Top Risks Cyber security 2020 | On Risk 2020 | Pittsburgh Cyber Security

We live in a disruptive world where the risks companies face are constantly evolving. Risks not on your radar today could easily be brought to light within the next year, month, or even week. The IIA recently released its report, On Risk 2020 – A Guide to Understanding, Aligning and Optimizing Risk, which provides perspective from key members of risk management functions and offers insight on what to look for next year.

On Risk 2020 was developed from qualitative and quantitative interviews conducted with nearly 100 professionals to capture viewpoints of the boardroom, c-suite and chief audit executives. Results were analyzed to get a better picture of how the three roles aligned, both regarding the risks that exist within organizations and how well-equipped those organizations are to manage the threats. Several key insights resulted from the report.

  • Top 11 Risks: The following were identified as the top 11 risks that organizations expect to face in 2020:
  1. Cybersecurity
  2. Data protection
  3. Regulatory change
  4. Business continuity/crisis readiness
  5. Data and new technology
  6. Third party
  7. Talent management
  8. Culture
  9. Board information
  10. Data ethics
  11. Sustainability (Environmental, Social and Governance - ESG)
  • Overconfidence of Boards: The results overwhelmingly indicated that board members are more confident than executive management in their organization’s capability of addressing key risks, as depicted in the table below.

Image obtained from The IIA’s “On Risk 2020 – A Guide to Understanding, Aligning and Optimizing Risk”

  • Knowledge Deficit: Most interviewees felt that Cybersecurity and Data and New Technology were risks of high relevance to their organizations, but rated themselves low in knowledge of these areas.
  • Top Three Risks to Watch: Data and New Technology, Data Ethics and Sustainability (also known as Environment, Social and Governance, or ESG), are predicted to experience extreme growth in relevance over the next five years.
  • Talent Management Remains Crucial: As the risks we face evolve, so must our talent. Identifying, hiring and retaining innovative individuals who have the ability to develop critical skills that align with changing business practices and related risks is critical to the success of risk management.

As businesses and risks evolve, collaboration between internal audit, senior executives and the board has never been more critical. Organizations should continue to understand, assess and proactively manage the risks they face and ensure this information is clearly communicated among all risk management functions.

Interested in learning more about how to assess and address risks within your organization? Contact our Risk Advisory Services team by e-mailing us at   For the complete report, click here to download On Risk 2020 – A Guide to Understanding, Aligning and Optimizing Risk.

You’ve heard our thoughts… We’d like to hear yours

The Schneider Downs Our Thoughts On blog exists to create a dialogue on issues that are important to organizations and individuals. While we enjoy sharing our ideas and insights, we’re especially interested in what you may have to say. If you have a question or a comment about this article – or any article from the Our Thoughts On blog – we hope you’ll share it with us. After all, a dialogue is an exchange of ideas, and we’d like to hear from you. Email us at

Material discussed is meant for informational purposes only, and it is not to be construed as investment, tax, or legal advice. Please note that individual situations can vary. Therefore, this information should be relied upon when coordinated with individual professional advice.

© 2020 Schneider Downs. All rights-reserved. All content on this site is property of Schneider Downs unless otherwise noted and should not be used without written permission.

our thoughts on

Does Your Institution Offer the Correct Number of Courses?
SOC for Supply Chains
Do Managed Service Providers Need a SOC Report?
Do Relocation Companies Require a SOC (System and Organization Controls) Report?
What has COVID-19 taught us about our businesses processes?
Risks to Consider When Reopening Your Branches

Register to receive our weekly newsletter with our most recent columns and insights.

Have a question? Ask us!

We’d love to hear from you. Drop us a note, and we’ll respond to you as quickly as possible.

Ask us

contact us

Map of Pittsburgh Office

One PPG Place, Suite 1700
Pittsburgh, PA 15222
p:412.261.3644     f:412.261.4876

Map of Columbus Office

65 East State Street, Suite 2000
Columbus, OH 43215
p:614.621.4060     f:614.621.4062

Map of Washington Office
Washington, D.C.

1660 International Drive, Suite 600
McLean, VA 22102