Top Risks Facing Technology, Media and Communications Organizations

In an era marked by unprecedented digital transformation and easy access to funding, the technology, media and communications industry has witnessed a whirlwind of change and innovation. The COVID-19 pandemic catalyzed the adoption of new technologies, altered consumer behaviors and intensified regulatory scrutiny. More companies have based their core business operations on technology, running on digital platforms that are interconnected with other companies and services. Companies have taken advantage of this interconnected ecosystem to develop more complex solutions, leveraging technologies such as artificial intelligence (AI), the Internet of Things and 5G to enhance their products and services. In addition, companies now have access to vast amounts of personal data, creating the opportunity for more personalized and targeted marketing strategies.

Despite robust growth and technological advancements in prior years, the technology, media and communications industry is facing inflationary headwinds and the related slowing of the economy. The market outlook seems to indicate only modest improvement after the prior year’s lack of performance. The tech industry has struggled with investors and venture capitalists, and many start-ups held back on IPOs in the first half of 2023. With a much more limited funding environment, tech start-ups are being cautious with spending, neither making huge investments nor taking bold steps.

Current Risks

The industry’s top 10 current risks can be grouped into three broad categories: people-related risks, risks to core business operations and balance-sheet considerations.

Top 10 Current Risks

1. Cyber Attack or Data Breach
2. Failure to Attract or Retain Top Talent
3. Tech or System Failure
4. Economic Slowdown or Slow Recovery
5. Failure to Innovate or Meet Customer Needs
6. Business Interruption
7. Increasing Competition
8. Data Privacy (including GDPR) Requirements or Non-Compliance
9. Regulatory or Legislative Changes
10. Damage to Brand or Reputation

The first group of top risks concerns the technology, media and communications sector’s struggle to attract and retain the talent that it needs to ensure it can maintain the rapid innovation required in this sector: failure to attract or retain top talent (ranked number two) and failure to innovate or meet customer needs (number five). The high level of demand for professionals in this industry, paired with an increasing shortage of top talent, makes this risk one of the biggest challenges facing the industry. In a recent MIT Technology Review Insights poll of tech company leaders worldwide, 56 percent cited the shortage of tech talent as a concern, and 64 percent indicated that candidates for their open IT and tech roles lacked the skills or experience needed.

The main contrast between our survey results from 2021 and 2023 is that talent shortages in 2021 were largely due to COVID-19 and travel restrictions, while in 2023 the focus shifted to a gap in specific talent as technology, media and communications companies compete with other industries for computer systems analysts, network and electrical engineers, data scientists, software developers and QA analysts and testers. Even with global tech layoffs prompted by the economic slowdown in early 2023, companies have still struggled to find and keep the talent they need to remain competitive.

The lack of available talent ties into the second group of top risks, which pertains to the core business and the imperative of ensuring its smooth operation. Technology, media and communications companies are concerned with avoiding a cyber attack or data breach (number one), tech or system failure (number three) and their potential consequences: business interruption (number six) and damage to brand or reputation (number 10). With deeper digital interconnectivity and extensive collection of data come increased digital-infrastructure vulnerability and concerns about privacy and security. The high-profile data breach of Optus in September 2022 and the resulting class-action lawsuit are stark reminders that even relatively unsophisticated attacks can expose 10 million customers’ data. 

Connected to cyber challenges are tech or system failure and business interruption. The inclusion of these risks in the top 10 speaks to the inherent unpredictability of technology as a primary concern that underpins all businesses. Without seamless continuity, some companies may be unable to operate. The fear of tech or system failure is all too real, especially in light of high-profile and lengthy service recoveries that were likely on survey respondents’ minds. For example, a fire at a main data center in October 2022 caused massive disruption throughout South Korea; it took four days to repair servers and normalize operations. The problem of cloud service outage is also on the rise, with several large technology companies suffering major cloud service disruptions in 2023 that affected thousands of businesses and individuals.

In addition to outages, damage to brand or reputation has been linked to several factors that affect public perception of companies in the technology, media and communications sector. Companies’ responses to the pandemic — such as their own vaccination and remote-work policies, their capacity to manage businesses’ and individuals’ increased reliance on technology, sharing links to government websites for information on vaccinations and treatments, and their decisions to allow or restrict alternative viewpoints on their platforms — were a source of considerable public debate and, consequently, reputational risk. Companies’ partnerships with social media influencers can also expose them to reputational risk, as can changes in their own leadership.

