Risk in 2024: 7 steps to calmly navigating the chaos
In a 2023 trends piece on company risk, we referenced a popular movie as a theme: “Everything Everywhere All at Once.” Looking ahead to 2024, we’re seeing an even more action-packed sequel on the horizon. You could call it “yet more to keep track of, even faster, because you don’t have enough on your plate already.”
With demands and expectations continuing to grow around ESG, activism, cybersecurity, supply chains, plus the ubiquitous AI, yesterday’s perfect storm of risks is ramping up into a category 5 maelstrom. To safely navigate it, you’ll need quick reflexes, a steady hand and a centralized, 360-degree view across your organization. Here are seven tips for achieving all of the above, so you can move from chaos to calm in the year ahead.
1. ESG is here to stay and impacts your risk.
ESG regulations have increased 155% in the last decade. And there’s even more ahead, with the SEC’s proposed rule that would mandate sustainability disclosures for public companies. If you’re addressing these requirements one by one and starting from scratch each time a new regulation is passed, Verdantix CEO David Metcalfe has a warning:
“For the next couple of years, even the organizations that say they want to do the minimum are going to experience death by a thousand cuts as they try to comply with each new regulation as it comes out,” Metcalfe said at Diligent’s recent user conference.
It’s time to find a fresh approach — like establishing an ESG framework that builds on past efforts and streamlines the process — so you have a foundation for complying with new regulations as they arise.
2. Cybersecurity finally gets its day in the sun.
Do you have a written description of your organization’s processes for identifying and managing materials risks from cyberthreats? If an incident happens and is considered material, are you ready to provide appropriate notification? Under the SEC’s new rules on cybersecurity disclosures, you’ll soon need to. Going into effect December 2023, these mandates are easier to meet when governance, risk, compliance and cybersecurity are working together. At Diligent’s 2023 user conference, Renee Wynn, Former CIO, NASA and Deputy CIO, EPA, emphasized the critical nature of cybersecurity best practices, which will only grow more important as we near 2024:
3. Effective third-party, Scope 3 and cyber risk management requires technology.
It’s impossible to talk about cyber risk without talking about risk across your growing roster of partners and suppliers. More and more, you need to know how they’re safeguarding data and managing threats and vulnerabilities. Their risk is your risk. And cyber is just one of many risks in your extended corporate family. There’s also ESG to consider, especially with increased scrutiny on Scope 3 emissions. And given recent enforcement actions, settlements and deferred prosecution agreements, you’ll need to take compliance with export, sanctions, bribery and anti-money laundering rules extremely seriously.
Just one suspect vendor out of hundreds can put your organization’s reputation, legal standing and bottom line in jeopardy. Spreadsheets spread across siloed departments won’t cut it anymore. Purpose-built technology is the only way organizations will be able to compile and analyze the data they need to stay ahead of these risks.
4. Board reporting and regulations add complexity to risk.
Heightened scrutiny around climate, compensation and capital. SEC rulings and shifts in public sentiment. We saw all of this in the boardroom in 2023, and you can expect even more in 2024. As activism continues, the universal proxy card becomes standard and shareholders demand more — and more detailed — information, don’t be that board that gets caught by surprise.
5. It’s time for innovation, efficiency, clarity and automation.
According to panelists at our user conference, major companies still leverage an average of six risk management platforms, which leaves leaders with a fragmented view of their risks. What’s more, these gaps are risks themselves. Where information falls through the cracks, issues go unnoticed and bad actors can slip through the door. Given today’s complex, high-stakes business environment and the need for enterprise-wide visibility, this is the year your organization needs clarity in your risk platform.
6. Make AI a strategy, not a tool.
AI has officially moved from trend to fact of life, and it will impact risk across your operations: from new ethical and legal vulnerabilities and considerations, to cyberthreats of daunting sophistication and potential destruction. On the flip side, AI offers great potential for transforming the risk management process itself: automating tasks, tightening your monitoring, and analyzing data at a speed and scale beyond human capabilities.
7. This is the year to future-proof your risk program.
In the keynote of Diligent’s recent user conference, CEO Brian Stafford explored the role of purpose in risk management. While threats and trends come and go, your corporate purpose remains constant: delivering shareholder value. A centralized approach to risk will help you keep your eye on this North Star, even as threats evolve and grow more complex.
With such a perspective, you’ll be able to craft a risk strategy that you can easily communicate with shareholders, and that guides you smoothly into a sustainable future — in 2024 and beyond.
Learn more about how the Diligent One platform can help your organization meet 2024’s GRC challenges with purpose-built technology that delivers clarity.
