Latest News

Report: Risk events increase, but risk management lags

Written on Jun 10, 2022

Enterprises around the world are being hit by an increasing number of risk events, according to a new report. 

The State of Risk Management 2022 report released by Forrester, which is based on a survey of 360 enterprise risk management decision makers in North America and Europe, found that 41% of organizations have experienced three or more critical risk events in the last 12 months. 

Risk events, incidents and disruptions have become so frequent that the increased level of risk is the “new normal,” according to the report. Nearly half the participants in the survey (44%) confirmed that enterprise risk has increased over the last year, although that varies by region. For example, 64% of North American respondents confirmed an increase in risk, while only 37% of European respondents did. 

When the enterprise risk management (ERM) pros were asked what risks had the potential to most impact their enterprises, information security risks (32%) topped the list, followed by risks to data privacy (28%). However, Forrester noted, that varied from industry to industry. Industries that depend on supply chains such as retailers and wholesalers picked supply chain risks as their primary concern, while industries targeted by ransomware such as manufacturing say their primary concern is information security. 

Decision makers participating in the survey identified several challenges to managing risk. Risk management impeding innovation was a primary challenge in 27% of the enterprises in the survey. Almost a quarter of the respondents (24%) say risk management slows down decision-making, while 17% say it doesn't consider business objectives. 

The report also found that although regulatory compliance remains a critical or high priority for 76% of those surveyed, it falls just behind the "ability to stress-test risk scenarios” (78%) as the top risk priority over the next 12 months. 

As compliance gives way to resilience, ERM pros say their organizations have benefited in a number of ways, including increased responsiveness to incidents or risk events (26%), enabling employees to make faster (26%) or better (24%) day-to-day risk-based decisions (26%), and increased ability to protect assets, environments, and systems that are critical to their business (23%).