Mon, Sep 30, 2019
Mitigating business risk has always relied on knowledge of markets and counterparties, and of the forces that could disrupt a company’s agreements and assumptions. In the pre-digital, pre-global age, gaining such knowledge was made easier by implicit boundaries that governed the way most organizations conducted business.
Suppliers, lenders and business partners were drawn from fairly well-established pools of referrals and contacts. Clearer categories for industries and sectors meant that enterprises knew their place in the larger economic ecosystem, enabling them to adopt and conform to established business models and vocabularies. Growth was often predicated on increasing a product’s existing market share or on moving into markets adjacent to those where a solid presence already had been established.
Of course, even in that environment, plenty of risks existed, and naturally the ability of enterprises and their leaders to navigate those risks ranged widely. But it is also fair to say that many aspects of business operated incrementally, and that their incremental nature made navigating risk simpler. This is particularly evident viewed through the lens of the past decade, in which traditional boundaries and assumptions, already weakening, eroded further. Globalization is one example. Not so long ago, “globalization” often meant that enterprises from a handful of developed countries were setting up operations or joint ventures in developing markets. Now the planet has a truly distributed network of business relationships, in which Asia invests in Europe and the Middle East has business partnerships in Latin America. Meanwhile, mobile connectivity and social media have created a digital world in which information asymmetries have greatly lessened, giving rise to different consumer expectations and business models. Those new business models are scrambling the traditional definitions of industries and sectors. All of these developments dramatically increase the number of unknowns—and thus the risks—with which organizations must contend.
The broadening of the risk landscape is visible in the types of significant incidents our survey respondents report experiencing in the last 12 months and in the priority levels they assign to various risk mitigations. The most frequently cited incident is leaks of internal information, reported by 39 percent. But this perennial challenge now coexists with risks from relatively recent threats, such as data theft, and even newer threats, such as adversarial social media activity.
Risk management today is centered on responding to—and trying to stay ahead of—rising threats while continuing to battle long-established risks. Newer risks differ from old ones in their ubiquity. While money laundering and counterfeiting, for example, take the greatest toll on particular industries and countries, virtually every enterprise is potentially vulnerable to social media attacks or collateral damage from a business partner’s scandal. Adding urgency to the new risks is the need to establish appropriate systems and capabilities for combating them. So it is that every risk on our list is either a significant or high priority for more than half of our survey respondents.
by Kevin Braine
by Alexander Booth, Benedict Hamilton
by Jonathan Harman
by Nick Doyle, Timothy V. Horner
by Christopher Bakewell, Tadashi Kageyama
by William C. Nugent, Richard M. Plansky
by Astrid Ludemann, Justine Radnedge
by Ann Gittleman
by Hiroki Katayama
by Alan Brill, Ken C. Joseph, Esq., Hugo Hoyland
by Darren Burrell
by Benedetto Demonte, Paul Jackson, Jason N. Smolanoff
by Fernanda Barroso, Tarun Bhatia, Howard Cooper, Zoë Newman
by Steve Cornmell, Violet Ho
Incident response, digital forensics, breach notification, managed detection services, penetration testing, cyber assessments and advisory.
Global investigations to help clients identify wrongdoers, recover assets and seek legal remedies.
Complying with anti-money laundering and anti-bribery and corruption regulations.
Kroll’s forensic investigations and intelligence team delivers actionable data and insights to help clients across the world make critical decisions and mitigate risk.
Kroll’s Enterprise Security Risk Management practice provides expert guidance and advisory services to our global clientele as they navigate the most challenging and emerging security and threat-related issues.
Independent expert analysis, testimony, advice and investigations for complex disputes and projects.
End-to-end governance, advisory and monitorship solutions to detect, mitigate, drive efficiencies and remediate operational, legal, compliance and regulatory risk.
Valuation of businesses, assets and alternative investments for financial reporting, tax and other purposes.
Duff & Phelps is a leading middle-market M&A advisor.