Data risk: five mistakes your organisation could be making

5 min read
Apr 16, 2024

In the fast-changing context of AI and other technological developments, it is becoming increasingly important for organisations to get a handle on their data management risks.

When approaching the issue of data risk, many organisations choose to focus their efforts on protecting privacy, preventing breaches and avoiding the misuse of information. Yet, underlying these priorities are a host of other, practical considerations. 
 
Recently, we facilitated a virtual collaborative meeting for risk leaders in our network to share their approaches to managing data risks. Based on the practical discussions that took place at the meeting, here are are five major gaps your company may need to fill.
 
Benchmark2
Participate in our upcoming data risk benchmark
We're continuing to support risk leaders in our network to leverage data to help the business make better strategic decisions with a brand new benchmark. Request to participate and get the benchmark report for free.
Request to participate

1. Overlooking the importance of data governance

If you really want to unlock the power of data, you need effective master data governance structures at the enterprise level. Otherwise you will never achieve integrated data analytics.
Untitled design (2)
CRO, ASX-listed technology company

Risk Leadership Network member

Risk leaders agree that governance of data structures within the organisation should be a priority for large companies, if they haven't implemented a process for this already.

Here are some steps you can take to implement governance around the business' data:

  • Identify your key data types (e.g., cost structures, organisational structures, locations, risk taxonomies)
  • Count how many versions there currently are of each
  • Establish a single source of truth for each data type (i.e., the 'master data').

Possible metrics:

  • number of master data types identified
  • single source master data established for each key data type (yes or no)


For a more in-depth analysis of the approaches your peers — CROs at large non-financial organisations in Europe, Oceania and MENA — are taking to leverage data help the business make better strategic decisions, participate in our data risk benchmark.


2. Inconsistent use of data across the business

Bite the bullet and get everyone to transition to the master source. Otherwise you will end up with a whole other industry translating between sources.
Untitled design (2)
Head of risk, privately-owned retail firm in MENA

Risk Leadership Network member

Identifying data types and deciding which version will be the "master" is just the beginning. The next crucial step is to drive adoption of that master source throughout the business. This will likely mean enacting changes in both technology and behaviours.

From a tech perspective, you may need to re-engineer data solutions, reporting feeds or other software to use the 'correct' data source or feed.

From a people perspective, you need to consider what data employees are using manually (and when), and get them to make the switch. This may mean updating documents like policies and processes, as well as updating training modules.

Possible metrics:

  • Single source master data adopted for all data types (yes or no)

3. Focusing too much on data completeness

It can be hard to anticipate in advance which data is going to deliver the most business value. Setting 'completeness' as a metric encourages you to make a list of data points and then work towards 'checking off' that list.

However, depending on where you are in your data maturity journey, this might not be ideal. This is because it can introduce bias or force your focus onto the wrong areas.

As you're monitoring 'completeness' people aren't really thinking about whether the information is useful. Everyone is just concentrating on ticking the box.
member
CRO, FTSE energy company

Risk Leadership Network member


Ultimately, if you're really confident about the data you need, focusing on completeness can be an effective approach. If you have to make up a list of data points though, in order to monitor completeness, you could be approaching the problem the wrong way round.

Possible metrics:

Metrics around quality and consistency (i.e. single source master data) may be better starting points. If considering data completeness, be sure about the value of that data.

 

Your questions answered

1. Where does this insight come from?
Recently, we facilitated a virtual collaborative meeting for our members who are focusing on data risk. These are just some of the key trends discussed at that meeting.

2. Why did you arrange the virtual meeting on data risk?
A number of our members raised data risk as a key priority this quarter. We arranged this meeting to help them share their approaches to data risk, as the first part of our bespoke solution for their priorities.

3. How do you ensure confidentiality in your collaborations?
All our virtual meetings takes place under the Chatham House rule. Participants are free to use the information received, but neither the identity nor the affiliation of the speaker(s), nor that of any other participant, may be revealed.

4. How else are you supporting members with data risk?
We're producing a bespoke benchmark to give members a clear picture of how their peers are leveraging data to help the business make better strategic decisions. Request to participate in the benchmark by 23rd April 2024. We're also facilitating 1-to-1 discussions for risk leaders to dig deep on specific issues with peers who are more mature in data risk. Take a look at our tailored approach to the risk priorities of our members, and book an introductory call

 


4. Too worried about high volume user adoption

Don't focus on volume for users; it only drives people who don't know what they are doing to waste their time generating inferior outcomes.
member
CRO, FTSE telco company

Risk Leadership Network member

Our members concur that a hundred people using data poorly is worth much less than five people doing it properly, especially if the former leaves the organisation drowning in data that has no strategic purpose.

Benchmark2
How are your peers leveraging data to manage risks?
Take part in our data risk benchmark and get the full report.
Participate in benchmark

 

A more important, foundational step is to encourage teams to consider how and why they want to use data. Thing about metrics that will encourage behaviours around strategic planning and longer-term learning. 

Possible metrics:

  • Number of data project plans developed
  • Number of data projects meeting proposed objectives

5. Confining privacy metrics to focus on breaches only

Data privacy is, of course, an increasing concern for all organisations, particularly those holding vast quantities of personal information. Breaches, however, are not the only concern.

You may also want to consider a metric around your use of data analytics and how that aligns with your customers' perceptions of their privacy.
member
CRO, large multi-national construction company

Risk Leadership Network member

In other words, it's not just about protecting data from bad agents. Customers also have expectations and comfort levels around how a company itself uses their data.

Businesses that don't monitor for this kind of privacy risk may find themselves faced with a raft of interconnected issues, such as declining customer trust, reputational damage and regulatory scrutiny.

Possible metrics:

  • Customer perception
  • Customer satisfaction
  • Amount of proactive regulator engagement

 


What's next?

A key learning shared by risk leaders in our network is that common perceptions around data management risks will be challenged in this evolving field; understanding where to focus efforts will be half the battle.

We'll continue to support risk leaders on data risk — and any other risk priorities they raise with us. To learn more about what we've got coming up, book an introductory call

Meanwhile, to participate in our upcoming data risk benchmark, fill in this form.

Get new posts by email