1. Cybersecurity and data privacy: we are moving to a digital era and by doing it, this risk increases. The reason: information and data have more value than gold. The challenge: to minimize it since the criminals are evolving and increasing sophistication to attack their targets. Cybersecurity in any company should include protection against attacks and data leakage. Key controls: intrusion tests done by experts, update the software on a regular basis, block bogus emails and train people to recognize phishing attacks.
2. Third parties: the risk starts when that third party works with other sub-contractors. Usually, the company has no contract or contact with the sub-contractor and mainly relies on what the third party has done as due diligence. The reality: anything that happens with sub-contractors can affect the company; such as hiring minors, exploiting people, deplorable workplace conditions. Key controls: review any outsourcing arrangements with a risk-based approach, include in the contract the right to audit third parties and sub-contractors, and at least once a year, carry out surprise audits. Key point: That the company understands the extent to which it is exposed to third parties.
3. Brand value and reputation: corruption, fraud, cyber-attacks can have a lasting impact on a company’s reputation and the value of its brand. Reputational risk is like an earthquake: we can know where the epicenter was, but we can’t know for sure how far its consequences are. Even a poorly managed comment on social media can harm the brand. Key controls: complying with regulations, effective audits, training and addressing issues properly so they won’t be repeated again.

By Mónica Ramírez Chimal - International Speaker & Trainer, Writer, Consultant-Partner at Asserto RSC