The 5 Top Risks You Could Face in 2018


From our March 2018 Newsletter

If it seems like the number of risks facing corporations is increasing every year, it’s because they are. As our world becomes increasingly complex, fast-paced, interconnected, and uncertain, the number of risks continue to grow, and in many cases, the magnitude of potential loss continues to increase. Risk management is no longer the domain of a selected subset of an organization; it has become an integral part of all facets of a business and a responsibility shared by everyone.

A number of highly reputable sources have compiled their views on the most common and critical risk areas for 2018. Considering these diverse perspectives, below are 5 top risks most large organizations are expected to experience and work to prevent this year. It’s worth noting that the majority of the most frequently reported risks represent operational concerns, shining a light on the importance of fully understanding what's happening on your front lines and at the edges of your organization.


Regulatory & Compliance

2018 is expected to be quite a year for regulation. According to Thomson Reuters, “With regulatory demand at an all-time high in 2018, a holistic approach to compliance becomes a ‘must do’ rather than a ‘nice to have’.” As several regulations such as EU Benchmarks Regulation, MiFID II, FRTB, GDPR, and PRIIPs came/come into force this year, it is crucial that organizations adapt a proactive GRC approach before it is too late.

Read how one of the world’s largest financial services companies implemented an innovative approach to their Risk and Control Self Assessments (RCSA) to transform their 6-month process into 6-weeks, enabling a more agile identification and review of risks, and instilling confidence that they are proactively keeping a handle on new and changing compliance & regulations.


Extended ERM | Third-Party Risk

As the use of third-party vendors continues to increase exponentially (from outsourcing software to customer support, to core functions), organizations are prone to financial/reputational, legal & regulatory, and operational risks from their vendors. 87% of respondents of Deloitte’s 2016 Global Survey on Third Party Governance and Risk Management, have experienced an incident with a third party that disrupted their operations, and 11% have experienced a complete failure in their vendor relationship. These figures demonstrate the clear, growing need to assess risk exposure through your vendors and suppliers, and mitigate your third-party risk.



Per the World Economic Forum’s latest Global Risks Report, cybersecurity attacks against businesses have almost doubled in five years. With a global shift towards digitization, preparedness to protect firms from Distributed Denial of Service (DDoS) attacks and data breaches has never been this high. Deloitte’s Global risk management survey (10th edition) revealed that 58% of the respondents do not consider their institution to be very effective in managing cybersecurity risk. Companies should focus on developing a comprehensive cyber risk management program that addresses how management will keep up with the evolving threats, their impact on the business, and a response plan to instill confidence in their stakeholders, employees, and customers. 


Attracting and Retaining Top Talent

Many leaders contend (and we agree!) that people are their most valuable asset and competitive advantage. With a chronic shortage of talent and 1 in 3 employees (despite being satisfied with their role) planning to leave within their next 12 months, employee retention risk is critical to watch for in the near future (Mercer). Given the strong correlation between employee engagement and retention risk make sure you are measuring your employees’ engagement with their roles, and understanding and addressing their attitudes and needs.



Seeking competitive advantage, more and more companies are using digital technologies to change their business models. While Cybersecurity risk may deter organizations from digitalization, they are at a risk of losing the very competitive advantage it offers: revenue, user experience, and value-add. In a digital-risk era, with a test-and-learn culture, and flexible, agile ways of working in place, risk personnel will be able to continually develop new digital risk technologies and be flexible enough to deal with new customer trends and unforeseen regulatory requirements (McKinsey).

Discover how a global food & beverage company digitized their annual company-wide Risk Assessment and as a result was able to engage over 250 leaders in the process, across 50 countries, and complete their assessment within budget and in record time!


If any of the above risk themes are not already on your, and each and every one of your colleagues' radar, they should be - they're on the minds of your clients, regulators, partners, vendors, competitors.

Whether working as a consultant or within an enterprise, what underpins every area of Risk Management is the ability of every employee and stakeholder to make high quality decisions when it comes to identification, evaluation, and mitigation strategies. Effective risk management is all about making high-quality decisions and without a high-quality decision-making process, organizations will continue to struggle.


Decision Model Spotlight

We handpicked these 3 decision models to help you make better quality decisions related to risk management this year:

ISO 31000: A Risk Management Framework: Design and develop a risk management framework for your organization in accordance with the international standards laid out in ISO 31000.

Third-Party Risk Assessment: Third-Party Risk Assessment model is a transparent and collaborative model that makes it easier for the organization to identify vendors and the risks associated with each of those vendors.

Risk Identification & Assessment: The risk identification and assessment process is a critical part of effectively managing risks or events as part of an organization’s operational risk.


Related News

5 essential steps to identify and mitigate third-party risk

8 cybersecurity trends to watch out for in 2018

WEF’s Global Risks 2018 report

If you don’t invest in risk management, it doesn’t matter what business you’re in, it’s a risky business.
— Gary Cohn