What keeps CEOs Up At Night?

What can CSOs learn from a CEO’s perspective on risk?

To get a 20,000-foot CEO view of global risk, the Lloyd’s Risk Index provides a good lens. This year’s global survey polled 588 C-Suite and board level executives from both larger and smaller businesses (mostly smaller) and included a broad, global participation base.

Exciting (as much as insurance can be considered so) is that the survey asked about 50 risks across five categories, including security:

Business and strategic risk.
Economic, regulatory and market risk.
Political, crime and security risk.
Environmental and health risk.
Natural hazard risk.

More exciting…the survey also asked, “How prepared are you to manage these risks” and then had the respondents prioritize them.

While there are many textbooks on the best ways to identify, manage and mitigate risks, knowing what the boss is thinking provides valuable insider information. When asked the question “Are you better prepared to manage business risks than two years ago?,” 45 percent of respondents indicated their organization is more prepared now than in 2011. But in 2011, 70 percent of respondents indicated they were more prepared than in 2009. And 6 percent say they are less prepared, which is double the 2011 level of 3 percent.

One reason for this result, according to the survey, is what Lloyd’s refers to as “a clear divide” of risk management between larger and smaller enterprises, as well as enterprises that operate in established versus emerging economies. The study concludes:

Larger companies in faster growing markets are following the evolution of their peers in established markets, recognising the heightened priority of business risks and their relative lack of preparedness to deal with them. Larger companies in established markets are moving increasingly towards a ‘more prepared than prioritised’ position. They have recognised their vulnerability to risk, made it a greater priority and invested in more comprehensive risk transfer (insurance) and risk management (mitigation) measures.

The survey also offers a historical perspective. Specifically, the graphic summary of 2013 versus 2011 results is informative. Examples of changes in risk priorities include the decline in concern over talent shortages and brand reputation, while cyber crime has soared toward the top of concerns. Regulatory compliance has risen, as well.

These results are in line with the Security 500 Benchmark report that has also witnessed an increase in cyber security and regulatory concerns as perennial top 10 issues among the reasons that CSOs lose sleep. Similarly, talent management and brand reputation have slipped in both survey results.

Because the survey is global, you can gain a regional perspective on business risks. For example, cyber security ranked second in North America and fourth in Latin America. Fraud/Corruption ranked fifth in Latin America. Only strict legislation/regulation ranked as a top five business risk in Europe, which did not include cyber. In the Asia-Pacific region, none of the top five risks were related to security or crime.

As we close out the 2013 Security 500 Survey and anticipate the Security 500 report, due out on November 1st, the Lloyd's Risk Index offers a different strategic view.

Securitywill donate $.50 to the National Law Enforcement Officers Memorial Fund for every renewal/new subscription from our Summer of 2013 Renewathon. www.SecurityMagazine.com/2013renewathon

ON DEMAND: Business-impacting events such as severe weather, man-made disasters, and supply chain disruption are increasing in frequency and making impacts around the globe.

In today's rapidly evolving security landscape, organizations face an ever-growing array of disruptive events, security threats and risks. Traditional reactive approaches to security intelligence often leave businesses vulnerable and ill-prepared to anticipate and mitigate emerging threats that could impact the safety of their people, facilities or operations.