Login Register Subscribe
Current Issue

Risk managers, C-suite disagree on data security risk levels


DENVER — Risk managers and corporate executives are achieving greater alignment in their views of risk management's strategic role within their organizations, but much work remains to prioritize specific risks and exposures.

Ninety-three percent of C-Suite executives and 87% of risk managers polled said risk management has at least some bearing on their organization's business strategy, according to the 11th annual “Excellence in Risk Management” survey, released Monday and co-authored by Marsh L.L.C. and the Risk & Insurance Management Society Inc. Risk managers and senior executives also were more or less in synch in terms of their assessments of their companies' effectiveness in managing their risks, as well as the extent to which risk management is treated as a “key strategic function” within their organization, according to the survey.

“Risk management is becoming the crossroads of organizational strategy,” Brian Elowe, a Boston-based managing director at Marsh, said Monday during a press conference at the 2014 RIMS conference and exhibition in Denver. “It's becoming the area that's aligning the organizational conversation around risk. It used to happen as a function of responding to risk, but it's becoming much more integrated into strategic planning and management.”

Over the next three to five years, a majority of both risk managers — 55% — and senior executives — 67% — said strategy and execution aptitude will be their risk management departments' most critical abilities and areas of knowledge.

Additionally, 55% of C-suite executives said business acumen would likely become more vital to their risk managers' job functions, while 37% of risk managers said they expect greater demand from their senior leadership for specific technical knowledge over the next five years.


“It's no longer enough for risk managers to be responsible solely for risk transfer,” said Carol Fox, New York-based director of the strategic and enterprise risk practice at RIMS. “Risk managers are being asked by their boards of directors and their CFOs to be more engaged the strategic planning of their organization.”

Risk managers and senior executives also showed greater alignment in terms of which risks and exposures they think present the greatest potential threat to their organizations.

Asked to rank their top 10 most concerning risks, six of the specific exposures the two groups listed were the same, including — for the first time in the survey's 11-year history — damage to their companies' brand and/or reputation.

“There was good alignment this year between the C-suite and risk professionals, and we haven't always seen that in the past,” Mr. Elowe said.

However, he said, risk professionals ranked data privacy and security as their top risk concern and technology systems failure as their eighth-most troubling risk. But C-suite executives did not rank either of those issues among their top 10 risks.

“There is a big discrepancy between the C-suite and risk professionals in the area of data security and technology failures,” Mr. Elowe said. “I think it's definitely an area where there's opportunity for better alignment within organizations.”