Cybersecurity and staffing issues key risks for companies
Cybersecurity threats, staff shortages and economic uncertainty are the top concerns for company boards, finds Chartered Institute of Internal Auditors risk survey
Set against a fragile economic backdrop of high inflation and geopolitical repercussions of the war in Ukraine, many businesses are grappling with fast-moving and uncertain risks, while there are also concerns about regulatory changes increasing the burden of red tape, cited by 43% of respondents.
As a result, boards and internal auditors need to do more to build greater organisational resilience to combat these risks, according to the Chartered Institute of Internal Auditors (IIA) Risk in Focus 2024 report.
Cybersecurity was viewed as the number one risk for businesses, cited by 84% of respondents.
Companies need to test risk and mitigation strategies, and evaluate their cybersecurity awareness to assess whether they are effective, the report warned.
Earlier in the year, companies including the BBC, British Airways and Boots, were hit by a ransomware attack that affected their payroll software provider.
Off the back of the pandemic, businesses are also facing a human resources crisis, with 58% stating that human capital, diversity, and talent management were a top risk, making it the second biggest risk in the report.
This reflected the ongoing labour shortages in key sectors of the economy, as businesses struggle to fill vacancies.
As technological developments like artificial intelligence pose a new and emerging threat, a third (33%) cited digital disruption and new technology as a top risk, although this was forecast to rise to 50% in three years’ time.
Another risk rising up the agenda was climate change with a third concerned about the impact on their businesses. As a result, boards need to ask their internal auditors to assess whether environmental sustainability goals are aligned with business strategy and have clear metrics.
Anne Kiem OBE, chief executive of the Chartered Institute of Internal Auditors, said: ‘Our research highlights the significant challenges businesses are facing given the velocity and variety of interconnected risks.
‘With the economy still in a fragile state, boards will be focused on the increased climate-related pressures, geopolitical uncertainties, a dangerous cyber-risk landscape, inflationary pressures, and attracting and retaining the skills and talent needed to navigate more risk and volatile times ahead.
‘In these challenging times, boards and their internal auditors will need to respond rapidly to immediate, fast-moving threats and have an unwavering focus on resilience.’
At the same time, the spike in energy prices remains a threat to organisations’ financial stability and in some cases their very survival.
On top of this, the report stressed that internal auditors and colleagues in risk management need to work closely together to support their organisations in navigating the interconnected risks in this new geopolitical era.
One group chief internal auditor said: ‘Every time there is a geopolitical event, there is an almost immediate impact on pension funds and the value of people’s retirement incomes and savings. Even the rumour of a geopolitical risk could have a significant and immediate effect.
‘Nothing has to actually happen for it to have a massive impact on our everyday decision-making as a corporate organisation. The velocity of geopolitical risk is very, very high.’
For 2024, boards and their internal auditors need to work together, the Chartered IIA said, to build greater organisational resilience.
This should include testing risk and mitigation strategies using scenario run-through exercises to identify inter-related risks that could otherwise remain hidden.
They should also ensure their internal auditors evaluate the organisation’s cybersecurity awareness and training programmes and assess whether those are effective.
Chartered IIA surveyed over 700 chief internal auditors across Europe.