The move to digital technology creates an immense amount of opportunity for companies in areas like IoT, customer engagement management, and business analytics.

It also creates new risks that those companies will have to learn to address– and quickly.

Recent Gartner research showed that 77% of survey respondents agreed with the statement: “The digital world is creating new types and levels of risk for our business,” and 65% felt that “Investment in risk management practices is not keeping up with new and higher levels of risk.”

“CEOs are right to be concerned,” said Mark Raskino, vice president and Gartner fellow. “As products and services become digital, they add far greater utility for the customer but also far greater power for those dark forces who might usurp digital control. CEOs and CIOs should collaborate to jolt the executive team out of cyber-risk complacency.”

All of this points to 2016 being a year of revised risk management practices for corporate executives.

There are a few ways companies can go about this.

Stress tests

Financial service executives will continue to shock or stress test their loan and investment portfolios for risk due to extreme but plausible events. They will also have to factor in the risks of greater cyber data breaches, fraud, cyber financial losses–and rising insurance premiums for covering those losses.

Corporate communications

Corporate communications are often overlooked in disaster recovery plans. If a breach occurs, who is responsible for informing customers, stakeholder, and investors? What can the company do to mitigate the damage to its image? And equally important as who should be talking, is who shouldn’t be.

Companies should have a plan in place– strategizing damage control in the middle of a crisis is dangerous in itself.


It’s vital for manufacturers and distributors to ensure that the right people in the organization have the right permissions to access the right data.

It sounds simple, but it can get complicated when dealing with not only every individual in an organization, but individuals at organizations with which the company does business, all over the world.

Otherwise, risks include the theft of intellectual pretty, pricing information, and other data that a company wishes not to disclose, particularly in industries that have moved to cloud-based supply chain management.

These information access clearances should be regularly revisited and updated as needed.

And whatsmore, corporate security analysts should also vet the cloud providers of these supply chain exchanges to ensure that their security governance and technology standards–and the rigor of their business continuation and disaster recovery plans– meet or exceed those of the corporation itself.


Finally, education should be conducted in corporate marketing on how to defend against disparaging and even libelous remarks made about the company and its products over social media.

This is another instance where a company should have a communications plan in place that specifies not only how to respond (if at all), but also which individuals or departments need to be looped in, depending on the severity and reach of the remark.

What does this all portend for risk management?

In 2016, corporate CEOs and other CXO staff will need to broaden their thinking about risk– because new technologies introduce new risks. Loss insurers, likewise, will be revising their policies and coverages.