Smart devices. Self-driving cars. Robotics. Cloud computing. The fourth industrial revolution is officially at our doorstep. When it comes to managing the technologies of the future, risk managers must strike a careful balance between embracing innovation and maintaining control. But few have managed to do so, according to KPMG’s ‘Tech Risk Management Survey Report: Disruption is the New Norm’.
In the next year, companies are planning to make big investments in emerging and disruptive technologies. Mobile technologies were the most popular innovations for respondents in the survey, with 48% adopting applications and devices. The Internet of Things and cloud computing followed – each with take up rates of over 40%. Artificial intelligence, robotics process automation, cognitive computing, blockchain, and 3D printing were also included in investment plans.
The opportunities afforded by these tools of the future are abundant, but so too are the risks. “When it comes to technology, risk is always a potential,” says Phil Lageschulte, leader of global IT advisory services for KPMG.
“That potential may erupt, causing a regulatory, customer or safety issue that might have huge financial or reputational consequences. Or it may never manifest into an actual event.”
Despite having robust plans to adopt disruptive technologies, companies are failing to assess the associated risks. “Technology risk management needs to evolve to be prepared for the new world in which disruption is normal,” says Lageschulte. “Change and disruption have never moved faster, and the speed of technology deployment is critical, but it can’t be at the enterprise’s expense.”
Nearly half of respondents whose companies had adopted mobile applications and devices had failed to conduct an evaluation of the risks. For the other technologies, the results are even more dismal.
Startlingly few companies that adopt emerging tech assess the risks
Most companies are failing to manage emerging technology exposures proactively. When risk teams are only included in projects, it’s almost always after issues have begun to arise, according to the report. “Tech risk management should anticipate changes while or before they happen and determine the associated risks,” says Lageschulte. “Accordingly, tech risk management should be involved in strategic business planning, embedding the risks and adding value upfront.” However, the survey found that despite a growing focus on the emerging risk, most companies aren’t heeding that advice.
Most companies don’t view emerging tech risk management as an organisation-wide function
“If risk management is not embedded up front, companies are rolling the dice,” says Lageschulte. “It’s like buying an insurance policy that you might never end up using, but if you have to, you’ll be very thankful you bought it.”