A network view of the top risks in 2017

Risk.net published yesterday the results of its top risks survey for 2017. Compared to 2016, geopolitical risks comprising mostly the worries and threats felt following the yes referendum to Brexit and the election of Donald Trump is the big entry of the year in fourth position, whilst Cyber risk remains unsurprisingly in pole position and the risk of physical attacks, last year referred to as terrorism risk, sadly confirms its place within the top ten concerns of the year to come.

Interesting findings come up when we start representing these risks into a network rather than a list: when highlighting the possible causal relationship between them, such as in the picture of these blog, it appears that:

  • Geopolitical risk possibly drives, or at least exacerbates, five other top risks, either directly or indirectly: organisational change, outsourcing, IT failures, cyber attack and data protection, and physical attacks. This preliminary result calls for the necessity for firms and CROs to watch carefully their political and business environment, given their multiple repercussions within the organisation. Geopolitical risk is a serious candidate for the large emerging risk of the coming years in the G8.


  • Cyber risks, the most common cited top risk over the recent year, appears to be caused, or worsened, by many other top risks, as varied as physical attack, organisational change, outsourcing or fraud. This result highlights the importance of treating data protection and cyber security also as a consequence of good – or bad – holistic risk management throughout the firm.


  • The network in the picture is essentially split in two poles: the geopolitical and organisational pole (in orange and purple) and the regulatory pole (in blue). It is as if the sanctions concerns is generated by the regulatory changes but somewhat isolated from the “real” risks faced by organisations due to a changing world. Only internal fraud, a new top risk in the 2017 list, constitutes a link between the two clusters.

This diagram is my own, based on my personal opinion and experience working in risk management in the financial sector for over 15 years. Others will have other judgments. However, what this is approach highlight, is the benefit of representing a risk register as a network rather than a list, to highlight their connectivity and prioritise mitigation.

Full survey on: