Risk: See it, share it, sort it

In brief

1. Cyber risk

The pandemic expanded digitization as companies embraced cloud-based services and remote working. This was great for business, and catnip for cybercriminals. PwC’s 2023 Global Digital Trust Insights Survey found that 66% of executives reported an increase in cyber breaches since 2020. How are companies faring? Although more than 70% of respondents said they saw improvements in their organization’s cybersecurity in the preceding year, only about one-third said they’ve fully mitigated the cyber risks associated with increased cloud adoption. A closer look at ten emerging cyber risks—all vital to growth—suggests the never-ending nature of the challenge: about two-thirds of respondents said their companies have at least moderately mitigated the range of cyber risks they face, yet fewer than 3% said they’ve fully mitigated all of them.

Catnip for cybercriminals

In brief

1. Cyber risk

2. Supply chain risk

3. Climate risk

4. Risks don’t care about your silos

By seeing the risks that matter and collaborating across silos, leaders can nimbly manage threats—even as they create value and build trust.



Source: PwC’s 2022 Global Workforce Hopes and Fears Survey

For business leaders, operating in the current risk landscape is a bit like squaring up to a hectic game of whack-a-mole. Economic turbulence here, a supply chain snarl there—look out, it’s a cyberattack! And just like in the old carnival game, the risks that companies face don’t just pop up one at a time, but come in pairs or even groups—like when a localized climate disaster gives rise to disrupted supply chains, or when the war in Ukraine caused a spike in energy prices, which accelerated inflation. What companies need is a new way to view risk, and a new, more collaborative way to identify—and approach—the risks they face. They need to change the game. In this issue of strategy+business, we’ll sketch out that new game, starting with a close-up view of three of the peskiest “moles” that are popping up: cyber risk, supply chain risk, and climate risk. We’ll note where things are going wrong, how they can go better, and how the presence of trust helps ensure positive business outcomes. Then we’ll step back to highlight a methodology that any C-suite team can use to get a better handle on the totality of the risks they face. Hint: it requires focus, collaboration, and a dash of creative tech, as well as the courage to challenge existing mindsets. So put down your trusty risk mallet and let’s change the game: see risk, share it, sort it.

The C-suite should zero in on the plausible risks that could most hurt the company, and customers. It’s time to challenge assumptions.

02

03

01


See risk


02

03

01

02

03

01

In depth

Further reading

We use cookies to make our site work well for you and continually improve it. The cookies that keep the site functioning are always on. We use analytics to help us understand what content is of most interest. For detailed information on how we use cookies and other tracking technologies, please visit our cookies information page. It’s your choice to accept the use of analytics or not by clicking “Accept” or “Decline.”

Accept

Decline

strategy+business logo

©2023 PwC. All rights reserved. PwC refers to the PwC network and/or one or more of its member firms, each of which is a separate legal entity. Please see www.pwc.com/structure for further details. Strategy+business is published by certain member firms of the PwC network. Articles published in strategy+business do not necessarily represent the views of the member firms of the PwC network. Reviews and mentions of publications, products, or services do not constitute endorsement or recommendation for purchase. Mentions of Strategy& refer to the global team of practical strategists that is integrated within the PwC network of firms. For more about Strategy&, see www.strategyand.pwc.com. No reproduction is permitted in whole or part without written permission of PwC. “Strategy+business” is a trademark of PwC. Cookie Policy
Change analytics preferences

We use cookies to make our site work well for you and continually improve it. The cookies that keep the site functioning are always on. We use analytics to help us understand what content is of most interest. For detailed information on how we use cookies and other tracking technologies, please visit our cookies information page. It’s your choice to accept the use of analytics or not by clicking “Accept” or “Decline.”

Accept

Decline

Four-fifths of senior executives in the Global Digital Trust Insights Survey agreed that consistent—and even mandatory—disclosure of cyber incidents is vital to gain stakeholder trust. But fewer than 10% were confident that their company could provide the information that stakeholders want.

The trust factor

Dive deeper: PwC’s 2023 Global Digital Trust Insights Survey

Share

subscribe

strategy+business logo
Portrait illustration of Tanuj Kapilashrami

Portrait by Noli Novak

—Jamil Farshchi, January 2023

Risk culture is assessed through action. If you’re not willing to slow down a digital transformation or delay the release of a product because of a security risk, that suggests that the organization does not have the right kind of culture. Those are the tough trade-offs that demonstrate that the company is willing to put its money where its mouth is in terms of managing risk effectively.”

Learn how the chief information security officer of Equifax approaches building a strong risk culture.

