Risk Roundup 2018 – Year in Review
We’re at year’s end, which is a great time to assess risks covered in Risk Roundup this year and see which portend as trends. Some stood out at first glance while others required gathering evidence for analysis. Collectively, these risks reflect what’s trending and serve as points of emphasis for risk management in 2019.
The year of the data breach
The biggest news of 2018 was the latest data breach. Google’s Google Plus and Marriott in December were the latest in a long line of data breaches impacting every industry in 2018. Many breaches are entirely preventable. It’s clear too that data breaches are not just an IT issue. Security is also a business issue that every department and the board need to collaborate on to address the risk of breach-producing incidents.
Privacy takes center stage
May 25, 2018 is a date many in the world will recall as significant. It’s the enactment date for the European Union’s General Data Protection Regulation, better known as GDPR. As companies struggled with complying with GDPR this year, public awareness of individual privacy grew (see Gartner’s 2019 Trend No. 9: Digital ethics and privacy). Organizations need to review policies in 2019, along with updating controls and processes for managing employees and customers’ personal identifiable data.
Natural disasters have a business impact
The World Economic Forum predicted extreme weather events and natural disasters as the likeliest global risks to happen in 2018. It was an accurate forecast. 2018 featured Hurricane Michael, devasting California fires, winter storms, and the Hawaii island volcano, just to name a few. What’s often less reported is each event’s business impact. The Hawaii volcano hurt the island’s tourist business. Hurricane Michael impacted some 90,000 businesses across 25 counties in Florida. Natural disasters worldwide interrupts supply chains and triggers local business to think disaster recovery.
Surprises and the unexpected
If 2018 taught us anything at Risk Roundup, it’s that to expect surprises and the unexpected. The flu epidemic of 2018 came out of nowhere, and the Romaine lettuce warning was a surprise. What bombshells can we expect in 2019? It’s anybody’s guess, but one area of concern is the electrical grid’s growing use of third parties, resulting in increased supply chain risk. Fortunately, the North American Electric Reliability Corp. (NERC) has released standard CIP-013-1, “Cyber Security—Supply Chain Risk Management” that will go into effect in 2019. Lockpath’s Tony Rock wrote a Power Magazine article on preparing for the new standard.
That’s our roundup of risks for 2018. What a year it was for risk management, both expected and the unexpected. We’ll be back in 2019 to note the major risks as they occur throughout the year.
NSCC members face a new compliance requirement: cybersecurity confirmation. It sounds easy, complete a form, but risk is high. Here’s guidance.
Compliance departments are seriously challenged these days. As business swirls in response to COVID-19, compliance has taken a back seat. That can lead to trouble—violations, fines or both—due to missing deadlines. Management, in a questionable move, may ask compliance to do something taboo. Instead of reading a half empty glass post designed to help compliance deal with these challenges, they instead get a half full glass post that is brimming with optimism for compliance’s role during COVID-19.
COVID-19 has pushed several risk disciplines into the spotlight, including business continuity, third party risk, cybersecurity, and data privacy. We’ll explore each one and deliver advice and guidance.