Diligent Finds Cyberbreaches Due to Work-From-Home Have Cost Surveyed US Businesses $396 Million in the Last 18 Months

Other survey findings include: Majority of companies experienced a cyber breach in 2021, view ESG as a box-ticking exercise and have significant concerns around changing regulations

Diligent, the global leader in modern governance providing SaaS solutions across governance, risk, compliance and ESG, today announces new findings from a national survey of 450 senior finance and risk professionals in US-listed businesses. The results show that US businesses lost $396 million¹ in 2021 largely due to cyberbreaches caused by staff having to work from home. The survey also shows that businesses are concerned by risks associated with lack of strategy around ESG, complex regulatory landscapes, and a disconnect between the board and the operational team.

Marketing Technology News: Zero Trust Leader iboss Wins 2021 Cybersecurity Excellence Award

“Moving into 2022, our research shows that risk professionals see potential for failures in multiple areas. However, putting in place a proactive, data-driven risk management practice will help organizations to better identify and mitigate these risks and harness strategic opportunities to come out ahead.”

The results below provide unique insights into what US risk professionals see as significant challenges for their organizations in 2022.

Cyber risks from working from home

• 55% of companies say they have experienced a cyberattack or data breach in the past 18 months
• 82% of those who reported a breach say it resulted from tech issues or behavior related to working from home
• 71% say their organization lost money or revenue – a total of nearly $396 million – due to a breach

ESG as a box-ticking exercise

• 35% of risk professionals view their organization’s current ESG strategy as a box-ticking exercise, rather than driving real impact
• 58% say their company’s ESG strategy is not aligned with its wider GRC goals
• There is a clear lack of ownership when it comes to setting and leading ESG goals, with 40% stating the responsibility lies with the investor relations team, 39% with the communications department and 37% with GRC/risk teams

Risk at the board level

• Risks that are currently top of mind at board meetings are bribery and fraud (21%), climate change and environmental sustainability (18%) and lack of diversity within the board or management team (18%)
• 46% of risk professionals say an inability to provide real-time or near-real-time reporting hinders their ability to paint a true picture of risk for the board
• The areas of risk that boards have the least insight into are technology associated with working from home (21%), cybersecurity and data breaches (20%) and disasters and crisis response (19%)

Top risks in 2022

• Increased regulations – 87% of organizations are concerned about complying with changing regulatory requirements in 2022
• Geopolitics – Energy price and supply is the top macro risk for businesses in 2022 (36%), followed by international political tension (34%) and climate change (33%)
• Workforce turnover – Human capital (talent management, recruitment, retention) and supply chain issues are the top operational risks for businesses in 2022 (19%) followed by technology associated with working from home (18%)

“Over the last 18 months, companies have dealt with unprecedented challenges and unexpected risks,” said Dan Zitting, Chief Product and Strategy Officer at Diligent. “Moving into 2022, our research shows that risk professionals see potential for failures in multiple areas. However, putting in place a proactive, data-driven risk management practice will help organizations to better identify and mitigate these risks and harness strategic opportunities to come out ahead.”

Marketing Technology News: Brikl’s Office Expansion and Incorporation Amplifies Hypergrowth in the US