For many of us, the end of the year is a time to reflect on accomplishments, pertinent events in the world and our in respective industries. Since I am in the risk-management field, naturally I focus on events impacting the profitability of businesses. The top stories of 2017 are cyber risk, reputational risk and workforce risk.
An overwhelming number of risk managers ranked the threat from cyber attacks as their top operational risk for 2017 – the second year in a row it has topped the rankings, this year by an even larger margin.
And this is no surprise as the threat from cyber attacks is not only growing, but also mutating into new and insidious forms, say risk practitioners.
We saw a significant number of ransomware events. Data theft including exposure of confidential records were in the news weekly. The source of potential cyber threats is hard to pin down, making building appropriate controls a serious challenge, and attacks nearly impossible to avoid.
Cyber criminals do not discriminate between organizations based on their size and location, but the financial sector enjoys the dubious privilege of being one of the most targeted industries, alongside healthcare. Organizations would do well to spend more time defining their risk appetite instead of trying to ensure their systems are impenetrable.
The second top story is reputational risk. In the spring a major airline had taken a significant reputational hit as a result of their handling of a passenger. It may be added to Harvard Business Review’s case studies of what not to do. There are many examples where businesses either do not have a plan to deal with or are too slow in responding to a reputational hit or crisis. In contrast, look at how Tylenol handled their product recall in the 80’s. It was a text book example of how to deal with a reputational hit. All businesses have strategic risk. Developing a plan to assess this risk and implementing a process for responding can have a significant effect on revenue. Develop a formal plan. Have management know their roles and responsibilities. Consult with outside resources like a public relations firm or risk advisor. Review your plan with a trusted advisor.
On September 7, 2017 Equifax announced the theft for 145.5 million U.S. consumers personal incident. It became one of the largest in history. The personally identifiable information (PII) that was accessed includes these details:
- Social Security numbers
- Birth dates
- Driver’s license numbers (in some cases)
The third top risk event this past year is workforce risk. Sexual harassment and workplace conduct has been front and center since the news of improper conduct came out of Hollywood. Many victims have bravely come forward shining the light on atrocious workplace conduct. These incidents have had an incredible affect across the country. Large and small employers are looking at their respective cultures and updating policies and procedures. Employment practice suits will continue to affect businesses that have not addressed this risk.
Organizations with a proactive and progressive risk-management culture will continue to meet the challenges presented to it in the next year. Organizations stuck in “reacting mode” will certainly be more vulnerable to events and its impact on their profitability.
To learn how to managing exposures that effect your profitability please feel free to contact me at firstname.lastname@example.org or call me at 781-239-7625.
David M. Schofield, Sr. Risk Advisor Deland Gibson Insurance Associates
“Manage your risk, or your risk will manage you.” sm
Providing Peace of Mind Through Proactive Service
Deland, Gibson: a Trusted Choice, Five Star Accredited independent insurance agency. Established in Massachusetts in 1900, Deland, Gibson is a 4th generation family-run insurance agency that has thrived working as a trusted advisor for its client base. We work with individuals and businesses to lower their Total Cost of Risk. We analyze a client’s direct and indirect costs and implement risk reduction plans to address areas of business, hazard, or strategic risk.