Read the interview

Dive deeper: The smart moves your supply chain needs now

Expect the

2. Supply chain risk

Interlocking crises—everything from raw materials shortages and high inflation to soaring industrial energy costs, rising geopolitical risk, and workers quitting in droves—are hammering global supply chains. And this is only what leaders know they can expect. The obstruction of the Suez Canal by the megaship Ever Given in 2021 (which held up US$9.6 billion in global trade for each of the six days it blocked the channel) reminds leaders how unexpected disruptions can gum up global supply chains. Indeed, 43% of CEOs in PwC’s latest Global CEO Survey said supply chain disruption was likely to impact their industry’s profitability, significantly, in the coming decade. As companies seek to calculate their risk exposures and prepare responses, they often find they need better systems in place—for example, to monitor and measure product content, supply chain financials on a transactional level, and logistics flows. Many companies don’t have any visibility beyond their direct suppliers. Eliminating such massive blind spots could require a full reset. Companies with high-performing supply chains use advanced and emerging technologies, including AI-enabled “control towers”—connected dashboards of data, key business metrics, and events personalized for decision makers across the supply chain. Investments in advanced supply chain capabilities bear fruit in the form of lower costs, increased revenues, improved sustainability, higher asset utilization, better risk management, and more on-time customer delivery.

Supply chains run on data, and high performers invest in data analytics capabilities to do everything from detecting changes in customer preferences to tracking data on sales and consumers at every store and through every channel. But the best supply chains go further, using data to help create a virtuous cycle that benefits the entire business. The diagram at right shows how.

The trust factor

Dive deeper: Accelerating business action on climate change adaptation

Gaining—and keeping—the trust of investors and customers will require comprehensive and transparent climate disclosures. And there’s no sugarcoating the challenge. PwC’s recent Global Investor Survey found that a whopping 87% of investors suspect that corporate ESG disclosures contain some greenwashing. Climate reporting has the potential to be a value-creation lever, even as it helps achieve sustainable outcomes by contributing to better corporate decision-making. But only if that reporting is trusted. Executives should expect more attention and scrutiny—and more chances to get reporting right—as more regulators call for the disclosure of climate risks, the associated financial implications, and the steps that companies are taking to manage them.

The trust factor

The near-term business risk of climate change is growing too large to ignore, as research from the World Economic Forum (WEF) in collaboration with PwC suggests. Their analysis of the 2021 Carbon Disclosure Project surveys of 100 major companies found that the potential financial impact of physical climate risks ranged from US$664 billion to US$772 billion. This could represent as much as 10% of annual sales, and 4% of market value, for those companies. All the more surprising, then, that when it comes to perceptions of climate risk, CEOs appear to consider it less pressing than investors do.

See what investors see

3. Climate risk

BACK TO TOP

BACK TO TOP

BACK TO TOP


Illustration of take on tomorrow logo

Explore the podcast series from strategy+business, which convenes a global community of solvers to tackle the world’s most important problems

Want to hear more?

EXPLORE

Illustration of stacked colored blocks

Check out The Leadership Agenda for more sharp, actionable insights from PwC curated to help global leaders build trust and deliver sustained outcomes

Like what you’ve seen?

EXPLORE

Further reading: Go deeper on risk

Building resilience in a polycrisis world

More issues

Climate threats, supply chain disruptions, cyberattacks—all these risks are increasingly interconnected, popping up simultaneously in places where business leaders may not have thought to look. To respond, executives have to make trust a pillar of their risk management approach. They’ve also got to see risk where it really lurks, zeroing in on the business areas that are most vital. Doing that requires silo-busting collaboration, and a commitment to share risk responsibilities across the organization. Only then can risk get sorted. Because if you hang on to established modes of thinking, you’ll likely be stuck playing a never-ending game of whack-a-mole.*

—Peter Drucker

A business always saws off the limb on which it sits…. Risk is of the essence, and risk making and risk taking constitute the basic function of enterprise.”

In conclusion


Image of diverse coworkers talking

Subscribe

More issues
More from s+b
Podcast
pwc.com

March 2023

Strategy & Business logo

Illustrations by Aad Goudappel

Pause motion

Stop motion

BACK TO TOP

Three hairy risks…

Cyber

Increase in climate- and weather-related disasters, per decade, since the 1990s

Share of CEOs who say supply chain disruption is likely to significantly impact their industry’s profitability in the coming decade

Share of execs who say they’ve experienced an increase in cyber breaches since 2020

Supply chain

Climate

Source: PwC’s 2023 Global Digital Trust Insights Survey

Source: PwC’s 26th Annual Global CEO Survey

Source: IFRC World Disasters Report 2020

…and a new approach to managing them:

Leaders of a housing-management company thought that uninterrupted tenant payments were the key to its resilience and business continuity. A “what if?” exercise revealed that managing third-party service providers mattered more.

All six divisions of a large financial services company had created and stress-tested contingency plans in the event of a payments system meltdown. A mapping exercise helped reveal that the plans were fatally flawed.

