RISK MANAGEMENT — From economic downturn to supply chain issues, data breaches, or global disasters the landscape of organizational risk management is anything but boring in 2024.
But what are the things that keep you up at night? And are you even aware of all the risks that face your organization?
In this article we’ll take a look at the landscape of organizational risk management. What is the result of poor processes? What are the most common organizational risks?
9 organizational risk management statistics you need to know
- In May 2022, 41% of organizations had experienced three or more critical risk events within the last 12 months (Forrester)
- 83% of risk leaders see external risks as a moderate or serious risk to their organization (PWC)
- 39% of risk leaders rely on qualitative measures when analyzing the risk of reputational threats (PWC)
- 64% of risk leaders rely on quantitative measures when analyzing the risk of financial threats (PWC)
- 42% of risk management professionals see supply chain disruption as their primary external factor (PWC - Global Risk Survey)
- 75% of organizations say they can’t keep up with improving risk management due to the rapid increase in regulatory requirements (PWC Pulse)
- 65% of risk leaders plan to spend more on upgrading their data analytics capabilities (PWC Pulse)
- 44% of CROs are very concerned with their ability to mitigate external risks (PWC Pulse)
- 62% of organizations seek to uncover opportunities within risks (PWC - Global Risk Survey)
What are the results of lacking or poor risk management?
What happens if you fail to address your risk management needs before an incident occurs? Of course there’s the incident itself, but as if any critical incident isn’t horrifying enough there are all the things that happen after, like legal action, fines, reputational damage and even employee turnover.
1. Fines and legal action
While we often imagine critical incidents when we talk about risk management, the truth of the matter is that more often than not the biggest impact comes from fines and legal action.
For instance, in 2022 the US Treasury Department slapped USAA with a massive fine or willful violation of the agency’s Bank Secrecy Act. In fact, year after year federal civil penalties for non-compliance with federal regulations continue to increase.
2. Employee turnover
Every time an employee leaves your company it will cost you between 50% and 125% of that employees annual salary depending on their seniority and your field of business. And while the US employee turnover usually lies between 3-4% annually, things like health and safety issues can cause that number to spike - a lot.
For instance, in 2022 documents showed that Amazon’s turnover rate reached 150%, costing the company and its shareholders around 8 billion USD annually.
And even though we often talk about turnover as the result of employees either voluntarily quitting or their positions being terminated there’s also the case of turnover as the direct result of injury. Every year more than 10% of the workforce members who are injured on the job receive injuries that are serious enough that they have to take time away from their jobs.
3. Reputational damage
Between things like the 24-hour news cycle, smart phones in every pocket and the constant drone of the public on social media, there are enough threats to your company's reputation without being at the center of a critical incident.
Whether we’re talking mass shootings or incidents that occur as a result of natural disasters, failing to manage these incidents, or worse yet, finding out that your organization may be partly at fault for the incident in the first place (such as fires due to bad electrical wiring) is sure to damage the reputation of your organization.
And adding to the sheer horror of any security or safety incident, a survey by Weber-Shandwick found that executives attribute an average 63% of a company’s overall value to its reputation.
The most common organizational risks, their impact and mitigation strategies
Every organization faces one risk or another, and while some are very industry specific, others are quite universal. So, let’s take a look at some of the most common organizational risks.
Cyberattacks and data breaches
Organizations of any shape, form or size are vulnerable to data breaches, hacking and other types of cyber attacks.
Impact: Any type of data breach can lead to substantial financial losses, damage to the organization’s reputation and even legal action.
Mitigation strategies: Contingency planning and business interruption insurance are the only ways to fortify your operations against interruptions.
Business interruption
Whether it’s caused by supply chain issues or events like a global pandemic, having your business halted can have major ramifications.
Impact: In the short term business interruptions can lead to income losses and in the long term it can even threaten the existence of the organization.
Mitigation strategies: Contingency planning and business interruption insurance are the only ways to fortify your operations against interruptions.
Property damage
Property damage can be the result of accidents like a fire, from natural disasters or extreme downpour, or vandalism. And the consequences can vary from minor nuisances (as would be the case for minor incidents of vandalism such as graffiti or smashed windows) to severe.
Impact: The immediate physical damage, which will need to be repaired, is only the first point of impact. Depending on the incident in question it could disrupt your operations and lead to loss of income.
Mitigation strategies: Making sure you have sufficient property insurance along with disaster planning and facility maintenance are the best ways to mitigate the impact of property damage.
Failing to comply with regulations
Whether it is the result of not noticing a change in regulatory or legislative requirements or it is the result of poor compliance data management failing to comply with rules and regulations have a severe impact on any organization.
Impact: Depending on the regulation in question the impact of non-compliance can range from fines to legal action or termination of certain licenses or permissions.
Mitigation strategies: Hiring compliance officers, partnering with auditors and investing in compliance software and other tools to help your regulatory reporting.
How enterprise organizations can improve their organizational risk management
Business risks have continued to increase, and with the potential to impact your operations, financials and even reputation there’s good reason to make sure your processes for organizational risk management are up to snuff.
Here are the top 3 ways your organization can improve their risk management:
1. Improve decision making
Standardized reports or dashboards that provide a generalized overview of the risks your businesses face can help improve the focus of directors and executives and help them better understand the most important risk areas which in turn will let them make better risk mitigation decisions.
2. Create a culture of risk awareness
Organizations that focus on risk at the senior level often experience more discussions of risk at all levels of business. And a culture that is more open to the discussion of risk helps break down information silos and reduce risk as a whole.
An increased risk awareness will let your organization take a more proactive approach to managing risks and will help reduce the impact incidents have on your operations.
3. Coordinate the collection of compliance data
Making sure the collection and storage of compliance data is efficient or even automated doesn’t just help you sidestep potential penalties related to regulatory compliance, it can also help you save an immense amount of time in your day to day business, letting employees focus their time and energy on other tasks.