5 Virtual Brochure – March 2025 Our headline observations on strategic risks are: Cyber Security Cybersecurity continues to be rated as the most significant risk across all business sectors. Organisations expect this to remain the case for the foreseeable future. Businesses particularly highlight increases in targeted phishing and AI-generated deep fake attacks and raise growing concerns about the adequacy of security controls at suppliers. We encourage institutions to ensure that new forms of cyberattacks are addressed in systems testing and employee training, and that cybersecurity at suppliers and partners is regularly tested and assurances received. Human capital, diversity, and talent management Human capital, diversity, and talent management remains the second highest ranked risk, with businesses expecting it to remain significant in the medium term. The ECIIA report highlights a growing challenge of effective workforce planning and a general trend towards faster staff turnover. Businesses are concerned about access to digital skills, upskilling their workforce to enable effective use of AI, and the continuing challenges of meeting expectations around work life balance. We encourage institutions to ensure that needs for AI and other emerging digital skills are identified and embedded in recruitment and training strategies. Institutions may also want to test that onboarding, induction and exit processes are efficient and effective, and that business continuity plans are revised to take account of changing personnel and organisational structures. Macroeconomic and geopolitical uncertainty Macroeconomic and geopolitical uncertainty. Overall, businesses continue to rate the risks of disruption from macroeconomic and geopolitical events highly, citing conflict in Ukraine and the Middle East, escalating risks of hostilities elsewhere, and growing risks from the deliberate undermining of supply chains by foreign actors. We encourage all institutions to produce an annual report on security risks and adopt good practice developed by UUK, to draw upon a wide range of expertise to inform scenario planning, and to regularly review and test business continuity plans. Digital disruption, new technology and Artificial Intelligence (AI) Digital disruption, new technology and AI is the fastest increasing risk in this year’s report, with businesses predicting that this will be their second most significant risk area by 2028. The ECIIA emphasises the necessity of organisations having a clear strategy and effective governance and change management to ensure that the adoption of AI is joined up, secure, and efficient. As highlighted in our report last year, there is a pressing need for all institutions to have clarity about how they intend to use AI and about how this is governed and managed in a coordinated way. We also encourage institutions to discuss and document AI risks (both opportunities and threats) including those which may emerge from partners, suppliers, and competitors.
RkJQdWJsaXNoZXIy NTI5NzM=