Cyber security, the EU’s upcoming GDPR, reputational risk and regulation and compliance are among the chief concerns for businesses voiced by some of the UK’s leading risk experts as they look ahead into 2018. In the second instalment of an exclusive series for Risk UK, Nicola Crawford outlines the main points to be considered by today’s practising professionals.
This year will be the one when the world recognises that the majority of assets in the modern economy are intangible and the rapid movement to just-in-time and cloud-based economies creates significant vulnerabilities. More events will revolve around the impacts of cyber attacks on the real world. It will be less about data loss or ransomware attacks and more about the ‘real economy’ (as we saw in 2017 with Merck Pharmaceuticals and Reckitt production operations, including the extended supply chain being impacted).
In other words, the cyber world and the extended supply chain will merge in terms of risk exposures. This will create new challenges for practising risk professionals.
Alexander Larsen CFIRM, president of Baldwin Consulting and IRM trainer for Bitcoin and CryptoCurrencies Bubble, stated: “2018 will be the year that Bitcoin goes mainstream. Having had a meteoric rise in 2017 with an increase of nearly 1,000% in price, Bitcoin has been receiving significant coverage in the media which has brought it to the attentions of the general public. A number of factors are coming together to indicate that 2018 will be the year that big money comes rushing into the cryptocurrency, including the intention of major funds to start investing as well as new platforms being introduced and making it easier to trade for individuals.”
Larsen feels that Bitcoin is already volatile, although a less volatile investment than most cryptocurrencies which are known to swing by as much as 30%-40% per day and on occasions as much as 1,000% in a day. “This new money flooding the market will no doubt drive the price up to new heights,” said Larsen, “which leads me to believe that a major crash and correction will be on the horizon for 2018. Many people will lose a lot of money, although it remains to be seen if Bitcoin will survive or if the bubble will finally have burst.”
Something that’s certainly likely is major regulations being put in place to control the trading of bitcoin, cryptocurrencies and the issuance of new tokens.
Reputations take years to build and can be destroyed in seconds, as they say. The risk of reputational damage to organisations, Governments and individuals appears to be higher than it has ever been. This is a trend that’s likely to continue.
A reputation is put at risk when some unethical or incompetent behaviour becomes public knowledge. This can be through the actions of an individual or something more systemic at an organisational or Governmental level. The media has been full of recent examples involving organisations (FIFA, IAAF), Governments (Brazil, Angola, and Zimbabwe), companies (VW, Rolls-Royce), industries in general (Hollywood) and individuals.
The damage caused can manifest itself in the shape of lost revenues, increased costs and, in the case of listed companies, reduced shareholder value. Usually, heads roll as well.
Where a company’s reputation is its main asset, damage can result in failure, as was the case with Arthur Anderson.
Heart of the problem
So why is this trend likely to continue? “Well,” said Ray Flynn CMIRM (independent risk consultant and IRM director), “the heart of the problem in each case – complacency and, in the extreme, arrogance – is unlikely to change. The mentality of ‘this will never happen to us’ and ‘we have systems in place to prevent this from happening’ is hard to shake off. Very few have the foresight to address this particular risk until there’s an ‘issue’ that forces them to act. The risk of exposure is also increasing. There’s an element of iconoclasm and bloodletting involved as the gap between the ‘haves’ and ‘have nots’ increases, which supports whistleblowing and places direct pressure on regulatory bodies to act.”
The frequency of prosecutions for bribery, particularly in the UK and the US, but also elsewhere, as well as the level of fines imposed are increasing rapidly. This is another trend that’s highly likely to continue.
“The bad news is that this comes with public battle weariness and shock fatigue,” added Flynn. “Those exposed are likely to suffer less and less damage. The good news is that sound risk management is the best way to protect a reputation including, as advocated in the guidance to the UK Bribery Act, having a fresh pair of eyes to carry out an independent review of systems already in place.”
Alyson Pepperill CFIRM (client projects director for UK Retail at Arthur J Gallagher and chair of the IRM’s Charity Special Interest Group) explained: “Regulation and compliance will continue to be a key theme. There will be continued scrutiny of the charity sector by regulators, whether it be the Charity Commission, the Fundraising Regulator or the Information Commissioner’s Office. In 2017, selected charities were hauled over the coalsby all three. We don’t see this pattern changing.”
The European Union’s General Data Protection Regulation (GDPR) has been a key focus of many charities’ efforts to be compliant ahead of the looming May 2018 deadline. This focus will continue up to and beyond the deadline for most.
Linked to the GDPR, and in line with many ‘for profit’ organisations, the broader context of cyber risks and their management remains a struggle for charities. Charities are known as innovators and will try new ways of generating funds that can potentially increase their exposure to cyber risks.
“A more particular sector risk is the need for charities to measure through evidence-based reporting what they do and how successful they are at their delivery,” asserted Pepperill. “The expectations around how this is reported to key stakeholders have been increasing and, for many charities, represents a significant risk. If they fail to be accountable, the funding could then dry up.”
Finally, we still see financial sustainability as a real challenge for many charities reliant on local Government and National Health Service contracts, as well as funding from central Government continuing to be cut back. Volunteering has reduced over the past year and this could place further strain on charities to balance the books. They have to care, respond to their mission with determination and create impact, keep costs down and comply with all manner of regulations.
“The request for support never goes away,” concluded Pepperill, “but charities continue to be squeezed and squeezed. This is likely to result in some charities having to close or perhaps an increase in mergers.”
Shift to renewable energy
A major shift from oil and gas towards renewables is already happening on a global scale. This isn’t only occurring in terms of power generation, it must be said. It’s also occurring in the sphere of transportation.
The EU has already targeted 2035 as being a year in which all new cars sold will be electric. Many individual countries like Scotland have announced more aggressive targets, while several Scandinavian countries are already well on their way towards becoming an electric car-driving nation.
This major shift places significant pressure on oil and gas companies as well as car manufacturers to reconsider their strategies and business models. Companies in the sector will need to evaluate their target markets and offerings carefully, while also thinking seriously about what they want their company to look like in ten-to-20 years’ time.
Oil and gas companies will need to position themselves for developing economies, while also making a decision on how heavily they wish to invest in renewable energies or if there’s any appetite to look at mining materials for batteries. For car manufacturers, there will have to be a blueprint for future development work on electric vehicles. Like the oil and gas companies, they too will need to decide how heavily they wish to be involved.
Decisions made during 2018 could well turn out to be the difference between success and/or failure in the future.
Nicola Crawford CFIRM is Chair of the Institute of Risk Management