Leaders should collectively discuss, debate, and then map the relevant processes, handoffs, and dependencies of the key business areas most at risk. This identifies blind spots.

Share risk

A global manufacturer used an AI-enabled data-collection program to flag spare production capacity and alternative supply routes. When the containership Ever Given plugged the Suez Canal in 2021, the company was ready.

Create real-time dashboards that give human risk assessments a tech-enabled boost.

Sort risk












Tell me more about
(the lack of) trust

In spring 2022, PwC surveyed 52,000 workers across 44 countries and territories. Among the questions were a dozen intended to tease out the degree to which workers feel empowered—or not. The questions covered four areas:

Power up

CLOSE

* No moles—or gophers, shrews, or other insectivores—were harmed in the making of this issue.

Brian Houck
Connected Supply Chain Leader, Principal, PwC US Email

Headshot image of Richard Abadie

Sean Joyce
Global Cybersecurity and Privacy Leader, US Cyber, Risk and Regulatory Leader, Principal, PwC US Email

Headshot image of Emma Cox

Bobbie Ramsden-Knowles
Co-Leader, PwC Global Centre for Crisis and Resilience, Partner, PwC UK Email

Headshot image of Casey Herman

Ashok Varma
Social Sector Advisory Practice Leader, Partner, PwC India Email

Headshot image of Nicole Rottmer

Contact us


Image of diverse coworkers talking

The smart moves your supply chain needs now

Image of diverse coworkers talking

PwC’s Global Investor Survey 2022

Image of diverse coworkers talking

Risk and resilience

Image of diverse coworkers talking

India’s Drought Risk Threatens Farmland the Size of Italy

Image of diverse coworkers talking

PwC’s 2023 Global Digital Trust Insights Survey

A bar chart showing that CEOs’ assessment of climate risk is less severe than investors’, over both the next 12 months and the next five years



Ever Given

Gaining privileged insights may become one of the supply chain’s most important capabilities. The better the insights, the more the organization can increase its value for customers. The more it improves the value propositions, the more trust it can generate by delivering on promises and the more customers will engage. The more customers engage and trust the company, the more the company remains connected with and relevant to them—regardless of global shocks and market shifts.







A 3-part virtuous cycle diagram shows how more relevant products create more consumer demand; more consumer demand feeds more data into supply chain models, and more data informs more relevant products and customer experiences and a smarter global footprint



BACK TO TOP


Dive deeper: Building resilience in a polycrisis world

Show me more about risk culture

Crises associated with cyber, supply chain, and climate risk may pop up at any time, but they aren’t likely to be one-off challenges—individual “moles” to whack into submission. Risks are interrelated and complex. Think of how the war in Ukraine forced up energy and commodity prices, which in turn accelerated wage and price inflation. Similarly, cybercriminals are often state actors pursuing a shadowy blend of geopolitical, economic, and old-fashioned illicit goals. Given the complexity involved, it’s therefore a big risk (ahem) to approach the challenge as many C-suite teams habitually do: as a silo-based exercise that treats each business unit’s risk profile as separate. Risks don’t care about your silos. Instead, leaders need to stop playing the old game and commit to a new one that rewards taking a more panoramic view of risk.

Three plays to change the game

4. Risks don’t care about your silos

Stop motion












Watch: Andrew McPherson, Global Risk Markets Leader, PwC Australia, on setting a risk appetite and appropriate risk culture
Read transcript

In spring 2022, PwC surveyed 52,000 workers across 44 countries and territories. Among the questions were a dozen intended to tease out the degree to which workers feel empowered—or not. The questions covered four areas:

Power up

CLOSE


read transcript

Video transcript

Most organisations have adjusted their risk settings, but they’re facing some challenges getting their people and culture to move with them. Risk appetites are a key tool to use to help everyone in the organisation understand where they’re able to take more risk in pursuit of opportunity. And a strong risk culture plays a very key role in leveraging the upside risks in an agile manner and protecting you from the down. PwC’s Global Risk Survey shows that over half of leaders are now moving in this direction. Almost 60 percent have defined their risk appetite and are investing in risk culture.

Andrew McPherson, Global Risk Markets Leader, PwC Australia

CLOSE

Having a broad, shared view helps companies set their risk appetite more appropriately and capture more upside in the risks they take. To get there, senior executives can start by leaving their old mindsets (and mallets) at the door and doing three things.

1. See it: Start with what matters most

Don’t try to anticipate all risks. Look to where plausible risks could materialize and hurt customers—and you—the most. This is a true pan–C-suite exercise that requires candor, trust, transparency, and the courage to challenge assumptions. Idea in action
Leaders at a UK-based housing-management company thought that collecting rents via its app was the key to its business continuity. But C-suite discussions around the question What if? revealed that paying its suppliers promptly mattered more. If the app crashed, rental payments would be late, but the company could withstand that longer than it could live with customer anger caused by disrupted third-party services like heating and repairs.

