As we kick off the new year, what risk trends from 2018 can we use to prepare for risk in 2019? Risk management experts recently came together to share their take on what the major risk trends of 2018 were, and what risks they envision taking center stage in 2019.
This lineup of risk experts included Jake Olcott with BitSight Technologies, Jannie Wentzel from Focal Point Data Risk and Digital Shadows’ Michael Marriott. During their convening, they focused on five critical questions. Here are the key takeaways:
What is your top risk trend from 2018?
Olcott: “Ecosystem risk kept popping into my mind.” All the different regulations, supply chains, third-parties, incidents, they’re all part of the same thing.
Marriott: “2018 was about understanding risk better.” This more informed picture came into focus with richer risk details, new frameworks and greater insights on threats and exposure.
Wentzel: Everyone should think about how we manage these challenges together. “It’s not in the silo. Vendor, third-party, they all work together.”
What is your top prediction for risk in 2019?
Olcott: 2019 is the year that cyber and financial start to merge. How does cyber risk tie into financial performance? Look for credit ratings to take a more active role.
Marriott: We’ll better understand threat and vulnerability in the year ahead. We’ll quantify digital risk.
Wentzel: In 2019, we’ll see cyber risk management as a top 5 discussion at the board level.
How will risk management and GRC support business in 2019?
Wentzel: With innovations like Blockchain and AI, you need a systematic approach to managing third-party risk.
Olcott: Business units want to move faster than we do. We need to get in on the process earlier at the initial assessment and procurement process and use more quantitative data.
Mariott: One challenge Marriott sees that has been overlooked is digital risk. A lot of data is in the public sphere. Perhaps we should ask: how will security teams support the business?
How will data privacy evolve in 2019?
Mariott: Although he expects more fines, Marriott is a GDPR optimist. He sees organizations getting their processes and contingency plans in place, and that these steps benefit all of us.
Wentzel: Countries and companies will continue to struggle with data privacy. Other states are pushing regulation, and privacy is entering the political arena. We need to be agile and adapt.
Olcott: We rate security performance of organizations. Security performance has fallen all over the world, except Europe where it’s improving. Is GDPR the reason? We can’t be sure.
How can companies better manage cyber risk in the supply chain?
Olcott: We need to see cyber risk as a cross-cutting issue across the organization, involving business units, legal, procurement and more. It’s not just IT security. We have to collaborate with our vendors to improve cybersecurity.
Mariott: We need to look outside the organization, not just inside. What data do they have and where is it online? The challenge is protecting the data you care about.
Wentzel: We need to move from point to a full view of risk. Where is my data? Who owns it? Companies in 2019 will have a significant challenge managing cyber risk in the supply chain.
Our thanks to Jake Olcott, Jannie Wentzel and Michael Marriott for sharing their views on risk management.
For more insights on risk management, check out our Definitive Guide to Third-Party Risk Management.