In brief
1. Cyber risk
The pandemic expanded digitization as companies embraced cloud-based services and remote working. This was great for business, and catnip for cybercriminals. PwC’s 2023 Global Digital Trust Insights Survey found that 66% of executives reported an increase in cyber breaches since 2020.
How are companies faring? Although more than 70% of respondents said they saw improvements in their organization’s cybersecurity in the preceding year, only about one-third said they’ve fully mitigated the cyber risks associated with increased cloud adoption.
A closer look at ten emerging cyber risks—all vital to growth—suggests the never-ending nature of the challenge: about two-thirds of respondents said their companies have at least moderately mitigated the range of cyber risks they face, yet fewer than 3% said they’ve fully mitigated all of them.
Catnip for cybercriminals
In brief
1. Cyber risk
2. Supply chain risk
3. Climate risk
4. Risks don’t care about your silos
By seeing the risks that matter and collaborating across silos, leaders can nimbly manage threats—even as they create value and build trust.
Risk:
Source: PwC’s 2022 Global Workforce Hopes and Fears Survey
For business leaders, operating in the current risk landscape is a bit like squaring up to a hectic game of whack-a-mole. Economic turbulence here, a supply chain snarl there—look out, it’s a cyberattack!
And just like in the old carnival game, the risks that companies face don’t just pop up one at a time, but come in pairs or even groups—like when a localized climate disaster gives rise to disrupted supply chains, or when the war in Ukraine caused a spike in energy prices, which accelerated inflation.
What companies need is a new way to view risk, and a new, more collaborative way to identify—and approach—the risks they face. They need to change the game.
In this issue of strategy+business, we’ll sketch out that new game, starting with a close-up view of three of the peskiest “moles” that are popping up: cyber risk, supply chain risk, and climate risk. We’ll note where things are going wrong, how they can go better, and how the presence of trust helps ensure positive business outcomes.
Then we’ll step back to highlight a methodology that any C-suite team can use to get a better handle on the totality of the risks they face. Hint: it requires focus, collaboration, and a dash of creative tech, as well as the courage to challenge existing mindsets. So put down your trusty risk mallet and let’s change the game: see risk, share it, sort it.
The C-suite should zero in on the plausible risks that could most hurt the company, and customers. It’s time to challenge assumptions.
02
03
01
See risk
02
03
01
02
03
01
In depth
Further reading
We use cookies to make our site work well for you and continually improve it. The cookies that keep the site functioning are always on. We use analytics to help us understand what content is of most interest. For detailed information on how we use cookies and other tracking technologies, please visit our cookies information page. It’s your choice to accept the use of analytics or not by clicking “Accept” or “Decline.”
Accept
Decline
©2023 PwC. All rights reserved. PwC refers to the PwC network and/or one or more of its member firms, each of which is a separate legal entity. Please see www.pwc.com/structure for further details. Strategy+business is published by certain member firms of the PwC network. Articles published in strategy+business do not necessarily represent the views of the member firms of the PwC network. Reviews and mentions of publications, products, or services do not constitute endorsement or recommendation for purchase. Mentions of Strategy& refer to the global team of practical strategists that is integrated within the PwC network of firms. For more about Strategy&, see www.strategyand.pwc.com. No reproduction is permitted in whole or part without written permission of PwC. “Strategy+business” is a trademark of PwC. Cookie Policy
Change analytics preferences
We use cookies to make our site work well for you and continually improve it. The cookies that keep the site functioning are always on. We use analytics to help us understand what content is of most interest. For detailed information on how we use cookies and other tracking technologies, please visit our cookies information page. It’s your choice to accept the use of analytics or not by clicking “Accept” or “Decline.”
Accept
Decline
Four-fifths of senior executives in the Global Digital Trust Insights Survey agreed that consistent—and even mandatory—disclosure of cyber incidents is vital to gain stakeholder trust. But fewer than 10% were confident that their company could provide the information that stakeholders want.
The trust factor
Dive deeper: PwC’s 2023 Global Digital Trust Insights Survey
Share
subscribe
Portrait by Noli Novak
—Jamil Farshchi, January 2023
Risk culture is assessed through action. If you’re not willing to slow down a digital transformation or delay the release of a product because of a security risk, that suggests that the organization does not have the right kind of culture. Those are the tough trade-offs that demonstrate that the company is willing to put its money where its mouth is in terms of managing risk effectively.”
Learn how the chief information security officer of Equifax approaches building a strong risk culture.
