No Match Found
of risk leaders say more frequent, large-scale cyber attacks pose the top risk to their company
say they can influence transformation earlier by forming stronger C-suite relationships
Chief transformation officer is the most important exec to build a stronger relationship with
As businesses pursue strategies to reinvent themselves, risk leaders (including CROs, CISOs and CAEs) stand ready to help their company navigate the many, often unseen, hazards. External risks include cyber attacks, with 83% of risk leaders citing them as a moderate or serious risk, according to our August 2023 Pulse Survey. Other risks include the US regulatory environment (77%) and margin pressure affecting earnings (70%).
Risk leaders can help more if they're included early on, if their peers understand the value they bring, if they’ve built collaborative relationships and if they bring information on relevant risks to C-suite discussions.
say forming stronger C-suite relationships is a top way for risk leaders to get engaged earlier
Business reinvention requires taking on more risk. As companies prioritize embedding new technologies in their business model and creating new revenue streams, they're gathering and using more data and, in turn, introducing more risks. To mitigate these threats, risk leaders should be included in the planning and design phases, before vulnerabilities get baked in.
But with only half of risk leaders included in these early decisions, how can more get a seat at the table? It starts by forming relationships with senior leaders and communicating the value of risk perspectives in strategic and design decisions. Managing the risks of generative AI, for example, requires a robust collaboration with all stakeholders that’s rooted in a strong foundation of risk governance.
Bottom line: Risk leaders can better influence transformation if they build relationships, engage early and bring the right perspectives to add value.
Push to establish a risk governance process that’s tied to strategy. This can help you better address risks to that strategy early and often.
Demonstrate your team’s value by investing in technology tools and training to help deliver insights that can shape transformation initiatives.
Consider partnering with a trusted third-party to help bring the right perspectives. This is particularly useful when your team doesn’t have experience with the risks a business priority or initiative may introduce.
Chief transformation officer is the most important executive for risk leaders to build a stronger relationship with
If collaborating with C-suite leaders is key to managing the risks of business reinvention, which relationships should risk leaders prioritize? The answer, say risk leaders, is those who are closest to the action — the executives who are driving transformation efforts and are thus better positioned to support risk mitigation efforts. Topping that list are the chief transformation officer and COO, followed by the CFO and CIO/CTO.
These C-suite peers can most help risk leaders succeed. While they may not be directly involved in managing risk, they can foster the conditions that risk leaders need. It’s these hands-on stakeholders who, if informed of the associated risks, can help set the tone, tempo, direction and budget for risk management priorities.
For example, the leaders driving transformation around embedding new technologies into the business model — the C-suite’s top-ranked strategic priority (27%) — have considerable influence over the funding, scope and cadence of risk management activities. It’s in risk leaders’ interests to help their peers understand the business imperative of trust-by-design, rather than speed alone.
Know the organization, culture, incentives and performance measures that motivate each executive you engage with. Tailor your message and approach accordingly.
Start building trust and forming key relationships before a major transformation gets underway. This can help make sure you’re included early in the process when it matters most.
apply mostly or purely qualitative measures to assess reputational risks
Assessing an organization’s exposure starts with a mix of qualitative and quantitative measures, depending on the type of risk. Risk leaders are applying predominantly quantitative measures to financial risks (64%) and operational risks (50%), while using mostly or purely qualitative measures for reputational threats (39%) and compliance and regulatory risks (36%). But, regardless of the type of measure, these inputs are just that — data points, not a final determination.
A trustworthy risk assessment requires the knowledge and judgment of an experienced risk professional. Consider what’s involved in assessing the materiality of a cyber incident, for example, which can require a high degree of judgment integrating both qualitative and quantitative factors, including inputs from the company's IT/security, finance and legal departments.
For transformation initiatives, project managers leading those efforts will often apply risk assessment tools to quantify the company’s exposure — and those numeric scores have value — but they don’t replace the considered opinion of a risk professional who’s consulted with key stakeholders. Risk quantification is necessary but not sufficient. Ultimately, it comes down to judgment.
Our latest PwC Pulse Survey, fielded August 1 to August 8, 2023, surveyed 609 executives and board members from Fortune 1000 and private companies about the current business environment, the risks executives are facing and their company’s strategic plans and priorities. Of the respondent pool, 64 were risk leaders.
Principal, Health Industries, Cyber, Risk & Regulatory Leader, PwC US
Financial Services Leader, Cyber, Risk & Regulatory, PwC US
Cyber, Risk and Regulatory Marketing Lead Partner, PwC US
Cyber & Privacy Innovation Institute Leader, PwC US