Last month, I wrote about the risk events that threatened supply chains in 2024, as described in Sphera’s annual Supply Chain Risk Report. As our Supply Chain Transparency team was launching that report, our Operational Risk Management experts were outlining the operational risks that companies should be watching for this year. Here are a few of the risks they identified.
Cybersecurity threats
Cybersecurity threats loom large among this year’s operational risks. These events can bring operations to a standstill, result in the loss of critical data — which can include customer data — and carry significant financial and legal implications. Reputational harm can easily follow.
The 2018 British Airways data breach illustrates how severe cybersecurity incidents can be. In this event, hackers stole data that included the names, addresses, emails and credit card details of as many as 500,000 customers.
But there’s more than data at risk. Less than one month ago, the FBI warned of hackers targeting critical U.S. infrastructure, which could include water treatment plants, oil and natural gas pipelines or the electric grid.
Economic volatility
Over the past few years, inflation and geopolitical tensions have created economic instability in global markets. The uncertainty continues this year due to tariffs imposed by the U.S. and reciprocal action threatened by its trading partners.
Last year, CEOs surveyed by Gartner Research highlighted persistent inflation as a concern. Sixty-one percent noted higher prices and low economic growth as challenges. And though the IMF predicts a decline in global headline inflation in 2025 and 2026, we are seeing increased inflation in the U.S. and U.K. at the moment.
Digital resistance
In a world that is increasingly reliant on technology, “digital resistance” might strike you as puzzling. But there will always be a tendency for individuals and organizations to resist new ways of doing things, even when those ways promise new efficiencies and benefits.
For years, our annual Process Safety Report has cited a gap between companies’ process safety goals and the reality of process safety as experienced by their employees. Several factors can be at fault, and a reluctance to deploy today’s digital platforms and tools is among them.
Organizations have typically relied on a range of manual tools and disparate systems to manage process safety. But technological advances have resulted in platforms that enable greater safety and productivity on the floor, along the pipeline and in the mine. They provide greater visibility, help managers connect the dots and facilitate better decision-making. Resistance to these innovations translates into unnecessary risk.
Regulatory compliance issues
As we’ve noted, regulatory compliance has grown as a risk factor thanks to regulations such as the EU’s Corporate Sustainability Reporting Directive (CSRD) and Corporate Sustainability Due Diligence Directive (CSDDD). They require in-scope companies to report environmental and social metrics and to conduct due diligence around environmental and social matters. Businesses may face penalties and fines for noncompliance. Additionally, failure to address negative environmental impacts or labor violations — even if they are hidden in the supply chain — will bring the kind of attention that no business wants.
Businesses typically mention data-related challenges first when identifying the causes of their compliance headaches. A broad range of topics must be covered, and the data is often siloed. But software solutions can minimize or even eliminate these issues. With the CSRD including an assurance component, the sooner businesses address their data challenges, the better.
Managing risk
These are just a few of the operational risks we’ve outlined for 2025. Learn about the others by visiting our blog. But don’t just read about them. Prepare for them. What can you do to reinforce data security? Are you set up for regulatory reporting or still struggling to get there? Are you waiting for the right time to roll out a technology upgrade? Don’t wait. Because there’s never a wrong time to take proactive steps toward business stability and security.
— Paul
