are in control of a project, which cannot easily be replaced, are also not immune.
Digital disruption is changing the playing field for established businesses
With many business owners being baby boomers, thinking about a succession plan for your retirement or in the case of illness is imperative, says Pearson.
“Directors and boards need to ensure that organisations are focused on meeting the needs of the workforce of tomorrow,” says Pearson. "This means embracing diversity and inclusion, having flexible working conditions and ensuring that employee benefit programmes are fit for purpose”.
“It is important that New Zealand directors continue to place risk management as an ongoing priority," adds Patterson.
“Negotiating this environment will require directors to have a long view and anticipate how rapid social changes will impact on their business, as well as remaining flexible and responsive to changes within their industry."
Join the CIO New Zealand group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.