The shape of risk management in 2022: Cyber risk quantification, ESG, and operational resilience
MetricStream outlines several trends and predictions on risk management that enterprises should watch in 2022.
The global integrated risk management (IRM) and governance, risk management, and compliance (GRC) company say the past 18 months have marked a turning point with a renewed focus for enterprises to reassess their GRC capabilities in constantly evolving market conditions.
A recent Deloitte survey found that 84% of financial services firms in Asia Pacific aim to enhance existing resilience plans, with 88% reporting they were conducting or planning to conduct frequent simulation exercises.
"Based on recent events, 2022 will usher in a distinct focus on risk management and resilience driven by three key factors: cyber risk quantification with GRC, Environmental, Social, and Governance (ESG), as well as operational resilience," says MetricStream senior VP and managing director, APAC, Aravind Varadharajan.
Cyber risk quantification
According to IDC, investments in security-related products and services are expected to grow at a five-year CAGR of 13.3% and reach a massive US$35 billion by 2024 in Asia Pacific. This is due to the exponential rise in cybercrime sophistication. The figures indicate that many enterprises still use traditional or antiquated processes to assess cyber risk.
"For too long, Chief Risk Officers (CROs) and Chief Information Security Officers (CISOs) have been dependent on heatmaps or high/medium/low-risk scores to measure risk," says Varadharajan. "Moving forward, enterprises should incorporate a full scope of GRC digital tools to measure impact in quantifiable terms."
MetricStream believes many enterprises will likely do away with traditional risk assessment measurement tools in 2022 and instead adopt advanced cyber risk quantification tools for precise measurements of an enterprise's risk appetite by assigning a dollar value. These tools can allow the enterprise to measure, manage, and see risk holistically to gain valuable insights. With this knowledge, risk and security professionals can justify investments to C-suite and board members in quantifiable terms.
Environmental, social, and governance
ESG is becoming more important for many businesses across industries in the region. According to the 11th annual EY/IIF global bank risk management survey, 100% of Asia Pacific CROs recognise climate change as a top risk requiring their utmost attention – compared to 49% globally. In comparison, European organisations widely heralded as leaders in ESG action have resorted to dropping clients to avoid costs tied to ESG risk.
Enterprises must incorporate an element of managing ESG risk to overcome its cost, and this is an emerging area of governance, risk, and compliance (GRC). In 2022, MetricStream says implementing an ESG-enabled GRC strategy will take precedence among enterprises to accurately measure and report ESG scores.
Operational resilience
Enterprises that weather the storm in an environment with constant change do so by having plans in place before the next crisis. Spearheading this movement, authoritative bodies in the region have begun embracing operational resilience requirements within the financial sector with many regulations and guidelines.
MetricStream says adopting an effective GRC strategy to rationalise data from varied sources across the enterprise ensures that leaders will be well on their way to managing, embracing, and ultimately thriving on risk in 2022.