No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • CCI Magazine
    • Writing for CCI
    • Career Connection
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Library
    • Download Whitepapers & Reports
    • Download eBooks
    • New: Living Your Best Compliance Life by Mary Shirley
    • New: Ethics and Compliance for Humans by Adam Balfour
    • 2021: Raise Your Game, Not Your Voice by Lentini-Walker & Tschida
    • CCI Press & Compliance Bookshelf
  • Podcasts
    • Great Women in Compliance
    • Unless: The Podcast (Hemma Lomax)
  • Research
  • Webinars
  • Events
  • Subscribe
Jump to a Section
  • At the Office
    • Ethics
    • HR Compliance
    • Leadership & Career
    • Well-Being at Work
  • Compliance & Risk
    • Compliance
    • FCPA
    • Fraud
    • Risk
  • Finserv & Audit
    • Financial Services
    • Internal Audit
  • Governance
    • ESG
    • Getting Governance Right
  • Infosec
    • Cybersecurity
    • Data Privacy
  • Opinion
    • Adam Balfour
    • Jim DeLoach
    • Mary Shirley
    • Yan Tougas
No Result
View All Result
Corporate Compliance Insights
Home Featured

10 Top Risks for 2019

Annual Survey Reveals Growing Threats

by Jim DeLoach
February 27, 2019
in Featured, Risk
woman in blue picking up domino to stop domino effect

The latest global survey of C-level executives and directors of the macroeconomic, strategic and operational risks that organizations face indicates an increasingly risky year ahead. Protiviti’s Jim DeLoach discusses the risks keeping executives up at night.

Overall, 825 C-level executives and directors participated in this year’s global study, with 45 percent representing companies based in North America. As with our prior studies, the survey results captured significant uncertainties by industry, executive position, company size and type and geographic area. The important message is that the survey participants noted increasing risks looking forward to 2019 compared to last year.

Consistent with prior years, there is variation in views among boards and C-suite executives regarding the magnitude and severity of risks for 2019. This finding suggests the need for dialogue at the highest levels of the organization to ensure everyone agrees as to the critical enterprise risks.

Below, we rank the common risk themes in order of priority, noting the previous year’s top 10 rank parenthetically. This summary provides a context for understanding the most critical uncertainties companies face over 2019.[1]

