GRC Tuesdays: What Risks to Look Out for in 2023
If you have been following these GRC Tuesdays blog, then you might have noticed that this is the third year that we release a blog on “What Risks to Look Out for in [current year]”.
This year again, I decided to use the very same format so that there could be comparability on what experts, analysts, journalists and business leaders have defined as being their top concerns for the different periods.
For your convenience, I have included the graphs from previous blogs directly below, but, in case you are interested in reading more, I have also added the links:
Reminder of the state of Top 5 Risk Categories as per businesses and communities from prior years:
I thought the world had been turned upside down in 2021 with the COVID crisis and its impact on health, supply chain, and overall economy but was I wrong. 2022 was another annus horribilis. And this is an understatement.
“Security (war/conflict)” is always highlighted as a threat to global stability of course, but I certainly hadn’t imagined 18 months ago that most analysts would shift their response for top risks from pandemic to war in such a short timeframe.
Looking at 2023 and beyond, reports are quite pessimistic on the overall state of the world and its economy, and new threats have made their way to the top risks in less than 12 months.
Top 5 (+1) risk categories in 2023
In the past, I have always restricted the summary to 5 top risk categories, but it was impossible this year since few of them had the very same number of mentions across the different reports used for this blog. As I didn’t want to make a choice and prioritize one over the other, I decided to keep 6 that are most often cited.
Economic conditions with debt crisis, changing market context and so on was already #1 in previous years, but it then included Energy related issues. This year, “cost of living” and especially its inflation component is at high with potential societal impacts: social erosion, unrests and conflicts leading to further disruptions. But, the Energy prices that previously was a sub-category of Economic conditions is now a category by itself in most reports. As a matter of fact, its label was changed from “Energy prices” to “Energy crisis” since it’s no longer a potential threat but a reality for many economies. Some governments have put in place counter-measures, such energy price cap, to shield consumers and businesses from price volatility, but experts still position this as a high risk for 2023 and beyond – especially if ongoing or new conflicts further increase its intensity and geographical scope.
Geopolitical was also already a key category in 2022, especially with important election milestones, and it’s definitely not being downgraded in 2023. Illustrations here would be the strained relationships amongst member of the European Union, but also the US-China change in balance that weighs on the relationship between the 2 leading economies. Analysts warn that there could even be a shift in battle ground from economical confrontation focused on trade and technology leadership, into the military domain with possible escalations resulting from accidents or collisions between military vessels patrolling in disputed territories.
Continuing on the topic of conflicts, (physical) Security concerns are at their highest in over a decade. The reality of a major conflict in Europe and rising of tensions across the globe (US-China of course, but also in the Gulf with the nuclear deal in question, with North Korea, etc.) further intensifies this threat that is also now more and more linked with another security facet: Cybersecurity. In addition to cybercrime which is already damaging enough, weaponization of the cyberspace by government-backed if not nation-led groups is a real threat that companies have to face every day. Especially if they hold business or user sensitive data. And let’s be realistic: what company doesn’t hold any type of sensitive data on an electronic format today?
With estimates that between 60%-65% of the world’s economy is relying on digital technologies since 2022, the cyber-attack landscape is wide and difficult – if not impossible – to protect.
Finally, the Environmental risk category is once again back on the top risks list. With examples of devastating floods in Pakistan last year, or severe draughts in Europe, India or the US that led to an increase in price pressure for food products and many other events, climate change impacts lives all around the planet.
As for risks in company risk registers, these top risks and all intertwined. An increase in risks from one category has drastic correlation on events from other categories.
Extending beyond top 5 risks
Unfortunately, these aren’t the only perils that organizations but also individuals will have to deal with in 2023.
HR & Talent Management continues to be cited by company leaders as a constant challenge. We’ve all read about the “Great/Silent Resignation” where a great number of workers have decided to voluntarily leave their jobs, meaning the ability to attract and retain top talents will once again be a core focus for any manager.
Despite the world breathing a sigh of relief in 2022 when the pandemic seemed to be behind us, health experts, including from the World Health Organization, have warned that “we cannot be complacent”. And some analysts have included Natural disasters & crisis – specifically relating to new pandemics in their top 10 citing resurgence of the virus and new variants.
Linked to many categories in the top 5 list above, Supply Chain continues to be a concern for companies relying on import and/or export of goods. Which, in our globalized and networked economy basically means everyone! Rising prices and diminishing ability to access critical materials will continue in 2023 and beyond.
Information Technology (also referred to as “Digital” in some reports) is not in the top 5 this year, but still very close to it. Technology-driven disruptions will most likely continue and endanger companies whose business model or operations aren’t ready or adapted to such change. It provides as much of an opportunity for digitally-ready companies as it exacerbates inequalities for companies – or regions of the globe – that simply do not have access to cutting-edge infrastructure.
Finally, to try and mitigate some of these risks – including limiting inflation, controlling energy prices, preventing new health crisis, or even ensuring timely disclosure of cyber breaches, it is likely that many governments will intervene with new legislations. As a result, new Compliance & Regulation constraints are also mentioned by business leaders as a risk to be kept on the radar and to be monitored quite closely.
I sincerely wish the future were brighter, but 2023 will most likely be a trying year.
Nevertheless, since we’ll be entering the year of the Water Rabbit towards the end of January and that the rabbit symbolises longevity, peace, and prosperity in Chinese culture, I choose to hope that this is a sign of better times ahead!
What about you, what risks do you and your organization have on the radar for the year to come? I look forward to reading your thoughts and comments either on this blog or on Twitter @TFrenehard
If you’d like to drill-down further, I have shared below the sources that I used to put together the summary graph.
Of course, if there are other reports that you use and would recommend, I’d love to hear about them so don’t hesitate to add them in the comments section!
- Asia Pacific Security Magazine (APSM) – Top Risks for Business in 2023
- Atlantic Council – The top 23 risks and opportunities for 2023
- Barclays Bank – The top five risks in 2023
- BlackRock Investment Institute – Geopolitical Risk Dashboard
- Business Leaders – The top five risks for businesses in 2023
- Charles Schwab – Top Global Risks of 2023
- ControlRisks – RiskMap 2023
- Economist Intelligence Unit – Risk outlook 2023
- Eurasia Group – The Top Risks of 2023
- European Confederation of Institutes of Internal Auditing (ECIIA) – Risk in focus 2023
- Forbes and Crisis24 – Looking Ahead To 2023: Anticipating The Global Business Risks Facing Organizations
- KPMG – Internal Audit Key risk areas 2023
- Gartner – 2023 Audit Plan Hot Spots Report
- Office of the Superintendent of Financial Institutions (OSFI) – Annual Risk Outlook Fiscal Year 2022-23
- Protiviti and North Carolina State University’s ERM Initiative – Executive Perspectives on Top Risks for 2023 and 2032
- The Depository Trust & Clearing Corporation (DTCC) – Systemic Risk Barometer Survey 2023 Risk Forecast
- Time – The Top 10 Global Risks of 2023
- World Economic Forum (in partnership with Marsh McLennan, SK Group and Zurich Insurance Group) – The Global Risks Report 2023