February 10, 2015 - Cyber security has come to the forefront of risk oversight for board members and C-suite executives, according to results of the third annual survey of business executives by global consulting firm Protiviti and the Enterprise Risk Management (ERM) Initiative at the North Carolina State University Poole College of Management.

"Executive Perspectives on Top Risks for 2015," released today, summarises the concerns of the 277 board members, C-suite and other top-level executives across industries who participated in the survey, identifying the perceived impact of macroeconomic, strategic and operational risks for the upcoming year.

More than half of the global survey respondents (53 percent) indicated that insufficient preparation to manage cyber threats is a risk that will "significantly impact" their organisations this year. Following a string of data breaches in the past year, cyber threats jumped to number three this year, up three rank positions in year-over-year survey results, reflecting increased concern about operational and reputational damage associated with potential breaches.

"Our survey findings indicate that operational risk issues are keeping many senior executives up at night," said Mark Beasley, Deloitte Professor of Enterprise Risk Management and NC State ERM Initiative director. "Given encouraging signs in the economy, we've observed an overall shift in focus from macroeconomic risks to operational risks, which had the greatest increase in risk scores from 2014. Notably, however, CEO respondents remained extremely focused on macro trends affecting their business."

For the third consecutive year, regulatory changes and heightened regulatory scrutiny ranked as the number one risk on the minds of board members and corporate executives; 67 percent indicated that it will “significantly impact” their organisations.

Differing Perceptions of Risk

The survey findings suggest that while the business environment in 2015 will be somewhat less risky than in the previous two years, most of the business leaders surveyed indicated that they are more likely to invest in additional risk management resources in 2015. The survey also identified differing perceptions between boards of directors and members of the executive team regarding the current risk environment; CEOs and boards of directors reported more optimism about risk issues while CFOs and chief audit executives perceived a more risky business environment.

“While regulation continues to be top-of-mind for business leaders worldwide, there are emerging risks that are receiving increased consideration and attention. Based on our ongoing conversations with boards and executive teams, we added five new risk areas for participants to rank in the survey this year. Two of these made it to the top 10 risk list: one focused on organisational culture and its ability to encourage identification and escalation of risk concerns and the other on customer retention in the face of evolving customer preferences,” said Jim DeLoach, a managing director withProtiviti. “The top-10 ranking of these two risks indicates a shift in mindset and priorities for corporate leaders. As a result, we expect there will be increased oversight in these areas at the board level during the next year.”

The Top 10 Risks for 2015

Following are the top 10 risks identified in the annual risk survey, along with the percentages of respondents who identified each risk as having a “Significant Impact” on their business.

1.    Regulatory changes and heightened regulatory scrutiny may affect the manner in which our products or services will be produced or delivered (67 percent)

2.    Economic conditions in markets we currently serve may significantly restrict growth opportunities for our organisation (56 percent)

3.    Our organisation may not be sufficiently prepared to manage cyber threats that have the potential to significantly disrupt our core operations and/or damage our brand (53 percent)

4.    Our organisation’s succession challenges and ability to attract and retain top talent may limit our ability to achieve operational targets (56 percent)

5.    Our organisation’s culture may not sufficiently encourage the timely identification and escalation of risk issues that have the potential to significantly affect our core operations and achievement of strategic objectives (51 percent)

6.    Resistance to change may restrict our organisation from making necessary adjustments to the business model and core operations (49 percent)

7.    Ensuring privacy/identity management and information security/system protection may require significant resources for us (52 percent)

8.    Our organisation may not be sufficiently prepared to manage an unexpected crisis significantly impacting our reputation (46 percent)

9.    Sustaining customer loyalty and retention may be increasingly difficult due to evolving customer preferences and/or demographic shifts in our existing customer base (48 percent)

10.  Our existing operations may not be able to meet performance expectations related to quality, time to market, cost and innovation as well as our competitors (46 percent)

The survey was conducted in the fourth quarter of 2014. Respondents represent both U.S.-based and non-U.S. organisations and public and private companies. The report also provides detailed insights broken out by size of company, position and industry.

The “Executive Perspectives on Top Risks for 2015” report from Protiviti and the NC State Poole CollegeERM Initiative, along with an infographic, a video and a podcast highlighting the data are available for complimentary online.

Additionally, Protiviti is offering a free online benchmarking tool to enable executives to compare their organisation’s top risks to the survey findings. Users can submit their own responses to questions from the survey, and then download their results in a personalised report showing how they compare to the companies in the Protiviti-NC State survey.

The Enterprise Risk Management (ERM) Initiative in the Poole College of Management at North Carolina State University provides thought leadership about ERM practices and their integration with strategy and corporate governance. Faculty in the ERM Initiative frequently work with boards of directors and senior management teams helping them link ERM to strategy and governance, host executive workshops and educational training sessions, and issue research and thought papers on practical approaches to implementing more effective risk oversight techniques.