Read the interview
Dive deeper: The smart moves your supply chain needs now
Expect the
2. Supply chain risk
Interlocking crises—everything from raw materials shortages and high inflation to soaring industrial energy costs, rising geopolitical risk, and workers quitting in droves—are hammering global supply chains.
And this is only what leaders know they can expect. The obstruction of the Suez Canal by the megaship Ever Given in 2021 (which held up US$9.6 billion in global trade for each of the six days it blocked the channel) reminds leaders how unexpected disruptions can gum up global supply chains. Indeed, 43% of CEOs in PwC’s latest Global CEO Survey said supply chain disruption was likely to impact their industry’s profitability, significantly, in the coming decade.
As companies seek to calculate their risk exposures and prepare responses, they often find they need better systems in place—for example, to monitor and measure product content, supply chain financials on a transactional level, and logistics flows. Many companies don’t have any visibility beyond their direct suppliers. Eliminating such massive blind spots could require a full reset.
Companies with high-performing supply chains use advanced and emerging technologies, including AI-enabled “control towers”—connected dashboards of data, key business metrics, and events personalized for decision makers across the supply chain. Investments in advanced supply chain capabilities bear fruit in the form of lower costs, increased revenues, improved sustainability, higher asset utilization, better risk management, and more on-time customer delivery.
Supply chains run on data, and high performers invest in data analytics capabilities to do everything from detecting changes in customer preferences to tracking data on sales and consumers at every store and through every channel. But the best supply chains go further, using data to help create a virtuous cycle that benefits the entire business. The diagram at right shows how.
The trust factor
Dive deeper: Accelerating business action on climate change adaptation
Gaining—and keeping—the trust of investors and customers will require comprehensive and transparent climate disclosures. And there’s no sugarcoating the challenge. PwC’s recent Global Investor Survey found that a whopping 87% of investors suspect that corporate ESG disclosures contain some greenwashing.
Climate reporting has the potential to be a value-creation lever, even as it helps achieve sustainable outcomes by contributing to better corporate decision-making. But only if that reporting is trusted. Executives should expect more attention and scrutiny—and more chances to get reporting right—as more regulators call for the disclosure of climate risks, the associated financial implications, and the steps that companies are taking to manage them.
The trust factor
The near-term business risk of climate change is growing too large to ignore, as research from the World Economic Forum (WEF) in collaboration with PwC suggests. Their analysis of the 2021 Carbon Disclosure Project surveys of 100 major companies found that the potential financial impact of physical climate risks ranged from US$664 billion to US$772 billion. This could represent as much as 10% of annual sales, and 4% of market value, for those companies.
All the more surprising, then, that when it comes to perceptions of climate risk, CEOs appear to consider it less pressing than investors do.
See what investors see
3. Climate risk
BACK TO TOP
BACK TO TOP
BACK TO TOP
Explore the podcast series from strategy+business, which convenes a global community of solvers to tackle the world’s most important problems
Want to hear more?
EXPLORE
Check out The Leadership Agenda for more sharp, actionable insights from PwC curated to help global leaders build trust and deliver sustained outcomes
Want even more leadership insights?
Subscribe
Further reading: Go deeper on risk
Building resilience in a
polycrisis world
More issues
Climate threats, supply chain disruptions, cyberattacks—all these risks are increasingly interconnected, popping up simultaneously in places where business leaders may not have thought to look. To respond, executives have to make trust a pillar of their risk management approach. They’ve also got to see risk where it really lurks, zeroing in on the business areas that are most vital. Doing that requires silo-busting collaboration, and a commitment to share risk responsibilities across the organization. Only then can risk get sorted. Because if you hang on to established modes of thinking, you’ll likely be stuck playing a never-ending game of whack-a-mole.*
—Peter Drucker
A business always saws off the limb on which it sits.... Risk is of the essence, and risk making and risk taking constitute the basic function of enterprise.”
In conclusion
Subscribe
More issues
More from s+b
Podcast
pwc.com
March 2023
Illustrations by Aad Goudappel
Pause motion
Stop motion
BACK TO TOP
sort it
share it,
See it,
Three hairy risks...
Cyber
Increase in climate- and weather-related disasters, per decade, since the 1990s
Share of CEOs who say supply chain disruption is likely to significantly impact their industry’s profitability in the coming decade
Share of execs who say they’ve experienced an increase in cyber breaches since 2020
Supply chain
Climate
Source: PwC’s 2023 Global Digital Trust Insights Survey
Source: PwC’s 26th Annual Global CEO Survey
Source: IFRC World Disasters Report 2020
…and a new approach to managing them:
Leaders of a housing-management company thought that uninterrupted tenant payments were the key to its resilience and business continuity. A “what if?” exercise revealed that managing third-party service providers mattered more.
