Treasury and finance professionals believe that cyberrisk is the most challenging risk to manage and will continue to be for the foreseeable future, according to the 2020 AFP Risk Survey, supported by Marsh & McLennan.
In a poll of nearly 365 practitioners, the survey found that 53% report that cybersecurity risk is currently the most challenging risk to manage. Additionally, fully 51% of respondents believe that three years from now the task of managing cybersecurity risks will continue to be the most complex risk to manage. Cybersecurity risks are an example of the evolving risk landscape; a decade ago, only 12% of survey respondents cited cyberrisk as difficult to control. Although organizations are ramping up systems internally, they are faced with controlling increasingly malicious cyberattacks and an increase in the number of those committing crimes.
Survey results also revealed the risks that financial professionals believe will have the greatest impact on earnings in the next three years. Strategic risks (e.g., competitor, industry disruptions, etc.) topped the list (40%), followed by financial risks (35%), political risks and regulatory uncertainty within the U.S. (33%), and macroeconomic risks (31%).
With 2020 being a presidential election year in the U.S., a possible change in the administration creates some level of uncertainty. Additionally, there is some concern that the U.S. economy may be facing some headwinds, and interest rate cuts by the Federal Reserve Board late last year have done little to allay the fears of business leaders about financial and macroeconomic risks impacting organizations’ earnings. Fully 57% of treasury professionals revealed that they are concerned about upcoming economic uncertainty in the U.S., with 19% indicating that they are very concerned. Similarly, 58% of corporate practitioners said they were nervous about the global economy.
The good news is that as the risk landscape is evolving, companies appear to be adapting accordingly, performing thorough and regular risk assessments. Fully 37% of organizations have a dedicated function actively assessing risk and reporting it regularly, while 29% have a process through which individual functions assess and report risk. Other companies are more informal in their risk assessment process, with 23% stating their organization assesses risk only when the need arises.
“Today, organizations have to grapple with multiple risks,” said Jim Kaitz, President and CEO of AFP. “Cyberrisk flew under the radar a decade ago, but financial professionals now understand that they will still be struggling with controlling this risk for the foreseeable future. Over time, we are sure to see risks continue to evolve and risk managers will need to adapt accordingly.”
“While financial leaders are better prepared to manage known risks, the survey data points to the need to improve the ability to systematically identify new, emerging risks and analysis of known risks, such as cyber and extreme weather,” said Alex Wittenberg, Executive Director, Marsh & McLennan Advantage. “Few organizations have adopted formal processes for engaging senior leadership and the board in a discussion of how an increasingly uncertain environment will impact strategy decisions.”