CRO and risk management leaders

Latest findings from PwC’s Pulse Survey

The growth-minded risk executive

Risk executives (72%) resoundingly say that capitalizing on digital transformation initiatives is very important to their companies’ growth in 2022. Only the board member group agrees as strongly. 

This is a signal change. Risk executives, whether invited in or stepping up, are alongside other executives leading digital transformations. Often relegated to bit players in these massive efforts in the past, risk execs are now central to identifying what could go wrong and designing the playbooks to mitigate them. If companies are going to disrupt themselves, they want to do it smoothly. 

And they want to do it fast. Customer-facing transformations are the most pressing: unicorns disrupting many industries reach scale in three to five years, too fast for a slow incumbent to hesitate, falter or stall in its transformative initiatives.

That’s why more than half of risk executives realize that greater agility is required for their organization—and their own function—to grow. 

Growth-minded risk executives take a more panoramic vista on how they do their work. Not traditionally immersed in talent issues, they know that when employee turnover goes from 15% to 45% at a company, such as we are seeing in the “Great Resignation,” hiring and retaining talent becomes vital—and failure to do so can become a significant threat to the business.

De-risking the upside: focus on talent, digital transformation, innovation and agility


Very important
Investing a lot

Hiring and retaining talent
%
%
Capitalizing on digital transformation initiatives
%
%
Developing new products and services in response to changing consumer behavior (e.g., sustainability and digital offerings)
%
%
Increasing agility to better operate in a turbulent business environment
%
%
Improving supply chain resilience
%
%
Reevaluating pricing strategies (e.g., exploring price increases to make up for rising input costs)
%
%
Championing ESG issues
%
%
Pursuing corporate M&A, joint ventures and alliances
%
%
Pursuing divestitures and spin-offs
%
%

Q: How important are each of the following to your company's ability to grow in 2022?
Q: To what extent is your company investing in the following in 2022? Source: PwC Pulse Survey, January 27, 2022: base of 678, CRO base of 93

A broad risk dashboard

It’s easy to describe the positive day-to-day changes in the way we work and live. It’s harder to see the risks that lurk underneath. Risk executives see a broad array of them, with more than 30% naming seven risk categories as the greatest threats to their company’s ability to grow. 

It’s the nature of the tech-enabled and highly interconnected business environment today. One risk emanates from one area and moves quickly through others. Attackers, for instance, can exploit cyber weaknesses by designing custom malware to bypass network controls. They then spot gaps in fraud controls to gain unauthorized access to applications and user IDs. Next, they set up fraudulent bank accounts to receive and transfer the stolen funds. Finally, the attackers launder the stolen money. This kind of threat crosses at least four risk categories: cyber, data, clients and products and regulatory. 

The growth-minded, tech-savvy risk executive understands the transmission of blended risks across the enterprise and makes major adjustments. To continue with the example, traditionally siloed cyber, fraud, physical security and anti-money laundering (AML) teams are now brought together into fusion centers to better defend against perpetrators trying to exploit weaknesses across these areas. 

Where collaborative risk functions used to be the exception, they now need to be the norm. Even sophisticated companies, especially those in non-regulated industries, have yet to address a lack of integration across risk categories and functions. Integration clears away speed bumps along with unnecessary complexities and costs.

The risks to the upside: highly interconnected and encompassing


Compliance and regulatory risk
%
Cyber/information risk
%
People risks
%
Technology risks
%
Third-party risks
%
Industry-specific risks
%
Clients and product risks
%
Data risks
%
Reporting risks
%
Physical security
%
Intellectual property risks
%

Q: In 2022, which of the following operational risks present the greatest threat to your company's ability to drive growth?
Source: PwC Pulse Survey, January 27, 2022: base of 678, CRO base of 93

New guardrails in the making

Sixty-two percent of the risk executives say that policy shifts in technology and data are leading to the most change in their business. That’s because technology and data-intensive innovation have advanced beyond traditional controls. Legislative and regulatory agendas are packed with proposals and bills to protect consumers and society from harms via cryptocurrency, digital payments, user-generated content, artificial intelligence and autonomous systems. 

Governments are reacting in ways that will certainly alter many companies’ global strategies and regional structures, as well as the way they use data to find, track and serve customers. The balancing act of promoting innovation while protecting against risks is evident in some new approaches to better govern and regulate new markets and technologies. 

In financial services and health, the most highly regulated industries, sector-specific developments like health regulations have become top priorities for consumer markets and industrial products companies.  

The growth-minded risk executive does not wait for regulation to come into force, but works with the business to set policy on their own. For example, for social media platforms and other companies involved in content moderation, they can lay the foundation by defining their guiding principles, values and ethics to devise terms of service, and clearly communicate these terms to users. 

Active regulatory and legislative agenda weigh on risk execs’ minds


Data protection and privacy regulations
%
Industry-specific regulations
%
Cybersecurity regulations
%
Regulations regarding health precautions
%
AI regulations (e.g., regarding facial recognition, automated decision-making systems, privacy)
%
Fintech regulation
%
Regulation of cryptocurrencies
%
Regulation of digital assets other than cryptocurrencies
%
Antitrust regulation
%
Section 230 reform
%
Unsure
%

Q: Which of the following policy and regulatory developments are the biggest priorities for your company in 2022?
Source: PwC Pulse Survey, January 27, 2022: base of 678, CRO base of 93

The long view of risk and growth

Any CEO or corporate board member wants to affirm to stakeholders that they are ahead of the curve when it comes to risks arising from the most important initiatives of the company. In cybersecurity, for example, companies will want to be cyber-ready for tomorrow, not just for today. 

At least a fifth of the risk executives report getting a jump on understanding risks from new trends before they become mainstream or dominant. Executives from financial services are already monitoring risks from cryptocurrency and autonomous decisions and response systems. Tech firms are implementing risk mitigation plans related to non-fungible tokens (NFTs). Industrial manufacturers are beginning to create risk mitigation plans for the use of autonomous decision and creation systems.

To get ahead of the curve, the growth-minded risk executive encourages ways for control teams and business teams to be allies. For example, compliance and security teams update their controls strategy so that fast software development and strong controls can go hand in hand. Further, “Compliance-as-code,” continuous compliance and intelligent controls are new practices that allow organizations to be agile.

Finally, the growth-minded risk executive takes a long and panoramic view. Digitization is important to capture immense opportunities today. But digital transformation is about building real, long-term competitive advantage to succeed. The growth-minded risk executive invests in capabilities for the long-term.


About the survey

Our latest PwC Pulse Survey, fielded January 10 to January 14, 2022, surveyed 93 risk leaders from Fortune 1000 and private companies, along with other C-suite executives, about business priorities, investment plans and concerns as they think about the year ahead. Find all of these insights in our PwC Pulse Survey.

Executive views on business in 2022

Past surveys

Contact us

Joseph Nocera

Joseph Nocera

Cyber, Risk and Regulatory Marketing Lead Partner, PwC US

Tiffany Gallagher

Tiffany Gallagher

Principal, Health Industries, Cyber, Risk & Regulatory Leader, PwC US

Tom Snyder

Tom Snyder

Managing Partner, Cyber, Risk & Regulatory, PwC US

Follow us