All six divisions of a large financial services company had created and stress-tested contingency plans in the event of a payments system meltdown. A mapping exercise helped reveal that the plans were fatally flawed.
Leaders should collectively discuss, debate, and then map the relevant processes, handoffs, and dependencies of the key business areas most at risk. This identifies blind spots.
Share risk
A global manufacturer used an AI-enabled data-collection program to flag spare production capacity and alternative supply routes. When the containership Ever Given plugged the Suez Canal in 2021, the company was ready.
Create real-time dashboards that give human risk assessments a tech-enabled boost.
Sort risk
Tell me more about
(the lack of) trust
In spring 2022, PwC surveyed 52,000 workers across 44 countries and territories. Among the questions were a
dozen intended to tease out the degree to which workers feel empowered—or not. The questions covered four areas:
Power up
CLOSE
* No moles—or gophers, shrews, or other insectivores—were harmed in the making of this issue.
Brian Houck
Connected Supply Chain Leader, Principal, PwC US
Email
Sean Joyce
Global Cybersecurity and Privacy Leader, US Cyber, Risk and Regulatory Leader, Principal, PwC US
Email
Bobbie Ramsden-Knowles
Co-Leader, PwC Global Centre for Crisis and Resilience, Partner, PwC UK
Email
Ashok Varma
Social Sector Advisory Practice Leader, Partner, PwC India
Email
Contact us
The smart moves your supply chain needs now
PwC’s Global Investor
Survey 2022
The risk challenge for China executives (PDF)
India’s Drought Risk Threatens Farmland the Size of Italy
PwC’s 2023 Global Digital Trust Insights Survey
Ever Given
Gaining privileged insights may become one of the supply chain’s most important capabilities. The better the insights, the more the organization can increase its value for customers. The more it improves the value propositions, the more trust it can generate by delivering on promises and the more customers will engage. The more customers engage and trust the company, the more the company remains connected with and relevant to them—regardless of global shocks and market shifts.
BACK TO TOP
Dive deeper: Building resilience in a polycrisis world
Show me more about risk culture
Crises associated with cyber, supply chain, and climate risk may pop up at any time, but they aren’t likely to be one-off challenges—individual “moles” to whack into submission. Risks are interrelated and complex. Think of how the war in Ukraine forced up energy and commodity prices, which in turn accelerated wage and price inflation. Similarly, cybercriminals are often state actors pursuing a shadowy blend of geopolitical, economic, and old-fashioned illicit goals.
Given the complexity involved, it’s therefore a big risk (ahem) to approach the challenge as many C-suite teams habitually do: as a silo-based exercise that treats each business unit’s risk profile as separate. Risks don’t care about your silos. Instead, leaders need to stop playing the old game and commit to a new one that rewards taking a more panoramic view of risk.
Three plays to change the game
4. Risks don’t care about your silos
Stop motion
Watch: Andrew McPherson, Global Risk Markets Leader, PwC Australia, on setting a risk appetite and appropriate risk culture
Read transcript
In spring 2022, PwC surveyed 52,000 workers across 44 countries and territories. Among the questions were a
dozen intended to tease out the degree to which workers feel empowered—or not. The questions covered four areas:
Power up
CLOSE
read transcript
Video transcript
Most organisations have adjusted their risk settings, but they’re facing some challenges getting their people and culture to move with them.
Risk appetites are a key tool to use to help everyone in the organisation understand where they’re able to take more risk in pursuit of opportunity.
And a strong risk culture plays a very key role in leveraging the upside risks in an agile manner and protecting you from the down.
PwC’s Global Risk Survey shows that over half of leaders are now moving in this direction. Almost 60 percent have defined their risk appetite and are investing in risk culture.
Andrew McPherson, Global Risk Markets Leader, PwC Australia
CLOSE
Having a broad, shared view helps companies set their risk appetite more appropriately and capture more upside in the risks they take. To get there, senior executives can start by leaving their old mindsets (and mallets) at the door and doing three things.
1. See it: Start with what matters most
Don’t try to anticipate all risks. Look to where plausible risks could materialize and hurt customers—and you—the most. This is a true pan–C-suite exercise that requires candor, trust, transparency, and the courage to challenge assumptions.
