2017 review from a risk management viewpoint
What a year it’s been. As a compliance or risk professional, you were a witness to 2017 highlights like one of the worst data breaches to date, GDPR, multiple cases of sexual misconduct, a record year for natural disasters, and regulatory uncertainty. Through it all, you’re still standing. Here’s why. Behind every resilient organization are hard-working, dedicated individuals like you. That too is highlight-worthy.
Let’s review the good, the bad, and the ugly for 2017.
While miscues and foibles captured the headlines in 2017, we’d be remiss if we didn’t highlight something good–the silent majority of doers, delegators, and decision-makers. Each of you has a vital role in complying with regulations, managing all types of risk, and governing your organizations. The following deserve a special shoutout:
- Data breach first responders
You’re on the front lines, and we, the company, depend on you.
- Newbie compliance professional
For starting your career experiencing what Compliance Week’s Bill Coffin called “legislative limbo”.
- GDPR champion
Your tireless efforts on data privacy and protection will be rewarded.
- Risk data analyst
Your ability to separate the wheat from the chaff is amazing.
- Visionary executive
Where others saw risk, you saw opportunity.
To anyone who’s helped avoid an incident, automate a process, or streamline a task this year, your efforts were noticed and appreciated. Congrats!
Bad things just have a way of happening. That was certainly true in 2017–another banner year for data breaches that hit every sector. Ransomware took center stage with WannaCry and helped popularize bitcoin.
The EU’s General Data Protection Regulation takes effect on May 25, 2018, and nary a week goes by without a GDPR webinar. Still, despite all the publicity and dire warnings, it’s like we rolled over and hit the snooze button. According to Forrester’s 2018 Predictions, 50 percent of firms will intentionally not comply with GDPR; the other half will try but fail. Eager to act? Start here.
2017 has been a reminder that natural disasters impact business operations. From the 500-year flood that hit Houston and Hurricane Maria that disrupted the medical supply chain in Puerto Rico to the recent California wildfires, we were reminded of the destructive power of Mother Nature. From a risk management perspective, the year’s 10 hurricanes and 17 tropical storms are a good reason to review and update your business continuity and disaster recovery (BC/DR) plans.
The Trump administration’s focus on deregulation has mainly resulted in repealing or delaying rules and guidance. Here’s a site with an interactive tool for tracking deregulation in the Trump era. Regulatory change adds risk of noncompliance. For compliance departments, the challenge is to remain agile during regulatory uncertainty.
From good to bad, we also sunk to ugly depths in 2017. The consumer credit reporting data breach earlier this year shook the Earth in its scope and type of data. John Wheeler, a research director for Integrated Risk Management at Gartner, labeled the breach as “the end of cybersecurity as we know it.” Companies have to accept that it’s impossible to prevent 100% of data breaches and focus on mitigating the risk and improving incident response.
In the third and fourth quarter of 2017, the mighty and powerful in entertainment, media, politics and more stand accused of sexual misconduct. The impact of #metoo leads us to believe that organizations should, if they haven’t already, institute a whistleblower program, so any employee that witnesses or experiences sexual harassment can report it to HR privately and anonymously. While you’re at it, dust off and update the company’s sexual harassment training program and test learning by every employee.
A risk-filled 2017
From a risk perspective, 2017 has been a year of good, bad, and ugly. What’s been good is the steadfast resolve of compliance and risk professionals to excel at their jobs. The bad has been shockingly bad. Data breaches, GDPR, natural disasters, and movement toward deregulation have demanded that we prove our mettle time and again. The major consumer data breach was grotesque in size and continues to deliver shock waves like the 50-state class action lawsuit. #metoo has brought the issue of sexual misconduct to the forefront.
What a year 2017 has been.
What will 2018 bring? Register for our 2018 GRC Predictions webinar on December 14.
Learn some practical steps to getting in control of PCI compliance.
Learn about NERC’s record fine, the causes and what can be done to prevent it with a healthy compliance management program.
March 1, 2019 is the deadline for covered entities to comply with the final phase of 23 NYCRR 500. Is your organization ready?