Swiss companies with need for action in risk management
Recent cyber attacks have highlighted the vulnerability of SMEs to criminal activities on the internet. Digitalisation is forcing companies to increasingly deal with cyber risks. But despite a pronounced risk awareness in Switzerland, there is room for improvement, according to a new study.
Many SMEs are not yet up to professional risk management. The Funk Group, a broker specialising in risk and insurance management, has conducted a study to find out what Swiss SMEs think about risk management. The basis of the publication "Risk Management - More Effort or More Value?", which has just been published, is a broad survey conducted in 2015 with around 200 companies from 16 different sectors.
Companies from industry and the health and social services sectors are particularly well represented, which suggests a high level of awareness of the problem. However, it is not enough for companies to be aware of their risks. This is only the first step towards systematic risk management. And in this respect, the study reveals some significant gaps. The most important findings are:
Overall risk largely unknown
The majority of the companies surveyed (88%) do not calculate the overall risk position at all or do so using inappropriate methods. This endangers their existence if the effective total risk exceeds their risk-bearing capacity (risk capital, equity and liquidity). On the other hand, a company could hold too much risk capital due to its ignorance of its overall risk instead of using it productively.
The best remedy here would be a simulation model to determine the overall risk position. This would allow the risk capacity to be adjusted to the actual risk position.
Risk management is underestimated
Risk management aims to define suitable measures for the identified and assessed risks, to implement them effectively and to review and evaluate their effectiveness against the background of the objectives set.
Surprisingly, around a third of the companies surveyed in the study do not meet this obvious requirement. Yet targeted risk management demonstrably pays off. This increases risk awareness among employees, which has an overall risk-reducing effect.
The study also shows that risk management creates added value and requires less effort than is commonly assumed. Two-thirds confirmed that systematic risk management brings a lot of benefits to their company. The proportion of those for whom the resources required for risk management are limited is even greater.
While 80 percent of the respondents do not see the effort involved as an obstacle to systematic risk management, only 20 percent stated that their risk management takes up too many resources. Not surprisingly, but nevertheless remarkable: If risk management is introduced for extrinsic reasons or constraints - especially due to customer requirements - it adds significantly less value than if a company takes care of an up-to-date risk management system on its own initiative.
Max Keller, head of the study, says: "Even though many companies operate risk management at a solid level, there is room for improvement. The requirements in this area have also been steadily increasing. Recent cyber attacks have clearly shown us the vulnerability of companies in this area.
In light of the fact that digitalization continues to advance in large and rapid steps, companies should pay more attention to comprehensive risk management."
More information about the Funk studies