Leading Risks Organizations Face This Year

  1. Existing operations and legacy IT systems may not be able to meet performance expectations related to quality, time to market, cost and innovation, as well as competitors, especially “born digital” and/or low-cost-base competitors or established competitors with superior operations (#10 in 2018). This risk is a composite of several significant uncertainties: the company’s digital readiness, its lack of resiliency and agility in staying ahead of or keeping pace with changing market realities, the restrictive burden of significant technical debt, the lack of out-of-the-box thinking about the business model, fundamental assumptions underlying the strategy and the existence or threat of more nimble competitors. With the reduction of entry barriers, established incumbents are leery of new competitors that can grow quickly by leveraging hyperscalable digital capabilities that enable them to operate more efficiently, digitize new products and services, enhance the customer experience and/or transform the business model.
  2. Succession challenges and the ability to attract and retain top talent in a tightening talent market may limit ability to achieve operational targets (#6 in 2018). Labor markets continue to tighten as unemployment declines to levels at which economists debate the theoretical point where full employment is reached. Vital specialized knowledge and subject matter expertise are becoming harder to acquire and retain on a cost-effective basis. What’s at stake is sustaining the workforce with the requisite talent and skills needed to think out of the box in a rapidly changing digital marketplace, execute high-performance business models and implement increasingly demanding growth strategies.
  3. Regulatory changes and scrutiny may heighten, noticeably affecting the way products or services will be produced or delivered (#4 in 2018). For each of the seven years we have conducted this global survey, regulatory risk has been a top five risk. That it increased in comparison to last year is likely due to increased scrutiny at federal, state and local levels on a variety of regulatory fronts, particularly in Europe. Uncertainty over the results of the forthcoming U.S. midterm elections may have also weighed on the minds of respondents from the United States (our survey was conducted in September-October 2018).
  4. Lack of preparedness to manage cyberthreats that have the potential to significantly disrupt core operations and/or damage the brand (#3 in 2018). This risk is no surprise. There are two categories of companies: those that have been breached and know it, and those that have been breached but don’t know it yet. Cybersecurity is a moving target, as innovative digital transformation initiatives, cloud computing adoption, mobile device usage, machine learning and other applications delivering exponential increases in computing power continue to outpace the security protections companies have in place. Increasingly sophisticated attacks on the human perimeter by perpetrators of cybercrime add to the uncertainty. As advanced persistent threats (APTs) spread, public disclosure requirements tighten and reputation hits from significant breaches increase in severity, the stakes for effective cybersecurity spiral upward.
  5. Resistance to change may restrict ability to make necessary adjustments to the business model and core operations (#2 in 2018). Enabling change continues to be a significant priority for just about every organization on the planet, for change is becoming a way of life for most companies. Whether covert or overt, resistance to necessary change spawned by disruptive innovations that alter business fundamentals can be lethal. Strategic error in the digital economy can result in the ultimate price if a company continues to play a losing hand in the marketplace, ultimately suffering what a well-known CEO refers to as “stasis, followed by irrelevance, followed by excruciating, painful decline, followed by death.”[2] Board members and C-suite executives recognize the importance of positioning their organization as early movers in exploiting market opportunities and responding to emerging risks.
  6. Rapid speed of disruptive innovations and/or new technologies within the industry may outpace ability to compete and/or manage the risk appropriately, without making significant changes to the business model (#1 in 2018). The top risk last year, this strategic risk remains important. With the onslaught of advances in digital technologies and rapidly changing business models, organizations must be agile and resilient in elevating their customers’ experiences, digitizing new products and services, increasing the velocity of quality decision-making and sustaining operational excellence. The big challenge with disruptive change is that even when executives are aware of emerging technologies that obviously have disruptive potential, it isn’t easy deciding how to respond. This risk is especially a concern for board members and CEOs, with both groups of respondents rating it as a top five risk concern.
  7. Privacy/identity management and information security risks may not be addressed with enough resources (#7 in 2018). Holding its own at the seventh spot, this risk is likely to remain a top 10 risk for a long time. The proliferation of legislation to protect privacy of personal information has created enormous complexities for businesses, with the teeth of potential fines, penalties and reputation loss that cannot be ignored. As the expanding digital economy enables businesses and third-party organizations to house sensitive information obtained in many ways, fresh exposures to sensitive customer and personal information and identity theft present themselves.
  8. Inability to utilize data analytics and “big data” to achieve market intelligence and increase productivity and efficiency may significantly affect core operations and strategic plans (#9 in 2018). Respondents continue to be concerned with their ability to harness the power of data and advanced analytics to achieve competitive advantage and manage operations more effectively. The prevailing view is that knowledge differentiates in the digital marketplace, as the winners will be those companies that capture and analyze the insightful, clarifying intelligence that positions them to be nimbler and more responsive to market shifts and changing customer preferences than competitors.
  9. The organization’s culture may not sufficiently encourage timely identification and escalation of significant risk issues that have the potential to significantly affect core operations and achievement of strategic objectives (#5 in 2018). The effectiveness of formal and ad hoc upward communication processes is of vital importance to keeping an organization’s leaders in touch with business realities. Coupled with concerns over resistance to change, the presence of this risk reflects on the strength of the organization’s culture, including its tone at the top, mood in the middle and buzz at the bottom.
  10. Sustaining customer loyalty and retention may be increasingly difficult due to evolving customer preferences and/or demographic shifts in the existing customer base (not ranked in 2018). Companies with highchurn rates incur significant costs in replacing lost customers. Sustaining customer loyalty and retention is about increasing profitability through superior top-line performance and reduced marketing costs and other costs associated with educating new customers. Customer preferences can shift rapidly in the digital age, but companies must keep pace with such shifts and retain customers in an environment where growth rates are modest in certain sectors.

One risk – economic conditions in markets the organization currently serves significantly restricting growth opportunities – fell from eighth on last year’s global top 10 risks list to the 11th spot this year, continuing the trend of declining macroeconomic risks noted by our risk surveys over recent years. Interestingly, board members and CEOs rated economic conditions as a top five risk, ranking it in the third and fourth spots, respectively. In addition, while most survey respondents do not rate concerns about economic conditions in domestic and international markets as a top 10 risk, developments occurring since our survey period ended on October 3 could be altering those perceptions.