Get together as a team to discuss, and then map, the relevant processes, handoffs, and dependencies of one of the key business areas you chose. Work together to share information, identifying all the operational complexities and paying special attention to where new tech systems replaced old ones or were patched together through M&A. Idea in action
A large financial services company’s leaders thought their payments processes were resilient. Each of the company’s six divisions had even codified—and stress-tested—contingency plans. Yet they hadn’t shared them with each other. A process-mapping exercise and subsequent management discussion revealed that none of the divisions’ workarounds could scale adequately. During a companywide crisis, the plans would have ensured only about 12 payments a day.

2. Share it: Collaborate to eliminate blind spots

Resilient companies amplify human-powered judgment with a tech-enabled boost. AI-powered dashboards help executives track vital dependent operations and flag danger signs—all of which helps prioritize smart action. Idea in action
A global manufacturer mapped the processes underpinning a key revenue stream—everything from the staff and tech systems to the end-to-end supply chain for parts. Using an AI data-collection program, the company created a dashboard of all the relevant dependencies to help spot spare production capacity and secure alternative supply routes should the primary ones fail. And fail they did. When the Ever Given bottled up the Suez Canal in 2021, the manufacturer quickly diverted ships and adjusted its supply chain to maintain uninterrupted deliveries.

3. Sort it: Turbocharge with tech

66%

43%

35%

Illustration of a mole in computer pixel form
Illustration of a mole in constrution gear
Illustration of a mole surrounded by rain clouds and lightning
Illustration of female colleague looking through binoculars
Illustration of man with speech bubbles with moles in each
Illustration of woman holding a pie chart wheel with mole inside
Illustration of a mole chewing through a line
Illustration of a mole reading a book wearing glasses



Illustration of a machine with many levels of workers
































BACK TO TOP

BACK TO TOP

BACK TO TOP

BACK TO TOP

Subscribe

March 2023

More from s+b

Podcast

Subscribe

Share

pwc.com

More issues

Strategy & Business logo

When undertaking systemic change or facing uncertainty, remember: your employees aren’t just along for the ride—they’re the engine of transformation.

We use cookies to make our site work well for you and continually improve it. The cookies that keep the site functioning are always on. We use analytics to help us understand what content is of most interest. For detailed information on how we use cookies and other tracking technologies, please visit our cookies information page. It’s your choice to accept the use of analytics or not by clicking “Accept” or “Decline.”

Accept

Decline

In brief

In brief

Cyber risk

Supply chain risk

Climate risk

Risk silos

strategy+business logo

©2023 PwC. All rights reserved. PwC refers to the PwC network and/or one or more of its member firms, each of which is a separate legal entity. Please see www.pwc.com/structure for further details. Strategy+business is published by certain member firms of the PwC network. Articles published in strategy+business do not necessarily represent the views of the member firms of the PwC network. Reviews and mentions of publications, products, or services do not constitute endorsement or recommendation for purchase. Mentions of Strategy& refer to the global team of practical strategists that is integrated within the PwC network of firms. For more about Strategy&, see www.strategyand.pwc.com. No reproduction is permitted in whole or part without written permission of PwC. “Strategy+business” is a trademark of PwC. Cookie Policy
Change analytics preferences

We use cookies to make our site work well for you and continually improve it. The cookies that keep the site functioning are always on. We use analytics to help us understand what content is of most interest. For detailed information on how we use cookies and other tracking technologies, please visit our cookies information page. It’s your choice to accept the use of analytics or not by clicking “Accept” or “Decline.”

Accept

Decline

Illustration of take on tomorrow logo

Explore the podcast series from strategy+business, which convenes a global community of solvers to tackle the world’s most important problems

Like what you’ve heard?

EXPLORE

Illustration of stacked colored blocks

Check out The Leadership Agenda for more sharp, actionable insights from PwC curated to help global leaders build trust and deliver sustained outcomes

Like what you’ve seen?

EXPLORE

In brief

In brief

BACK TO TOP






































cyber risks they face, yet fewer than 3% said they’ve fully mitigated all of them.

mouth is in terms of managing risk effectively.”

Image of diverse coworkers talking
Image of diverse coworkers talking

In brief

Cyber risk

Supply chain risk

Climate risk

Risk silos

In brief

Cyber risk

Supply chain risk

Climate risk

Risk silos

In brief

Cyber risk

Supply chain risk

Climate risk

Risk silos

In brief

Cyber risk

Supply chain risk

Climate risk

Risk silos

Comments

Leave a Reply

Skip to toolbar