Companies implementing disruptive technology too often underprepared
A new report from consultants Marsh has found that disruptive technology risk assessment at many companies remains inadequate, as companies face unforeseen disruption to their business model. New technologies have the potential to completely redefine markets, however, committees built to assess potential pit-falls in the implementation of these advances are present in less than 50% of companies surveyed.
Acceleration in technical advances, entrepreneurship, slow moving risks adverse corporate culture and changing behaviour among consumers are creating an environment in which a disruptive idea is capable of quickly upending the offering, proposition and market of incumbents. The risk for current players appears to be accelerating – the length of time a company survives on the S&P 500 has fallen to 18 years.
As the risk of disruption appears to be increasing, the need to create a strategy to identify possible risks early as well as the right responding strategy is of growing importance. In the new ‘Ready Or Not, Disruption Is Here’ report, Marsh Risk Consulting considered current trends around risk related to disruptive potential faced by incumbents across industries.
According to the paper by the professional services group, the use of potentially disruptive technologies varied considerably across companies surveyed. 24% of respondents said that they did not plan to use any disruptive technologies, while 46% stated that they plan to use one to three disruptive technologies. 31% of respondents announced they would implementing high levels of perceived disruptive change, with 9% going so far as to plan the use of more than six such technical innovations.
Researchers also prompted respondents to consider the barriers affecting organisations to understand the impact of disruptive technology risks on their business strategy and decision making. The top reason cited was an inability to model the magnitude of the risk, cited by 31% of respondents, followed by other areas of the business having greater priority, also polling at 31%. Around a third of respondents cited a general lack of awareness of key risk management concepts, at 27% of respondents, and a lack of cross-organisational collaboration, also at 27% of respondents.
The areas cited as creating the least barriers include a lack of senior management commitment, at 12% of respondents, and attracting and retaining talent with the right skill sets, also at 12% of respondents.
The range of barriers, according to the study, means that many of the respondents have not conducted risk assessments to more deeply understand the risk associated with disruptive technologies.
A range of such risks have arisen, from regulatory changes in line with the need to protect consumers’ data, to the development of a plethora of new devices to mount a range of cyber-attacks – as witnessed during May’s global WannaCry ransomware incident, which hit the UK’s National Health Service among other major entities. In many instances companies find themselves at risk without clear understanding of said risks, as part of efforts to push through digitalisation transformations or as part of their changing value chains.
In total, 55% of respondents said that their organisation has not completed a risks assessment of the changes in their business environment – with particularly C-suite executives said to be in the dark (80%) compared to risk professionals (51%).
The respondents were also asked to identify what they believe to be the main risk management challenges facing their organisation in relation to disruptive technologies. The top most cited challenge, which has received considerable media attention in recent years, is the establishment of effective cybersecurity, cited by 46% of respondents. The evaluation of consequences for an organisation comes second, cited by 32% of respondents. Other areas noted by respondents as key challenges are evaluating consequences to external stakeholders, 27%, upgrading IT infrastructure, 27% and developing appropriate metrics to evaluate, 21%.
The areas cited as the least challenging are the management of physical risks, 6%, the making sure the board/leaders are aware of the and driving the changes, cited by 13%, and understanding connectivity between risks, cited by 15% of respondents.
To better prepare for these potential pitfalls, companies have in the past set up cross-functional risk committees, which worked to identify internal and external risks from a range of sources. In the latest survey however, 48% of organisations report the existence of such a committee, which in last year’s survey stood at 52%. Five years ago, 62% of organisations reported such a committee – suggesting a worrying trend for complacency has since set in.
Attitudes amongst companies surveyed regarding these falling committee numbers vary considerably. While 41% of respondents that lacks a committee feels that their organisation should have one, 32% of organisations say that they choose to discuss risks on a more informal basis, while 14% report that their company is too small. 9% do not believe they need one at all, while 5% say that they had such a committee but that it was disbanded.
Of organisations that had established and maintained a committee for risk assessment meanwhile, respondents noted a variety of management techniques that their organisation used to assess and model disruptive technology risks.
The top most employed technique listed was to check industry risk studies against organisational practice, cited by 51% of respondents, while a further 36% say that use analysis developed by third parities. Regulatory research and technology trend evaluation were cited by 36% and 35% of respondents respectively as their means of assessing risk.