This site uses cookies to provide you with a more responsive and personalized service. By using this site you agree to our use of cookies. Please read our cookie notice for more information on the cookies we use and how to delete or block them.

Bookmark Email Print this page

Security risks not being continuously monitored: Deloitte survey

"A rapid rise in the number of social media users brings a wide range of security issues that companies must address intensely,"

- Vlastimil Červený,
Deloitte's manager responsible for ICT security services

  • Social media seen as high risk
  • Nine out of 10 executives consider reorganisation of risk management as priority by 2015

New York/Prague, 8 October 2012 – fewer than 25 percent of United States executives report that their company continuously monitors security risks. The majority of respondents anticipate the global economic environment to remain the greatest source of security risks by 2015 and more than one in four managers (27 percent) predict that security risks posed by social media would play an increasingly important role as stated in the Deloitte and Forbes Insight study Aftershock: Adjusting to the New World of Risk Management.

More than one-third (41 percent) of respondents said that they saw the global economic environment as the most important source of risk over the next three years, and nearly one-third put public spending and state budget into that category. Regulatory changes were of concern to nearly one-third of respondents (30 percent), and both social media and financial risk were seen as a concern by 27 percent. The top areas of concern regarding increased volatility over the next three years included financial risk (66 percent of respondents), followed by strategic risk (63 percent) and operational risk (58 percent).

"Social media wasn't even on the radar a few years ago—now it's ranked among the top five sources of security risk—the same level as financial risk," says Henry Ristuccia, Partner, responsible for regulatory & risk matters in Deloitte.

"A rapid rise in the number of social media users brings a wide range of security issues that companies must address intensely. These issues include not only privacy and personal information protection but mainly, from a company's perspective, protection of internal information that may be misused through social networks," says Vlastimil Červený, Deloitte's manager responsible for ICT security services.

"If the lack of sufficient preventive measures results in a leakage of sensitive information, a heavy fine might be imposed on companies," adds Štefan Šurina, lawyer and an ICT law specialist in Ambruz & Dark/Deloitte Legal.

More than 50 percent of respondents believe that regulatory, technological, and geopolitical risk will increase in volatility, and 55 percent of executives surveyed reported that their organisations will revamp their risk approach within the next 12 months. Roughly nine in 10 executives (91 percent) reported that they plan to reorganise their approach to risk management in some form over the next three years.

When asked how they planned to accomplish this, the majority of executives (52 percent) said that they would elevate the profile of risk management throughout their organisations. Other areas viewed as key included reorganising risk management processes (39 percent), additional training for staff (37 percent), incorporating new technology (31 percent), and integrating risk into strategic planning (28 percent).

Despite advances in risk-related technologies as well as concern about unstable risks, the survey found that automation tools as well as tools used for continuously monitoring risk are underutilised. Most monitoring is done periodically, on a monthly, quarterly, biannual, or annual basis.

"Based on the findings of this survey and our interactions with clients, we believe technology has the potential to play a breakout role in the management of risk, but many companies are still behind the curve in this area," adds Mark Carey, Partner, Deloitte in the United States and leader of the U.S. Governance and Risk Strategies services for the commercial and public sector industries. "It is encouraging that more than half of the respondents said their companies were planning to invest in continuous risk monitoring, and the tools that are available should not only help them with risk management overall, but also increase efficiency and decrease costs over time," adds Carey.

Additional survey findings:

  • Risk management has become a C-suite issue. Of those surveyed, one-fourth (26 percent) said that the main responsibility for overall risk management belongs to the chief executive officer, with 23 percent assigning this responsibility to the chief financial officer or treasurer. Interestingly, the chief risk officer or head of risk came in third place, with 19 percent.
  • Automated risk management systems and processes – dashboard reporting for senior stakeholders, data analysis, and self-assessment are most often a mix of manual and automated processes. Twenty-eight percent of respondents said that their companies were in the process of automating their risk reporting.
  • Budgeting for risk is expected to remain stable. Respondents indicated that strategic risk and technology risk were the two areas where budgets will increase the most. Approximately 50 percent of respondents said that they expect minimal change to risk management budgets across the board. Fewer than 15 percent of respondents across all risk areas said risk budgets would decrease over the next three years.

About the survey

This report is based on a survey of 192 U.S. executives from consumer and industrial products, life sciences, healthcare, and technology/media/telecommunications industries. The survey was conducted in the United States by Forbes Insights in association with Deloitte. Roughly one quarter of the respondents were from companies with revenues of US$1 billion to US$5 billion; another quarter were from companies with revenues ranging from US$5 billion to US$10 billion; a third quarter were had revenues of between US$10 billion and US$20 billion; and the remainder were from companies with revenues of more than US$20 billion.

The largest group of respondents (65) had titles of SVP/VP or director, and the second-largest group (49) consisted of CEOs, presidents, and managing directors, followed by CFOs/treasurers and comptrollers (26). Their main functions were finance (93) and corporate management (81).

About Forbes Insights

Forbes Insights ( is the strategic research practice of Forbes Media, publisher of Forbes magazine and Taking advantage of a proprietary database of senior-level executives in the Forbes community, Forbes insights' research covers a wide range of vital business issues, including: talent management; marketing; financial benchmarking; risk and regulation; small/midsize business; and more.



About Deloitte

Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee and its network of member firms, each of which is a legally separate and independent entity. Please see for a detailed description of the legal structure of Deloitte Touche Tohmatsu Limited and its member firms.

Deloitte provides audit, tax, consulting, and financial advisory services to public and private clients spanning multiple industries. With a globally connected network of member firms in more than 150 countries, Deloitte brings world-class capabilities and high-quality service to clients, delivering the insights they need to address their most complex business challenges. Deloitte's approximately 182,000 professionals are committed to becoming the standard of excellence.

© 2012 Deloitte Czech Republic


Lukáš Kropík
Deloitte Czech Republic
Job Title:
PR Manager
+420 775 013 139


More on Deloitte
Country Desks:
Experts to provide services in your native language

Email Us   Facebook   Youtube   LinkedIn Corporate   LinkedIn Alumni