Strategic Implications of Cyber & Data Risk, and Cyber Dependency

  • Lois Tullo, Executive-in-Residence, Global Risk Institute
Red dice


This article is the first in a series that will focus on applying risk correlations to further a robust approach to the management of emerging risks. The paper applies the correlation matrix from the Global Risks and Trends Framework (GRAFT)[1] to a specific topic in order to highlight risk interdependencies, and to assist in the analysis of strategic implications. The correlation matrix aims to provide both strategic insights and recommendations for an organization and is based on the premise that risk events do not happen in isolation – events are not typically the result of one risk or trend, but rather a combination of risks and/or trends. It is through the lens of inter-relationships that we examine the top risks and trends for 2018. 

We look at the highest ranked risks and trends, and their correlation and combination with other risks and trends, to identify the strategic implications for organizations within the financial services sector. From our research[2] we have identified 5 key risks and trends correlations, informed by many of the risk ranking surveys that are summarized in the appendix.[3]


The 5 top risk and trend correlations and combinations for 2018 are: 

  1. Cyber Attacks/Data Fraud or Theft/Cyber Dependency,[4]
  2. Climate Change/Extreme Weather Events/Natural Disasters,
  3. Interstate Conflict/Increasing National Sentiments/Regulatory Change,
  4. Income and Wealth Disparity/Debt Levels/Asset Bubble, and
  5. Large Scale Migration/Failure of Global and National Governance

This series on the top 2018 risk correlations is also informed by numerous risk events of 2017. Consistent with GRI’s annual survey of Chief Risk Officers, and unsurprisingly, cyber security and data attacks tops the list. Business interruption risk events in 2017 have become more frequent and continue to accelerate in 2018. It is useful to look back on some of the most significant recent events for insight into the future. As for many of the top risks/trends and their correlations, the dialogue is changing from “if” to “when”. Prevention along with stress tested response preparation has become the new norm in considering and in addressing cyber and data risks. This paper aims to highlight the strategic implications for organizations in the financial services industry.


[1] GRAFT is a robust, systematic process for identifying, assessing, and responding to strategic risks posed by Global Risks and Trends; it facilitates identification of potential opportunities to leverage them for the organization’s benefit.

[2] See Appendix for 2018 Risk Ranking Summaries.

[3] The appendix supports step 3 and 4 of the GRAFT process. Reviewing the Risks Ratings will help organizations to understand global risks and trends, and to aid in ranking and prioritizing of risks and trends.

[4] Rise of cyber dependency due to increasing digital interconnection of people, things and organizations.