Even under normal circumstances, CEOs have a tough job.
When a data breach or other privacy incident disrupts business-as-usual, chief executives are forced to survey the damage and answer to customers, investors, and critics—all of whom are rightfully angry that the incident happened in the first place.
No matter the size, industry, or type of business, few companies can escape the reality that they possess information that’s attractive to cyber criminals. This is the new normal.
Bottom line: CEOs are aware of the risks their companies face. 88% think Enterprise Risk Management is Very or Extremely Important. Unfortunately, CEOs also see a sizeable gap between the strategic importance of Enterprise Risk and the ability of their companies to manage it effectively. Just 44% of CEOs surveyed believe their ERM program is Extremely Effective.
Given Enterprise Risk’s status as a top priority among executives, it’s no surprise that they report a high level of involvement their ERM programs. CEOs at companies large and small not only involve themselves personally with their ERM programs, they also delegate the day-to-day responsibility to direct reports and check in with their lieutenants regularly. Further, they actively keep the lines of communication with the board open and regularly apprise its members of the company’s risk posture.
According to the report, just over half of CEOs (52%) are Extremely Involved in their organization’s ERM strategy or program while another 32% are Very Involved. Most CEOs (61%) meet with their ERM leader at least weekly. Meetings tend to be more frequent at larger companies.
Still, about 2 in 3 CEOs (66%) want even more involvement in their organization’s ERM strategy or program. The desire for more involvement is even stronger among CEOs of larger firms, again most likely attributable to the perceived risk to brand and reputation.
Interestingly, CEOs at larger firms report much stronger involvement, likely owing to the more robust nature of ERM programs at larger companies and the worse fallout from reputation damage to large, renowned brands.
Looking for Improvement
Given the daily threat, CEOs are on the hunt for better ways to manage their enterprise risks. ERM programs are complex, the consequences of failure are dire, and chief executives are hoping for some relief.
One respondent wished “there was a system that would minimize work hours” while another wants “a larger dedicated team corporate-wide.” At least one CEO wants more information, saying “I would like much more details. I do not like to get blindsided by events.”
The most common ask was for simplicity. Survey respondents voiced desire for easier to understand, more streamlined processes that wouldn’t compromise effectiveness.
Given all that’s on the line, let’s hope they get it.
Curious to learn more? Download Enterprise Risk and the Modern Organization: A View from the Top by clicking here.