Two-thirds of the Spanish firms which originally made up the Ibex 35 index in 1992 have disappeared. This shows the importance of having an integrated risks management strategy to create resilient companies capable of adapting to their surrounding conditions, according to experts at KPMG.
The partner responsible for Risk Consulting at KPMG in Europe, the Middle East and Africa, Pablo Bernad, explains that while a few years ago risk management was “an issue which was merely fulfilled,” in today’s world it’s a question of strategic survival which determines corporate success. “Either we deal with these risks and embark on new strategies or there will be no room for us in the market,” warns Bernad.
To implement an adequate risk management strategy, we need to look beyond the short-term, says José Luis Blasco, partner responsible for Governance, Risk and Compliance at KPMG Spain. He stresses that the traditional method for identifying risks no longer works as it uses the past to predict the future. In any event, he warns that over the last 20 years “there has been a brutal short-term indexation,” which means the average life of companies is decreasing.
The financial sector has been one which has suffered the most from the emergence of new risks and has had to adapt to this. Just a little over a decade ago, it was made up of over 50 entities in Spain, while now there is hardly even a dozen of them. The partner responsible for Financial Risks Management at KPMG Spain , Gonzalo Ruiz-Garma, explains that the models have changed and only the bigger institutions with a differentiated risks management strategy have survived. Whatsmore, they also have to deal with regulatory pressure and interest rates which, on some occasions, results in the banks approving operations without financial profitability.
As far as new risks are concerned, surveys carried out by KPMG reveal that for the last seven years, cyber attacks are amongst the ‘top 5’ most likely ones. This is a threat of which companies have been unaware until relatively recently, having been confined to technology firms and banks. According to data from the National Institute for Cybersecurity in Spain (Incibe in its Spanish acronym) there were 123,000 cybersecurity incidents in Spain in 2017. Of this total, 116,000 affected companies and citizens, while over 900 affected infrastructures and key operators.