Most Americans know they should eat better and exercise regularly, but few of us put such knowledge into practice. Similarly, a new survey shows an overwhelming majority (96 percent) of CEOs and board members understand their companies are likely to face significant threats to growth in the next two to three years, yet few have done much to counter such risks or approached them strategically.
Deloitte commissioned "Illuminating a path forward on strategic risk" to gauge the attitudes of CEOs and board members at companies with $1 billion or more in annual revenue about threats that pose the most risk to growth in the next two-three years. The 400 executives (200 CEOs, 200 board members) surveyed in a new Deloitte report “are risk-aware but not adequately risk-prepared," says Chuck Saia, CEO of Deloitte’s risk and financial advisory unit.
The survey finds the top risk to growth is disruptive technologies and innovations (35 percent). Cyber incidents and events follow at 27 percent, while third risk is working with third-party vendors and key business partners (26 percent). Risks from an erosion in brand trust or reputation (24 percent) and a weak or unhealthy organizational culture (20 percent) bring up the rear.
Technology and Cyber Dominate
As you can see, more than half the CEOs and board members believe disruptive technology and cyber are the major risks against growth. This concentration on technology and cyber, Deloitte says, may be overshadowing cultural and brand reputation risks on leadership agendas. It is striking, of course, that this is so despite at least 19 U.S. CEOs and 22 board members having had to resign/step down amid scandals and ethical issues this year.
Moreover, there's an interconnectedness between risks that organizations may be missing, says Deloitte. For example, a cyberattack is not only a cyber issue, but can lead to erosion in brand trust and reputation.
Speaking of cyber—despite its high spot on the risk list, it's faring poorly in terms of strategic preparation. Just 30 percent of CEOs and board members say they are "highly engaged" in developing a cyber response strategy and governance. In addition, the study finds just 30 percent of CEOs and 21 percent of board members are conducting scenario planning for cyber incidents.
Reputation Getting Short Shrift?
While risk in general is something the executives think about and discuss, brand reputation seems to be in need of specific attention.
Fewer than half of CEOs (42 percent) and roughly 50 percent of board members discussed reputation risks during the past year, Deloitte says. Also troubling, roughly the same percentage (53 percent of CEOs and 46 percent of board members) are unable to identify things that can damage brand reputation. Not surprisingly, more than 50 percent of organizations lack a plan to develop or acquire tools to manage reputational risks, including crisis-response capabilities.
This last finding tracks with an earlier PR News-Nasdaq PR Services survey, which found roughly half of companies plan for PR crises. Even fewer (roughly 40%) conduct meaningful and regular crisis communication exercises.
In addition to brand reputation, corporate culture also seems to be lacking for attention, the Deloitte survey finds. Fewer than 33 percent of organizations provide regular reports at the CEO and board level on culture.
The survey also examines a company's risk in working with partners or vendors. You might recall the brand reputation hit that Walmart absorbed in July 2017, when a vendor posted a wig on the retailer's site with a racial slur attached to it. Walmart is far from alone, the Deloitte survey indicates: more than 50 percent of organizations lack a plan to establish formal risk-monitoring standards for the third parties they work with. Most of the CEOs (62 percent) acknowledge that third parties have weaker risk policies than their own, though.
In conclusion, Deloitte urges companies to be strategic about managing strategic risks. "Our survey results demonstrated that many organizations are not truly embracing this approach," it says. "An enterprise-wide strategic approach to risk management recognizes the danger these risks pose to the execution of strategy and achievement of goals." A strategic plan to counter risks, meanwhile, includes applying technology correctly, monitoring and measuring risks, planning for crises and incidents and keeping risk awareness on the leadership agenda.
Seth Arenstein is editor of PR News. Follow him: @skarenstein