This article is more than 1 year old
Q: What does risk mean to you?
The changing face of threat
All businesses face risk of some sort. Traditionally, the risks facing organisations have tended to range from incidents such as a fire in a building or production line, or environmental factors, such as damage sustained by flooding or storms. In past years, such physical risks made up nearly 100 per cent of the major risks faced by business.
Today, some feel that the risk of environmental or natural disaster is still important, but they now account for around 70 per cent of the risk faced by business. The remaining 30 per cent comes from non-manmade sources and much of this is accounted for by the changing nature of business.
One area in which business is changing is that it is becoming increasingly global, with companies looking to outsource non-core aspects of their business in order to gain access to lower cost resources. This places many in unfamiliar business surroundings with new risks, including those of government corruption, security and employee safety.
Not only are businesses facing risks from new sources, but new legal and industry-specific regulations are raising the bar on dealing with risk. These include legal regulations such as Sarbanes-Oxley, which places the onus on senior executives to personally vouch for the quality of the business information that it publishes and which looks set to be replicated across Europe, and industry regulations such as the food safety laws that come into effect in Europe in January 2005, which require greater disclosure of the provenance of all materials used in the production of food items right throughout the supply chain. Coming soon, the Basel II capital adequacy accord will force greater disclosure of the risk profiles of banks and other financial institutions.
However, recent surveys show that perceptions of risk vary widely within organisations and what executives care most about in terms of the risks that they face varies widely according to their area of expertise. A survey undertaken by MORI, on behalf of the UK Confederation of British Industries, asked chairmen, CEOs and other senior executives of UK companies about the greatest risks that their businesses face. The results are interesting, but in marked contrast to those released in 2004 by FM Global, a leading insurance and risk management organisation. The respondents to this survey were drawn from the ranks of CFOs and treasurers, risk management professionals, and investment professionals.
In the CBI survey, 57 per cent of chairmen and CEOs indicate that they are particularly worried about IT and computer network security - but this is in direct contrast to the FM Global survey, where just 11 per cent of risk managers, eight per cent of CFOs and treasurers and three per cent of investment professionals in Europe see risks to IT and telecommunications systems as being severe hazards facing their companies. There are differences among the professionals interviewed by FM Global for its 2004 survey - 72 per cent of CFOs, treasurers and risk managers see property-related threats as the most important threats facing their organisations, compared to just 19 per cent of European investment professionals.
Another marked contrast is that very few of the respondents to the FM Global survey view newer threats, such as sabotage or terrorism, as serious risks to their organisations. In contrast, one third of CEOs and chairmen responding to the CBI survey view terrorist action as the type of security threat causing the most worry, and one fifth cite environmental terrorism. Among these respondents, more mentioned the actions of animal rights activists as being a threat than the danger of fire or flood, especially among larger companies.
The greatest difference can be seen in how investment professionals assess the risks facing business. Whereas CFOs, treasurers and risk management professionals are more focused on property-related risks, 81 per cent of investment professionals point to non-property-related risks as being the most important. Within this category, pricing fluctuations were seen as important risks by 46 per cent of European investment professionals and government and regulatory requirements by 17 per cent. For risk managers, these were seen as important by just nine per cent and one per cent respectively.
But the one area in which respondents to both surveys appear to agree is that companies need to spend more on security than they did previously and that security is of such importance that it needs to be put under the supervision of the board of directors. However, many admit that there is still some way to go and the surveys show that doubts remain about the workability of security plans in practice as well as the ability to keep pace with newly emerging threats.
Taken together, these two surveys show that companies are thinking more seriously about security than they did previously, but gaps remain. In addition, some company officers appear to have their heads in the sand with regard to new risks that they face in their operations, including their ability to comply with new regulations. Industry observers such as investment professionals and analysts appear to be more tuned in as to the risks that these regulations pose to businesses. It is time for businesses to wake up now to the threats such regulations pose to their operations - before the first legal cases are tried.
Copyright © 2004, IT-Analysis.com
Counting the cost of security training
Business frets over wireless security
Symantec drives security deep into enterprise