There’s been a “long-time resident” on global consultancy Protiviti’s annual list of top business risks, according to Protiviti’s Managing Director of Technology Consulting Practice Andy Retrum: cyber threats.
The firm’s latest annual survey, Executive Perspectives on Top Risks, found that “cyber threats” and “economic conditions, including inflationary pressures” are the top near-term concerns of execs and board members.
While Protiviti’s regular risk-focused findings are no stranger to digital disruptions, Retrum, who also functions as the company’s global technology risk and resilience practice lead, has seen companies move their focus from locking down their sensitive info to limiting the impact of system downtime.
“You’re seeing the shift from, ‘I need to protect my data,’ to ‘I need to maintain the business services that are core to my organization.’ And when bad things happen, ‘How do I quickly respond and recover those things?’” Retrum told attendees during a Protiviti-led panel discussion in New York on Feb. 12.
The 13th edition of the annual report asked 1,215 global board members and C-suite execs to rank 32 near-term and long-term risks.
The survey, conducted from mid-November to mid-December 2024, revealed the top five near-term risks as:
- Economic conditions, including inflationary pressures
- Cyber threats, and their potential to disrupt and damage core operations and brand
- The ability to retain top talent
- Skill-set availability
- Labor-cost increases
Ever-popular AI—specifically, a potential AI skills gap— landed at number nine, perhaps surprising to some.
Over the years, cyber threats have steadily climbed in importance in execs’s minds and Protiviti’s annual rankings—moving from number 15 two years ago to number three in 2024.
Down and out. In recent months, companies have dealt with the consequences of downtime.
- A cyberattack on CDK Global that led to a reported three-week system outage cost the dealership software provider $1.02 billion, according to Anderson Economic Group.
- A faulty CrowdStrike update in summer 2024 led to disruptions like delayed flights and canceled surgeries.
- A third-party outage reportedly kept Capital One customers from accessing services like payment processing.
Top insights for IT pros
From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.
“Third-party risk” ranked number 7 in Protiviti’s latest poll.
According to data released in June 2024 by cybersecurity company Splunk, downtime costs an average of up to $540,000 per hour, thanks to factors like expensive war rooms and delayed time to market.
Preparation. “Quantum Dawn” simulation exercises, conducted by the Securities Industry and Financial Markets Association, present global financial institutions with an outage to work through. The 2023’s test simulated a data disruption at a fictional cloud-based third party.
Following the Protiviti presentation, Retrum told IT Brew he is seeing “more and more requests for senior leaders and even the board” to engage in tabletop, simulation-style exercises.
To prevent downtime, Retrum advises companies to understand the “critical path” of their core business services, including the infrastructure technologies, third-party vendors, and cloud-based tools supporting those services, “even the data provider that has a small contract with you, but provides a very critical component to that service.”
When Retrum consults organizations, he said, he frequently focuses on specific outcomes—data loss, service downtime—rather than inciting events, which are difficult to predict. He works with teams to determine key decision-makers when those outcomes occur.
“It’s less about the preventative,” he said during the panel. “So, how do you create a framework to quickly respond and recover and minimize the damage to whatever cyber event might occur?”