New York, January 31, 2022 - Diligent, the global leader in modern governance providing SaaS solutions across governance, risk, compliance and ESG, today announces new findings from a national survey of 450 senior finance and risk professionals in US-listed businesses. The results show that US businesses lost $396 million in 2021 largely due to cyberbreaches caused by staff having to work from home. The survey also shows that businesses are concerned by risks associated with lack of strategy around ESG, complex regulatory landscapes, and a disconnect between the board and the operational team.
The results below provide unique insights into what US risk professionals see as significant challenges for their organizations in 2022.
Cyber risks from working from home
- 55% of companies say they have experienced a cyberattack or data breach in the past 18 months
- 82% of those who reported a breach say it resulted from tech issues or behavior related to working from home
- 71% say their organization lost money or revenue - a total of nearly $396 million - due to a breach
ESG as a box-ticking exercise
- 35% of risk professionals view their organization's current ESG strategy as a box-ticking exercise, rather than driving real impact
- 58% say their company's ESG strategy is not aligned with its wider GRC goals
- There is a clear lack of ownership when it comes to setting and leading ESG goals, with 40% stating the responsibility lies with the investor relations team, 39% with the communications department and 37% with GRC/risk teams
Risk at the board level
- Risks that are currently top of mind at board meetings are bribery and fraud (21%), climate change and environmental sustainability (18%) and lack of diversity within the board or management team (18%)
- 46% of risk professionals say an inability to provide real-time or near-real-time reporting hinders their ability to paint a true picture of risk for the board
- The areas of risk that boards have the least insight into are technology associated with working from home (21%), cybersecurity and data breaches (20%) and disasters and crisis response (19%)
Top risks in 2022
- Increased regulations - 87% of organizations are concerned about complying with changing regulatory requirements in 2022
- Geopolitics - Energy price and supply is the top macro risk for businesses in 2022 (36%), followed by international political tension (34%) and climate change (33%)
- Workforce turnover - Human capital (talent management, recruitment, retention) and supply chain issues are the top operational risks for businesses in 2022 (19%) followed by technology associated with working from home (18%)
"Over the last 18 months, companies have dealt with unprecedented challenges and unexpected risks," said Dan Zitting, Chief Product and Strategy Officer at Diligent. "Moving into 2022, our research shows that risk professionals see potential for failures in multiple areas. However, putting in place a proactive, data-driven risk management practice will help organizations to better identify and mitigate these risks and harness strategic opportunities to come out ahead.'
The survey received responses from 450 US-based chief risk officers, heads of risk, chief financial officers, finance directors, chief information security officers and chief information officers in November 2021.
Read more results from the survey here.
Diligent is the global leader in modern governance, providing SaaS solutions across governance, risk, compliance and ESG. Serving more than 1 million users from over 25,000 customers around the world, we empower transformational leaders with technology, insights and confidence to drive greater impact and lead with purpose. Learn more at diligent.com.
+1 917 246 2775
 Figure based on survey of 450 business. This figure was converted from £297.675 million to $396 million on 12/02/2021, assuming one respondent per business.