StrategicRISK questioned our risk community on its greatest fears. The future may be looking bright for Australia, but top nail-biters on the horizon include cyber attacks, hits on their reputation, and a failure of infrastructure.
Australia is on the verge of becoming an even player in the global economy. Brexit is likely to mean new, more valuable trade deals with the UK. Current trade tit-for-tat between the US and China is threatening to boil over into a full-scale trade war, and if we play our cards right, we could very easily come out on top.But, as with every reward, a risk usually precedes it.
StrategicRISK surveyed Australia’s top risk practitioners to find out their thoughts on where they believe the biggest threats are on the horizon. From a list of 31, respondents were asked to select between 5 and 10 risks that are of greatest concern to their business.
Respondents were then asked to rate the risks they had selected by likelihood, financial impact and time to impact, based on the scales below. Targeted cyber attacks and damage to reputation and brand tied as equal first concerns for almost all of our respondents.
One said: “Cyber criminals are becoming better equipped to successfully conduct cyber attacks and in most cases quicker than new controls can be implemented to prevent the attacks being disruptive.”
Another said: “Risk is frequent and develops constantly. Business takes on more exposure as it adopts more technology.”
Failure of critical infrastructure also rated very highly as a concern for our respondents, with many concerned that the velocity and time to impact could be closer than many executives believe. One respondent noted: “Efficiencies of new IT systems also lead to greater dependency and consequences in the event of failure,” while another said: “Increased commercial development and growth is putting additional pressure on technology, utilities and infrastructure.”
At least three respondents told us that they are very concerned about this risk due to their firm’s over-reliance on IT systems. Macroeconomic change and change to regulators behaviour and/or regulatory changes are a mid-range concern for risk managers, which is surprising considering the recent Royal Commission into Misconduct in the Banking, Superannuation and Financial Services Industry.
One respondent did note: “Availability of capital may be affected locally by the Royal Commission and internationally by protectionist policies.” Echoing these thoughts, another respondent said: “Availability of capital and interest rates are significantly impacting our ability to grow.”
From a list of 31, respondents were asked to select between 5 and 10 risks that are of greatest concern to their business. Respondents were then asked to rate the risks they had selected by likelihood, financial impact and time to impact based on the scales below. The following graph shows the top 10 most selected risks, and the average likelihood, financial impact and time to impact score.
1 Unlikely to occur in a 10-year period
2 Unlikely to occur in a 5-year period
3 Likely to occur in 2 - 3 year period
4 Likely to occur in a one year period
5 Likely to occur more than once in a year
1. Insignificant. Impact equivalent to less than 0.1% of total annual income
2. Minor. Impact equivalent to between 0.1% and 1% of total annual income
3. Moderate. Impact equivalent to between 2 - 5% of annual income
4. Major. Impact equivalent to between 5 - 10% of annual income
5. Catastrophic. Equivalent to greater than 10% of annual income
Speed of impact - represented by the size of each circle (the larger the faster the speed of impact)
Taking each of the risks selected as being of greatest concern, respondents were asked to rate how quickly each scenario moves from the initial root cause to the point where the impact/s are felt using the following scale.
1 Very low: Impact occurs very slowly over more than 12 months
2 Low: Impact occurs slowly over 3 – 12 months
3 Medium: Impact occurs in 1 – 3 months
4 High: Impact is felt quickly, in a matter of days or weeks
5 Very high: Little or no warning/instantaneous