How does a culture of innovation and doing things differently influence the risk priorities of technology companies? Risk leaders in the sector have shared the key risks they are focusing on and explained how these priorities influencing their risk management approach in our bespoke benchmark report on risk operating models in the technology sector.
Key risk areas: what risk topics are technology companies focusing on?
.png?width=600&height=400&name=Top%20risks%20technology%20sector%20(2).png)
1. Cyber
| 75% of technology companies raised cyber as a major area of focus Source: Risk Leadership Network's benchmark |
Perhaps unsurprisingly, given their reliance on websites, apps and other digital platforms to do business, 75% of technology companies interviewed raised cyber as a major area of focus. As technology companies grow, so do the number of attack surfaces for external threats to target; equally, continued digital transformation, and the chance to make systems more efficient for users, presents an opportunity for businesses.
2. Data privacy
| More than half of the technology companies interviewed highlighted data privacy as a principal risk Source: Risk Leadership Network's benchmark |
Data privacy was highlighted by just over half of companies interviewed as a principal risk to the organisation; with businesses collecting more customer data than ever, and government regulation around data privacy tightening, this is a key priority for a significant proportion of technology companies.
3. Execution effectiveness
| Execution effectiveness = The risk of not delivering on growth plans or keeping promises to the market |
Expressed in various forms by 25% of businesses, "execution effectiveness" essentially refers to the risk of not delivering on growth plans or keeping promises to the market. While this could be considered a risk for all companies, there seems to be particular concern in the technology sector, where high growth is often projected and already factored into equity valuations.
4. Other risks identified
In addition to the common risks highlighted above, one company explained how climate risk is a priority for them - in relation to the energy used by their data centres — while another raised AI regulation as a key risk. The risks and opportunities involved in AI has become a huge priorities for our members in all sectors — request to participate in our next collaboration on AI here. With the regulatory environment around AI still developing, this is considered an emerging risk for the businesses in our benchmark.
Structural trends: how are technology companies doing things differently?
Development of technical knowledge in the risk team
Cyber risks and concerns about data privacy — amongst other threats and opportunities facing technology companies — pose a range of intricate, multi-layered complications.
Addressing these risks requires a level of technical knowledge and subject matter expertise that is prompting risk teams to adopt a specialist approach. According to companies we have spoken to, the goal of the model is for members of the risk team to develop specific product or technology knowledge that enables them to offer specialist advice.
Embedded risk teams
Furthermore, risk team members under this model are often assigned to specific business units within the organisation. As well as assisting these business units with risk management and upskilling, leaders with such embedded risk teams have reported a more supportive and engaged risk culture among employees.
Greater collaboration between risk and IT teams
Another key trend between technology companies - which is more apparent than in other sectors — is greater collaboration between risk and IT teams.IT and risk collaboration is now seen as essential to ensuring resilience, and most companies are formalising this arrangement.
| 55% of the technology businesses we interviewed have implemented some version of a dedicated 'risk and cyber' forum as part of their governance structure. Source: Risk Leadership Network's benchmark |
In order to help IT teams apply a risk lens to their activities, as well as giving the risk function subject matter expertise to lead on, a few companies have also embedded risk professionals into IT teams, ensuring much closer collaboration between the two. However, a possible trade-off to this structure is that these risk team members may become too operational and less strategic in focus.
Our conversations between risk leaders in the technology sector have highlighted a general organisational reluctance to depend on templates and adhere to traditional risk management approaches, resulting in greater divergences between organisations than what would normally be expected in other sectors. However, there is a lot to be learned from the common themes highlighted in our recent benchmark that should be considered both by risk leaders working in technology firms, and those in other sectors.
Share this
Five ways to boost executive engagement with risk
Risk Culture Maturity Framework: a bespoke solution to a member priority
