xTraditional business concerns about government regulation and the state of the economy are taking a back seat to worries about innovative technologies and companies' ability to adapt to them, according to an annual survey of top risks from consultancy Protiviti and North Carolina State University's Enterprise Risk Management Initiative.

The survey conducted last fall asked more than 700 executives and board members from companies around the world to rank 30 risks in three categories: macroeconomic, strategic, and operational.

The risk rated highest by executives was the speed of technological advances and the possibility that innovations could occur more quickly than their company was able to adapt to, which had ranked as the fourth-highest risk in the previous survey. A related concern, that a resistance to change could impede the company's ability to identify and adopt such advances in technology, ranked second, up from ninth in the survey of 2017 risks.

Meanwhile, economic conditions, which executives cited as the number-one risk going into 2017, fell all the way to eighth place. Regulatory changes and regulatory scrutiny, which ranked second for 2017 and had been the number-one risk for the four preceding years, fell to fourth place.

Jim DeLoach, a managing director at Protiviti, noted that the survey of 2017 risks was conducted amid the 2016 presidential campaign, as the Republican candidate talked about tearing up trade agreements and altering regulations. “You fast-forward a year later and, for the most part, there wasn't that much disruption in terms of global trade,” he said.

The concern about new technologies first showed up on the list of the top 10 risks four or five years, “and it's just been going up and up and up,” DeLoach said, describing the worries about technology as “fairly intuitive.”

“It's the reality that established incumbents can be affected by new market entrants that are born digital, that are nimble, quick, and focused, and they're going to take your customers away if you can't respond quickly to offer your customers a similar experience,” he said. “Technology is enabling hyper-scalability for new entrants that are not encumbered by legacy systems.”

DeLoach cited such developments as robotics, artificial intelligence, and advanced analytics. While such technologies are buzzwords, “they're very, very tangible and real in terms of their potential impact,” he said. “They may affect industries in different ways, but they're definitely there as an unstoppable force.”

Advances in technology also play into the risk that executives ranked as number two: resistance to change within the company.

“Notwithstanding that there's a concern about a lot of change, we've got a concern about whether our organization is going to be agile, nimble, and resilient enough to act on that change,” DeLoach said.

Cyber Risk

Cyber risk ranked third on executives' list of worries for 2018, as it had for 2017.

“Cyber risk is a mainstay,” DeLoach said and noted that while it ranked third overall, it was the risk cited second most commonly by CEOs and board members. He added that the development and adoption of new technologies are outpacing companies' cybersecurity efforts.

“That creates the stark reality that what we had in place a year ago in terms of cybersecurity measures is likely not adequate today, and what we have in place today is likely not going to be adequate a year from now,” he said. “This constant change in the digital economy is creating a moving target, if you will, for cyber risk.”

DeLoach suggested that companies have to be “continuously improving and enhancing our understanding of the threat landscape and our incident-response program.”

Kristen Peed, a RIMS board member and director of corporate risk management at CBIZ Inc., a Cleveland-based provider of business services, noted the increasing sophistication of cybercriminals. “Companies are using targeted training with their employees now to help them recognize what a cyberattack might look like,” she said.

DeLoach also cited the risk that companies' spending on cybersecurity could interfere with their investments in new technology. “As companies increase their investment in cybersecurity, what they're struggling with is making sure they're not throwing money at the cybersecurity problem to the point where they're putting pressure on their innovation budgets,” he said.

Another top risk, challenges with succession planning and attracting and retaining top talent, was ranked sixth, unchanged from the previous year's survey.

DeLoach noted that the topic of attracting and retaining talent also has links to disruptive innovations, and suggested that companies trying to keep up with the latest developments can benefit from hiring people with expertise in new technologies.

Such hiring “serves as a powerful accelerator to the learning process,” he said. “You've got to have a combination of infusing external talent, whether employees or [consultants], and couple that with the institutional knowledge that you have in your employee base.”

Risk Managers' Role

Emily Cummins, a member of the board of RIMS, wrote in an email of the concerns about technology innovations: “The practice of enterprise risk management is designed to face and understand such risks.

“Just as a business always seeks to capitalize on innovation in ways that create continuous value for client or customer engagement, risk managers seek to embrace change and harness its opportunities,” Cummins wrote.

CBIZ's Peed questioned why new technologies are described as “disruptive.”

“I see them as opportunities to improve our companies, ways to create a competitive advantage for our companies,” she said.

“I think what risk managers really need to do is educate themselves on emerging technology,” Peed added. “You have to be able to articulate to the board and the C-suite what these technological innovations can bring to your company.”

She argued that risk managers don't need to have IT backgrounds to understand and deal with innovative technologies. “I learned a lot of what I know through osmosis by having an open mind and having individuals around me who do understand technology.”

Millennials' intuitive ease with technology can come in handy in this regard, Peed said.

New technologies can help companies make better use of their information, she said, citing her risk management team's adoption of a risk management information system.

“It's a cloud-based system on which we can upload all of our claims data and take that data and start to analyze it,” Peed said. “We can look for trends and use that data with the C-suite to try to drive improvements to help the company.”

C-Suite Responsibilities

Ensuring that the company incorporates new technologies into its strategies is the responsibility of the CEO, DeLoach argued. “This is the kind of serious stuff that has to be driven from the top or the plane never gets out of the hangar.”

He cited a number of things that companies should be doing, such as providing executive support for efforts to incorporate new technologies. “You've got to have a highly visible senior executive driving this,” DeLoach said.

Companies should strive to be early movers when it comes to new technologies. “You've got to commit to act and learn from your mistakes,” he said. “You can't be fretting and wringing your hands.”

DeLoach stressed the importance of a company's culture and cited two aspects that factor into technology adoption: the possibility of resistance to change and employees' ability to escalate issues to the company's C-suite. “You've got to have connectivity with people on the front lines, facing suppliers, facing customers, and issues have got to get up to the top,” he said.

Talent is another key, and DeLoach said companies should be “watching your executive bench strength, empowering existing staff with new digital skills, and infusing your organization with the right talent.”
Finally, he cited advanced analytics' ability to provide companies with insights that let them differentiate themselves in the marketplace. “In the digital age, knowledge wins,” DeLoach said.