6 Predictions for Risk Management in 2019

The most important takeaway from 2018’s data breaches, associated indictments and increasing regulatory scrutiny is that these scandals are far from unique in the macroenvironment. Over the past year, many companies have perpetrated failures in risk management because they neglected to adopt the proper systems and processes that would help them mitigate their risk, prevent scandals from occurring in the first place and certainly avoid recurrences.

What were the major risk trends in 2018 and what predictions can we make for 2019? Looking to the year ahead, here are some upcoming trends in cybersecurity, healthcare, Software as a Service, the ramifications of GDPR legislation and the impact of FINRA and NY500 changes that make this a challenging time for enterprise risk management.

AI vs. Cyberattacks

In 2018, we saw trust in algorithms and analytics to drive cars, inform healthcare decisions and monitor potential data loss incidents and that will be even more prevalent in 2019. Vendors may claim that AIs are effective to hold up against sophisticated cyber attacks, but the industry experts see our line of defense will be turned against us.

Forcepoint, a global cybersecurity leader, launched its 2019 Forcepoint Cybersecurity Predictions Report on November 13, examining seven areas where risk will increase in the new year. One of them is cybersecurity, with Forcepoint stating that a slowdown in funding for AI research will be a major risk, as “attacker tactics are not bound by investments, allowing for the continued advancement of AI as a hacker’s tool to spotlight security gaps and steal valuable data.”

Healthcare Innovation Shifts from West to East

Traditionally, medical breakthroughs have come from the West, with the East following suit, but in 2019 that may very well change. According to Forbes, “by 2019, up to 10% of healthcare R&D will be invested to localize innovation for emerging markets in Asia.”

This kind of shift could reshape the economic landscape, with “unicorn start-ups” valued over $1 billion emerging, foreign direct investment depending on demand for healthcare services, an aging population and increasing income levels.

Processes becoming Products

Through the next year, many companies will be converting internal capabilities and processes into external revenue-generating products using cloud economics and flexibility.

According to Kasey Panetta of Gartner, “Historically, internal IT teams looking to market unique capabilities haven’t been able to for economic, technical and marketing reasons. However, cloud infrastructure and cloud service providers solve many of these challenges. Supporting scale is the cloud provider’s responsibility, the app store markets the app, and cloud tools make support and enhancement easier. As companies begin to see digital revenue from marketing internal tools, others will follow suit.”

This change in what a product is will see an evolution, though perhaps not a revolution, in business practices.

The Specter of GDPR

General Data Protection Regulation (GDPR) requires businesses that engage with data about European citizens to comply with stricter rules and privacy measures. This new law went into effect on May 25, 2018, with U.S. businesses that have dealings with the EU sure to feel the effects in the next fiscal year.

Geoff Scott of SmallBizDaily warns “The GDPR firmly puts the EU at the forefront of online user privacy worldwide, specifically by demanding companies become more transparent with how they use and handle the personal information of customers and people who navigate their websites.” He goes on to advise that it’s now a legal requirement to allow users access to their online privacy data, and that “violating the GDPR’s stringent policies can cost a company up to 4% of their annual global turnover or 20 million euros (whichever is greater).”

Ensuring that websites and other customer touchpoints are properly setup for GDPR is only a start, and companies must be prepared to monitor their compliance and the associated risks on an ongoing basis or pay the price.

Changes from FINRA Coming into Effect

The Financial Industry Regulatory Authority, Inc. (FINRA) is rolling out changes affecting consumer protections, compliance practices and exams, and have proposed adoption of electronic signature. Firms will need a way to track compliance with new guidance for vulnerable clients and understand the risks that the new protections create for them.  

From a compliance perspective, documentation changes may prove challenging for firms that that don’t have a dynamic document management process. Electronic signature offers the promise of rewriting current process and procedures.

Protecting and Safeguarding Customer Data with 23 NYCRR 500

A new set of regulations from the NY Department of Financial Services (NYDFS) were released on February 16, 2017 that have had and will have implications for financial institutions. Known as the NYDFS Cybersecurity Regulation (23 NYCRR 500), these rules have placed strict requirements on New York organizations, such as insurance companies, banks and other financial services institutions regulated by the NYDFS to assess their risk profile and implement and maintain a comprehensive cybersecurity program.

Initially these organizations were required to adhere to a strict timeline to achieve and maintain compliance by August 28, 2017, submit a Certification of Compliance by February 15, 2018, and prove they’ve maintained an audit trail and implemented application security protocols by September 3, 2018. As of September 4, 2018, according to Hogan Lovells Publications, covered entities are also now required to be in compliance with additional requirements relating to audit trail, application security, limitations on data retention, monitoring of authorized users and encryption of non-public information with March 1, 2019 being the final implementation date.

Being in compliance helps protect a business’s valuable data and safeguard customers’ sensitive information but it also presents near-term challenges. Meeting requirements within deadlines and appointing a qualified CISO are all necessary for understanding a risk profile and avoiding penalties.

For More Information

No matter what happens in 2019, Procipient® enterprise risk management and ERM-GRC software is the best defense against upcoming trends and paradigm shifts. This highly configurable solution ensures your company can quickly and easily adapt your enterprise risk management with unprecedented insight and instant success. For more on the software suite’s professional-grade design and function, request a demo today.