Risk Managers Rank Global Risks
Damage to brand and reputation is the No. 1 risk facing companies today, according to Aon’s 2015 Global Risk Management Survey.
“There’s a lot behind that which is driving that [ranking],” said Theresa Bourdon, group managing director, Aon Global Risk Consulting.
One of those factors is cyber risk, which for the first time in the survey’s history, since 2007, jumped into the top 10 risks, coming in at No. 9. It had been 18 in the last survey, which is taken every two years.
“If you talk to our clients, that’s no surprise,” she said. “The frequency is very low for these cyber events but it is obviously increasing.”
And, just as obviously, there is a correlation between cyber events and brand. Just look at Target, which is still struggling to regain its footing after the personal information of about 110 million of its customers was stolen in 2013.
According to U.S. Reputation Leaders Network, Target’s reputation saw its biggest drop after the cyber attack – and it was the largest drop of any U.S. company from 2013 to 2014, according to an article in “The Street.”
The remaining top 10 risks are: economic slowdown/slow recovery; regulatory/legislative changes; increasing competition; failure to attract or retain key talent; failure to innovate/meet customer needs; business interruption; third party liability; and property damage.
Other key movement in the rankings were the inclusion of property damage, which moved up to No. 10, from 17 in 2013; and third party liability, which had been 13 but moved up to 8.
One risk that dropped off as a top 10 risk was commodity price risk. It had been 8 in 2013, and moved down to 11 in the 2015 survey.
Bourdon said that one risk that remains top of mind for risk managers is regulatory and legislative issues. “It’s consistently a top 3 risk,” she said, noting that it was projected to remain so when risk managers were asked to project their top risks three years from now.
“Organizations are really challenged to respond to the pace at which regulations are coming,” she said. “There is a strong need for governance and a compliance framework.”
That risk, also, she said, relates to the reputational and brand damage that a company can suffer.
As for cyber, one surprising finding of the study — which surveyed 1,400 risk decision-makers in 28 industry sectors in 60 countries — was that 82 percent of the respondents said their companies were ready for a cyber attack, Bourdon said.
At the same time, 58 percent of the respondents said their companies have not done an internal assessment of their cyber risk exposure.
“Realistically speaking, this is relatively new territory that everybody is trying to get their arms around, organizations, insurance companies and those of us who are risk advisers,” she said.
“The goal for the industry as you look at these risks today and in the future is, how are we going to innovate and support these risks.”
Cyber, in particular, needs solutions, she said. “There is not enough insurance out there for the demand.”
Risk managers understand they need more data and analytics to “help them navigate this world” of increasingly complex risks, she said.
More risk managers, Bourdon said, are looking at their organizations holistically and not just focusing on insurance purchasing.
“It’s a much bigger and challenging role than it ever used to be and if you are using the same tools and techniques you were using 10 years ago, then you are not leading your organization down the right path.”