Gartner recently offered up a list of the “Top 10 Emerging Risks of Q2 2018” that included all the usual culprits. But two risks, numbers 3 and 10, stood out for their “risk velocity” or the speed at which these issues could escalate and damage a firm were they to occur. One could argue these are more important than any of the other risks.
At number three was GDPR regulatory risk. As most know, the General Data Protection Regulation was introduced by the European Commission and went into effect in May of this year. GDPR is a set of rules created to give European Union citizens control over their personal data. The rule’s goal is to simplify the regulatory environment for business so both citizens and businesses in the EU can fully benefit from, and not be harmed by, the digital economy. The rule has been well received by regulators worldwide, many of whom have adopted it for their own jurisdictions. Gartner describes the risk as “a specific breach of compliance with GDPR” that leads to “a significant fine to the organization.” And it is very clear that a breach could sting. For a breach, companies can be fined over $20 million, or, more significantly, 4% of total revenue.
Aside from the reported 160% spike in complaints about potential data breaches since the law went into effect, two European companies have already been given warnings about GDPR compliance breaches. According to reports, two French location data companies received GDPR “consent warnings” and are required to comply with the new rules within 90 days or face a penalty.
The second high-velocity in risk in the top-10 list was social engineering risk. This is where “sophisticated criminals use deception to manipulate individuals into divulging confidential or personal information that may be used for fraudulent purposes,” as Gartner describes it. Today, much of cybersecurity’s focus is firewalls, hacking, and generally, keeping unwanted outsiders from getting into a company. However, the growing risk isn’t one where outsides are trying to get in—it’s that they’re already inside via naïve or unwitting employees who allow entry with a click of a mouse. Also, aside from phishing and other cyber-trickery, one area that raises concerns for many companies is of the “loose lips sink ships” variety. In other words, unintentional insider sharing.
A third risk not in the top 10 but one that his high velocity is weather. These is “increasingly volatile weather patterns” risk, which is presumably a nod toward climate change and the uptick in severe weather that can have an obviously quick impact (tornado, flood, etc) on a company. This would mean systems redundancy should be in place to mitigate a site getting overwhelmed by weather.