KPMG's new risk management survey shows deficient threat engagement

Feb. 8, 2018
Many companies are not assessing the risks of emerging technologies that they are adopting

NEW YORK, Feb. 7, 2018 /PRNewswire/ -- While companies across various industries are increasing their focus on emerging technologies to help transform their businesses, many are not assessing the risks that come with their adoption, according to KPMG LLP's Tech Risk Management Survey. Nearly half (47 percent) of the 200 senior IT risk management executives surveyed whose companies have adopted mobile applications and devices have not included them in recent IT risk assessments. The findings for other emerging technologies are similar, with 46 percent that adopted Internet of Things (IoT), 44 percent that adopted cloud computing, 34 percent that adopted artificial intelligence (AI) and 32 percent that have adopted robotic process automation (RPA) not assessing their risks.

For more information, please click here for the KPMG Tech Risk Management Survey Report: Disruption is the New Norm.

"Change and disruption have never moved faster and the speed of technology deployment is critical, but it can't be at the enterprise's expense," said Phil Lageschulte, Leader of Global IT Advisory Services for KPMG.  "Tech risk management should anticipate changes while or before they happen and determine the associated risks. Accordingly, tech risk management should be involved in strategic business planning, embedding the risks and adding value upfront."

While not actively assessing the risks of adopting emerging and disruptive technologies, the majority of those surveyed are very aware that these risks exist. And, the risks may only escalate as companies seek to increase their investment in these technologies. The survey found that companies expect to make significant investments over the next year in mobile (48 percent), IoT (46 percent), cloud computing (46 percent), RPA (41 percent) and AI (40 percent).  

"Tech risk management is challenged to improve how it filters through data in a meaningful and consistent way so that it can efficiently communicate how this data impacts the business," said Vivek Mehta, Partner in KPMG LLP's Emerging Technology Risk Services practice. "The proper parameters should be created to classify data so that the organization can make well-informed business decisions from it."

Other Key Findings

  • IT Risk Management: Value Center Aspirations, But Still Treated As a Cost  – While 88 percent of survey respondents agree that IT risk management is driving value for the organization:
    • Nearly half (49 percent) expect their IT risk management spending to stay the same or decrease over the next three years.
    • Less than half are involving IT risk management in their IT initiatives at the outset of the project.
    • More than ¼ (27 percent) have a perception that IT risk management impacts time to market, challenging the notion that ITRM adds value to the organization.

About the Report
KPMG LLP, in collaboration with Forbes Research, conducted a telephone survey of 200 senior executives responsible for IT risk management at large U.S. companies across the financial services, technology, healthcare and life sciences, and industrial manufacturing Industries.

About KPMG LLP 
KPMG is one of the world's leading professional services firms, providing innovative business solutions and audit, tax, and advisory services to many of the world's largest and most prestigious organizations.

KPMG is widely recognized for being a great place to work and build a career. Our people share a sense of purpose in the work we do, and a strong commitment to community service, inclusion and diversity, and eradicating childhood illiteracy.

KPMG LLP is the independent U.S. member firm of KPMG International Cooperative ("KPMG International"). KPMG International's independent member firms have 197,000 professionals working in 154 countries. Learn more at www.kpmg.com/us.