GRC Tuesdays: What Risks to Look Out for in 2022?

I know that 2022 is now already well and truly under way and that I usually release the “What’s New in the Risk Landscape” blog much earlier but, as they say: better late than never, right?

Since these top risks categories don’t apply strictly from January 1st and cease to exist on December 31st, I thought it would still be a good exercise this year to consolidate again the risks from various reports and try to identify trends of what drive most risk exposure for organizations.

Comparing 2021 to 2022

In order to provide the same baseline and comparability with last year’s GRC Tuesdays: New Risk Priorities, I have combined information from different reports and assigned them to the same risk categories – with all sources mentioned in the footnote. And there are actually some interesting trends!

Reminder of the state of Top 5 Risk Categories as per Businesses and Communities in 2021:

Comparing with 2022, some new categories have made their way in the top 5:

Economic conditions with debt crisis, energy prices, changing market context is of course still a major concern for most organizations and there is little chance that this category would disappear from the top 5 anytime soon.

It’s also not surprising to see that Geopolitics is back on this shortlist. Political tensions across the globe, but also rising protectionism mechanisms and imminent elections in major countries all contribute to this category and explain its ranking in 2022.

Similarly, Disaster and crisis – which includes Pandemic & Infectious diseases outbreaks (including continued COVID-19 disturbances), but also Extreme weather and Natural catastrophes for instance will most likely remain a high priority for most companies as it was last year.

What is a more recent trend though, is a sub category in Information Technology relating to Digital inequality.

Many reports highlight the increasing gap between digital ready companies and those still lagging. The pandemic and associated requirement to go digital further increased this tendency and it seems to have created a split between companies on different readiness states, providing a competitive advantage to those who can shift their processes and people rapidly if required.

But some reports also highlight another negative trend associated here: digital inequality amongst employees. Here, some might categorise this as still Information Technology, but others might assign it to HR & Talent Management. Regardless, there is a growing separation between digitally literate employees and others that are being left behind, specifically during periods of remote work. And this will also impact the overall weight of the HR & Talent Management category.

Other selected rising risk topics for 2022

There are of course more categories that have been mentioned in the reports than the 5 summarized above.

Interestingly, we continue to see a sustained trend to distinguish Cybersecurity concerns from the wider Information Technology bucket. As a matter of fact, many analysts have created a dedicated report relating to cyber risks (or cyber vulnerabilities) in 2022 with an increased focus – as expected – on Ransomware.

Supply Chain Disruptions is also still very high on the risk agenda. But the root cause is changing compared to previous years. Whereas COVID-19 related concerns drove most of the supply chain disruptions in 2019 and 2021, survey results seem to indicate that geopolitical motives are now the emerging roadblock here.

I mentioned earlier the HR & Talent Management category in relations to digital inequality. But this is not the only source for this risk. Psychological safety is also being highlighted as one of the main issues – and this goes beyond workplace bullying and harassment and impacts Talent retention, Succession challenges and Talent acquisition.

Research continuously shows that teams monitoring and managing closely the Psychological safety levels of their members tend to consistently outperform other teams. When employees feel comfortable asking for help, sharing suggestions informally, or challenging the status quo without fear of negative social consequences, organizations are more likely to thrive. The very same also applies to the opposite situation: companies where leaders do not demonstrate the positive behaviours tend to have lower retention rates and also more difficulties in attracting top talents. In a period branded “The Great Resignation” or “The Great Burnout” due to the unprecedented rates of individuals leaving their jobs voluntarily, this is clearly a risk that can’t be ignored.

What about the (not so distant) future?

Of course, I don’t have a crystal ball so I can’t predict what the future holds, but there are 3 risk categories singled out by the World Economic Forum in its Global Risks Report 2022 that I think are worth keeping an eye on:

* Artificial Intelligence: this is as much perceived as an opportunity as a risk by many organizations – it was already mostly included in the “Information Technology” category;

* Cross-Border Cyberattacks and Misinformation: as other specialists, WEF mentions the increased number of cyber-attacks – including ones driven by cybercrime or complicit states, but it then also highlights the impact on digital safety overall with alternative motivations resulting in health misinformation or distrust about climate science as an area where the “current state of risk mitigation efforts fall short of the challenge”;

* Space Exploitation: this topic had been somewhat falling out of favour in the 1990s and early 2000s and only remained of major interest to Sci-Fi authors. But we’re now seeing more and more state-sponsored programs to reopen exploration of the Moon or of asteroids. Combined with the fact that private companies are developing space exploration capacities and that a legislative framework agreement will be very complex to achieve, it is likely that this risk would rise in importance over the next few years – especially in industries related to aerospace and defense, but also in the mining or energy sectors.

What about you, what are the hot topics for your organization in 2022? I look forward to reading your thoughts and comments either on this blog or on Twitter @TFrenehard

Sources

There are many risk reports available, but I have listed below the ones that I used for this blog.

If there are others you think I missed, feel free to add them in the comments as I’d love to have even more material for next year.