Geographically, the results varied. Board members and executives from North America ranked the same top five risks as reported globally, with resistance to change and cyber risk in the fourth and fifth spots, respectively. Europe ranked regulatory risk at the top spot and economic conditions as the fourth-highest risk, with cyber risk, competitor risk and talent risk rounding out the top five. Respondents from Asia reported big data and supply chain issues as top five concerns, along with people risk, regulatory risk and competitor risk. Respondents from Australia/New Zealand, Latin America, the Middle East and India reported the same top risks as the global results, except for cyber risk; in its place was the risk of disruptive innovation.

Looking forward, the message is that digital disruption is a main driver of risk impacting uncertainty over business model viability, customer preferences, the competitive landscape, workplace dynamics and the war for talent and even regulatory demands. Clearly, organizations must align their culture, people, processes and intelligence gathering to embrace this rapidly changing business environment. Risks have increased, both individually and overall, pointing to a perceived higher risk environment over the next 12 months. The mix of the top 10 risks is largely unchanged, but the ranking order has shifted. Seven of the top risks are operational in nature and the other three, strategic. The top risks also vary in different regions across the globe. It all adds up to exciting times ahead.

In Closing

Senior executives and their boards may want to consider the above risks in evaluating their risk oversight focus for the coming year in the context of the nature of the entity’s risks inherent in its operations. If their companies have not identified these issues as risks, directors should consider their relevance to the company’s business and ask, “Why not?”


[1] Executives Perspectives on Top Risks for 2018, Protiviti and North Carolina State University’s ERM Initiative, available at www.protiviti.com.

[2] Jeff Bezos’s letter to Amazon shareholders, April 2017, available at https://blog.aboutamazon.com/company-news/2016-letter-to-shareholders.


Tags: Board of DirectorsCloud ComplianceCyber RiskMachine LearningTone at the Top
Previous Post

12 O’Clock High

Next Post

Compliance into the Weeds

Jim DeLoach

Jim DeLoach

Jim DeLoach, a founding Protiviti managing director, has over 35 years of experience in advising boards and C-suite executives on a variety of matters, including the evaluation of responses to government mandates, shareholder demands and changing markets in a cost-effective and sustainable manner. He assists companies in integrating risk and risk management with strategy setting and performance management. Jim has been appointed to the NACD Directorship 100 list from 2012 to 2018.

Related Posts

seeing outside the box

Disrupters See the World Differently — and Act Accordingly

by Jim DeLoach
May 13, 2025

Critical differences in culture, technology adoption and talent strategies determine which organizations shape markets and which scramble to respond

news roundup green bars

In-House Counsel Salary Increases Slow

by Staff and Wire Reports
May 2, 2025

Majority of execs predict rise in fincrime in ’25

containerization concept

Are Your AI Containers Leaking Data? The CISO’s Guide to ML Endpoint Security

by Rahul Bagai
May 2, 2025

How to meet your obligations in the cloud's shared-responsibility model while preventing AI-specific attack vectors

data abstract green purple

66% of CISOs Worry Cyber Threats Are More Advanced Than Companies’ Defenses

by Staff and Wire Reports
April 25, 2025

US business sector falling behind in adoption of renewable energy

Next Post
Compliance into the weeds podcast cover art

Compliance into the Weeds

No Result
View All Result

Privacy Policy | AI Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Research
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2025 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT
No Result
View All Result
  • Home
  • About
    • About CCI
    • CCI Magazine
    • Writing for CCI
    • Career Connection
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Library
    • Download Whitepapers & Reports
    • Download eBooks
    • New: Living Your Best Compliance Life by Mary Shirley
    • New: Ethics and Compliance for Humans by Adam Balfour
    • 2021: Raise Your Game, Not Your Voice by Lentini-Walker & Tschida
    • CCI Press & Compliance Bookshelf
  • Podcasts
    • Great Women in Compliance
    • Unless: The Podcast (Hemma Lomax)
  • Research
  • Webinars
  • Events
  • Subscribe

© 2025 Corporate Compliance Insights