U.S. Organizations Struggle to Manage Growing Risk and Resilience Challenges, According to Recent KPMG Survey

Key Takeaways

• Half of U.S. organizations are behind in integrating risk and resilience capabilities. Despite awareness, many still lack the necessary structures and accountabilities to address growing risks.
• Cybersecurity leads the list of concerns. 57% of leaders see it as the biggest challenge for the next five years, followed by data privacy and technology risks.
• Centralized risk structures are more successful. Those with centralized teams are more mature in their ability to handle disruptions, thanks to specialized tools and real-time data.
• Barriers persist. Organizations are still facing significant challenges like cultural resistance, lack of communication, and duplicated efforts, especially in decentralized structures.
• Advanced tools and analytics are key. Predictive insights and scenario analysis are crucial for organizations looking to stay ahead of rapidly changing risks.

Deep Dive

A recent survey from KPMG last month paints a sobering picture of the state of risk management in U.S. organizations. Despite heightened awareness of increasing risks and disruptions, more than half of U.S. organizations are still struggling to integrate proper risk and resilience capabilities. The survey, which gathered insights from 208 C-suite leaders, reveals that 52% of companies have not yet built the necessary organizational structures to effectively manage risk and resilience.

“The pace of change in today’s business environment is unlike anything we’ve seen before,” said Joey Gyengo, U.S. Enterprise Risk Management Solution Leader at KPMG LLP. “Leaders know they need to act, but as our survey shows, many organizations are still in the early stages of building resilience. Despite well-established risk identification programs, implementing true resilience remains a challenge.”

Gyengo emphasizes that the nature of today’s risks is fundamentally interconnected, meaning organizations can’t afford to think about risks in isolation. “The world we live in demands a broader approach. Risks don’t exist in silos—they’re all connected, and ignoring that can lead to major consequences.”

The survey results offer some familiar findings about the biggest concerns for U.S. businesses. Cybersecurity remains the number-one challenge, with 57% of respondents naming it as the primary risk to tackle over the next five years. Data privacy and technology risk follow closely, at 43% and 41%, respectively. These areas continue to dominate conversations about risk, especially as the digital landscape becomes more complicated and interconnected.

“To tackle these cross-functional challenges, businesses must do more than just patch holes,” Gyengo added. “They need to bring together a whole team—business, risk, operations, and technology leaders—all working in tandem to prepare for the unexpected.”

The Power of a Centralized Approach

Among the more promising findings, the survey points to a clear trend: organizations with centralized or coordinated risk management structures are better equipped to handle disruptions. About 48% of respondents reported having these structures in place. What’s more, half of these organizations update their resiliency plans annually, while 23% do so even more frequently.

“The takeaway here is simple,” said Tim Phelps, Risk Services Leader at KPMG. “Centralized risk and resilience teams tend to be more mature in their ability to handle disruptions. They’re more likely to use specialized tools, like governance, risk, and compliance (GRC) technologies, and advanced analytics. This gives them the confidence to face disruption head-on.”

For organizations with decentralized structures, the picture is less optimistic. While many are still using tools to monitor and manage risks, they’re not as prepared when it comes to making quick, informed decisions in the face of disruption.

The Secret to Building Resilience

As organizations seek to improve their ability to manage risk, the use of specialized tools is becoming more commonplace. The survey found that organizations with centralized risk management structures are significantly more likely to use GRC technologies, risk monitoring tools, and predictive analytics. These organizations are also more likely to have timely access to data, a crucial factor in responding quickly to risks.

“Predictive insights and advanced analytics are no longer nice-to-haves—they’re essential for staying ahead of the curve,” said Samantha Gloede, Trusted Leader at KPMG. “Organizations that are proactive in identifying vulnerabilities and addressing them before they escalate are the ones that are truly moving the needle.”

Despite these advances, many organizations still face significant barriers. Two-thirds to nearly three-quarters of respondents reported encountering obstacles like duplicative efforts (71%), cultural resistance (66%), and a lack of awareness or communication (72%).

Gyengo points out that these barriers are more common in organizations without centralized structures. “Centralized teams face fewer roadblocks because they’re working with a clear, integrated strategy. For organizations still in the early stages, these barriers can feel overwhelming.”

While organizations recognize the importance of managing risk and resilience, many are still struggling to turn awareness into action. As risks become more complex and interconnected, businesses must evolve their strategies, tools, and teams to stay ahead of the curve.

“Risk management today is no longer about simply ‘checking the box’ for compliance,” Gyengo concluded. “It’s about creating an agile, integrated strategy that helps organizations adapt, survive, and thrive, no matter what comes next.”

The GRC Report is your premier destination for the latest in governance, risk, and compliance news. As your reliable source for comprehensive coverage, we ensure you stay informed and ready to navigate the dynamic landscape of GRC. Beyond being a news source, the GRC Report represents a thriving community of professionals who, like you, are dedicated to GRC excellence. Explore our insightful articles and breaking news, and actively participate in the conversation to enhance your GRC journey.