Ask The Experts: 2019 Risk Trends and Predictions

Mike Ogden

As we kick off the new year, what risk trends from 2018 can we use to prepare for risk in 2019? Risk management experts recently came together to share their take on what the major risk trends of 2018 were, and what risks they envision taking center stage in 2019.

This lineup of risk experts included Jake Olcott with BitSight Technologies, Jannie Wentzel from Focal Point Data Risk and Digital Shadows’ Michael Marriott. During their convening, they focused on five critical questions. Here are the key takeaways:

What is your top risk trend from 2018?

Olcott: “Ecosystem risk kept popping into my mind.” All the different regulations, supply chains, third-parties, incidents, they’re all part of the same thing.

Marriott: “2018 was about understanding risk better.” This more informed picture came into focus with richer risk details, new frameworks and greater insights on threats and exposure.

Wentzel: Everyone should think about how we manage these challenges together. “It’s not in the silo. Vendor, third-party, they all work together.”

What is your top prediction for risk in 2019?

Olcott: 2019 is the year that cyber and financial start to merge. How does cyber risk tie into financial performance? Look for credit ratings to take a more active role.

Marriott: We’ll better understand threat and vulnerability in the year ahead. We’ll quantify digital risk.

Wentzel: In 2019, we’ll see cyber risk management as a top 5 discussion at the board level.

How will risk management and GRC support business in 2019?

Wentzel: With innovations like Blockchain and AI, you need a systematic approach to managing third-party risk.

Olcott: Business units want to move faster than we do. We need to get in on the process earlier at the initial assessment and procurement process and use more quantitative data.

Mariott: One challenge Marriott sees that has been overlooked is digital risk. A lot of data is in the public sphere. Perhaps we should ask: how will security teams support the business?

How will data privacy evolve in 2019?

Mariott: Although he expects more fines, Marriott is a GDPR optimist. He sees organizations getting their processes and contingency plans in place, and that these steps benefit all of us.

Wentzel: Countries and companies will continue to struggle with data privacy. Other states are pushing regulation, and privacy is entering the political arena. We need to be agile and adapt.

Olcott: We rate security performance of organizations. Security performance has fallen all over the world, except Europe where it’s improving. Is GDPR the reason? We can’t be sure.

How can companies better manage cyber risk in the supply chain?

Olcott: We need to see cyber risk as a cross-cutting issue across the organization, involving business units, legal, procurement and more. It’s not just IT security. We have to collaborate with our vendors to improve cybersecurity.

Mariott: We need to look outside the organization, not just inside. What data do they have and where is it online? The challenge is protecting the data you care about.

Wentzel: We need to move from point to a full view of risk. Where is my data? Who owns it? Companies in 2019 will have a significant challenge managing cyber risk in the supply chain.

Our thanks to Jake Olcott, Jannie Wentzel and Michael Marriott for sharing their views on risk management.

For more insights on risk management, check out our Definitive Guide to Third-Party Risk Management.


Chat with a solutions expert to learn how you can take your compliance program to the next level of maturity.



Vendor Risk & Data Security: Why Is This So Hard?

There are many similarities between the risks that stem from vendors and those that stem from data. Why then are the compliance practices applied to data so much more lax? Let's discuss how we can improve our data and cyber security compliance practices. 

Previous/Next Article Chevron Icon of a previous/next arrow. Previous Post

Can 2019 Be the Year that “Whistleblower" Loses Its Negative Connotation?

The whistleblowers trying to inform their companies of misconduct can experience more scrutiny than the people committing the fraudulent act. This needs to change if we hope to drive the type of corporate protection whistleblower reporting and speak-up cultures provide to our organizations. 

Next Post Previous/Next Article Chevron Icon of a previous/next arrow.