Idea in action
Leaders at a UK-based housing-management company thought that collecting rents via its app was the key to its business continuity. But C-suite discussions around the question What if? revealed that paying its suppliers promptly mattered more. If the app crashed, rental payments would be late, but the company could withstand that longer than it could live with customer anger caused by disrupted third-party services like heating and repairs.
Get together as a team to discuss, and then map, the relevant processes, handoffs, and dependencies of one of the key business areas you chose. Work together to share information, identifying all the operational complexities and paying special attention to where new tech systems replaced old ones or were patched together through M&A.
Idea in action
A large financial services company’s leaders thought their payments processes were resilient. Each of the company’s six divisions had even codified—and stress-tested—contingency plans. Yet they hadn’t shared them with each other. A process-mapping exercise and subsequent management discussion revealed that none of the divisions’ workarounds could scale adequately. During a companywide crisis, the plans would have ensured only about 12 payments a day.
2. Share it: Collaborate to eliminate blind spots
Resilient companies amplify human-powered judgment with a tech-enabled boost. AI-powered dashboards help executives track vital dependent operations and flag danger signs—all of which helps prioritize smart action.
Idea in action
A global manufacturer mapped the processes underpinning a key revenue stream—everything from the staff and tech systems to the end-to-end supply chain for parts. Using an AI data-collection program, the company created a dashboard of all the relevant dependencies to help spot spare production capacity and secure alternative supply routes should the primary ones fail. And fail they did. When the Ever Given bottled up the Suez Canal in 2021, the manufacturer quickly diverted ships and adjusted its supply chain to maintain uninterrupted deliveries.
3. Sort it: Turbocharge with tech
66%
43%
35%
BACK
TO TOP
BACK
TO TOP
BACK
TO TOP
BACK
TO TOP
Subscribe
March 2023
More from s+b
Podcast
Subscribe
Share
pwc.com
More issues
When undertaking systemic change or facing uncertainty, remember: your employees aren’t just along for the ride—they’re the engine of transformation.
Empower to transform
Risk:
See it,
share it,
We use cookies to make our site work well for you and continually improve it. The cookies that keep the site functioning are always on. We use analytics to help us understand what content is of most interest. For detailed information on how we use cookies and other tracking technologies, please visit our cookies information page. It’s your choice to accept the use of analytics or not by clicking “Accept” or “Decline.”
Accept
Decline
In brief
In brief
Cyber risk
Supply chain risk
Climate risk
Risk silos
©2023 PwC. All rights reserved. PwC refers to the PwC network and/or one or more of its member firms, each of which is a separate legal entity. Please see www.pwc.com/structure for further details. Strategy+business is published by certain member firms of the PwC network. Articles published in strategy+business do not necessarily represent the views of the member firms of the PwC network. Reviews and mentions of publications, products, or services do not constitute endorsement or recommendation for purchase. Mentions of Strategy& refer to the global team of practical strategists that is integrated within the PwC network of firms. For more about Strategy&, see www.strategyand.pwc.com. No reproduction is permitted in whole or part without written permission of PwC. “Strategy+business” is a trademark of PwC. Cookie Policy
Change analytics preferences
We use cookies to make our site work well for you and continually improve it. The cookies that keep the site functioning are always on. We use analytics to help us understand what content is of most interest. For detailed information on how we use cookies and other tracking technologies, please visit our cookies information page. It’s your choice to accept the use of analytics or not by clicking “Accept” or “Decline.”
Accept
Decline
Explore the podcast series from strategy+business, which convenes a global community of solvers to tackle the world’s most important problems
Like what you’ve heard?
EXPLORE
Check out The Leadership Agenda for more sharp, actionable insights from PwC curated to help global leaders build trust and deliver sustained outcomes
Want even more leadership insights?
EXPLORE
In brief
In brief
BACK TO TOP
cyber risks they face, yet fewer than 3% said they’ve fully mitigated all of them.
mouth is in terms of managing
risk effectively.”
In brief
Cyber risk
Supply chain risk
Climate risk
Risk silos
In brief
Cyber risk
Supply chain risk
Climate risk
Risk silos
In brief
Cyber risk
Supply chain risk
Climate risk
Risk silos
In brief
Cyber risk
Supply chain risk
Climate risk
Risk silos
2 min
Like what you've seen?
EXPLORE
Get s+b direct to your inbox
10 min
10 min
Subscribe
10 min
