Risk Roundup 2018 – Year in Review
We’re at year’s end, which is a great time to assess risks covered in Risk Roundup this year and see which portend as trends. Some stood out at first glance while others required gathering evidence for analysis. Collectively, these risks reflect what’s trending and serve as points of emphasis for risk management in 2019.
The year of the data breach
The biggest news of 2018 was the latest data breach. Google’s Google Plus and Marriott in December were the latest in a long line of data breaches impacting every industry in 2018. Many breaches are entirely preventable. It’s clear too that data breaches are not just an IT issue. Security is also a business issue that every department and the board need to collaborate on to address the risk of breach-producing incidents.
Privacy takes center stage
May 25, 2018 is a date many in the world will recall as significant. It’s the enactment date for the European Union’s General Data Protection Regulation, better known as GDPR. As companies struggled with complying with GDPR this year, public awareness of individual privacy grew (see Gartner’s 2019 Trend No. 9: Digital ethics and privacy). Organizations need to review policies in 2019, along with updating controls and processes for managing employees and customers’ personal identifiable data.
Natural disasters have a business impact
The World Economic Forum predicted extreme weather events and natural disasters as the likeliest global risks to happen in 2018. It was an accurate forecast. 2018 featured Hurricane Michael, devasting California fires, winter storms, and the Hawaii island volcano, just to name a few. What’s often less reported is each event’s business impact. The Hawaii volcano hurt the island’s tourist business. Hurricane Michael impacted some 90,000 businesses across 25 counties in Florida. Natural disasters worldwide interrupts supply chains and triggers local business to think disaster recovery.
Surprises and the unexpected
If 2018 taught us anything at Risk Roundup, it’s that to expect surprises and the unexpected. The flu epidemic of 2018 came out of nowhere, and the Romaine lettuce warning was a surprise. What bombshells can we expect in 2019? It’s anybody’s guess, but one area of concern is the electrical grid’s growing use of third parties, resulting in increased supply chain risk. Fortunately, the North American Electric Reliability Corp. (NERC) has released standard CIP-013-1, “Cyber Security—Supply Chain Risk Management” that will go into effect in 2019. Lockpath’s Tony Rock wrote a Power Magazine article on preparing for the new standard.
That’s our roundup of risks for 2018. What a year it was for risk management, both expected and the unexpected. We’ll be back in 2019 to note the major risks as they occur throughout the year.
While the coronavirus has dominated news cycles, other notable events occurred around a number of new rules, regulations and guidance, from California’s data privacy regulation to NIST data privacy framework and SEC guidance on cybersecurity for financial service firms.
We see a trend that would unify compliance and risk management under the same umbrella and help address the new risk landscape. It’s a principled, ethical approach to governance. Good governance guides organizations to do the right thing.
UK banks must now comply with the Senior Managers and Certification Regime, known as SMCR. Learn SMCR’s major requirements, top challenges, and best practices for compliance.