The third and final group of top current risks comprises external risks such as economic slowdown or slow recovery (number four), increasing competition (number seven), data privacy (including the General Data Protection Regulation, or GDPR) requirements or noncompliance (number eight) and regulatory or legislative changes (number nine). As tech companies adjust to a global market slowdown, reallocating their budgets to maximize profitability and streamlining their operations, new companies add complexity to the competitive landscape by introducing technological advances and new business models. 

While companies adapt to competitive and economic uncertainties, they must also navigate compliance in an evolving regulatory landscape. In the U.S., ongoing legal ambiguity and political debate surround the administration and enforcement of Section 230 of the 1996 Communications Decency Act as well as pending legislation governing the use of AI. In the EU, companies can face stiff fines for violating data privacy rules under the GDPR. 

UK Prime Minister Rishi Sunak convened an international summit on AI safety in November 2023 at which representatives from several countries signed a joint agreement to develop a common framework for identifying and mitigating AI risks. This summit took place mere days after U.S. President Joseph Biden issued an executive order establishing standards for AI safety and security as well as protections for privacy, equity and civil rights, while offering a framework for using AI to promote innovation and make the U.S. more competitive in the space. Meanwhile, legislation to regulate AI has been making its way through the U.S. Congress.

Underrated Risks

Supply chain and distribution disruption, which did not make the industry’s top 10 current or future risk list, stands out as an underrated risk in the sector. As the global technology production model shifts from offshoring to nearshoring, companies are diversifying their locations for increased profitability, especially benefiting regions such as Latin America. However, this transition poses unforeseen challenges as companies adapt their production models to new locations, including key factors such as security, interconnectivity and resource availability.

Political risk, which also failed to make the top 10, could significantly affect a substantial portion of the industry. This is exemplified by actions such as the U.S. banning exports of silicon chips to China and China imposing export bans on critical materials for chip production. Furthermore, heightened competition in AI between the two countries and continued restrictions on Chinese companies in the U.S. (such as bans on apps including TikTok) highlight the significance of political factors that tend to receive less attention.

Underrated risks for the industry also include climate and environmental concerns, which failed to make the top 10 risk lists. Climate volatility increases property risks for tech companies with extensive infrastructure exposure, including telecommunications firms, data centers, semiconductor manufacturers and e-commerce warehouses. These underrated operational risks, such as data-center disruptions caused by heat waves, highlight the vulnerability of the tech industry to environmental changes. Additionally, there’s a growing focus on demonstrating support for environmental sustainability, accompanied by the risk of brand reputation damage for those failing to show leadership on sustainability or perceived to be engaging in greenwashing practices.

Future Risks

When we compare the top 10 current risks with the future top 10, we see that cyber attack or data breach and failure to attract or retain top talent remain the number one and two concerns, respectively, for companies in the technology, media and communications industry. The persistent high ranking of these risks underscores the critical need to address these issues effectively to sustain the rapid growth of such companies. And the rapid ascent of AI technology will only increase cyber risk.

Top 10 Future Risks

1. Cyber Attack or Data Breach
2. Failure to Attract or Retain Top Talent
3. Economic Slowdown or Slow Recovery
4. Artificial Intelligence (AI)
5. Rapidly Changing Market Trends
6. Regulatory or Legislative Changes
7. Failure to Innovate or Meet Customer Needs
8. Data Privacy (including GDPR) Requirements or Non-Compliance
9. Increasing Competition
10. Tech or System Failure

However, two new risks have appeared on the future top 10 list: artificial intelligence (number four) and rapidly changing market trends (number five). In our 2021 survey, participants pointed to disruptive technology as a top future risk; AI appears to be the technology they now recognize as disruptive. The technology, media and communications industry understands that AI is reshaping products, solutions and even the way that companies operate. Most companies in the industry are already integrating AI capabilities into their operative models, such as using chatbots in their support channels. Nevertheless, the most disruptive applications are still under development and need support from other technologies to be fully deployed. Indeed, over the next few years, many of generative AI use cases will be crystallized, and AI will accelerate other technological advancements in healthcare, manufacturing, automotive and more. Companies that can swiftly innovate and effectively integrate AI stand to reap substantial returns on investment, while those who lag behind may find themselves at a competitive disadvantage. In the race to adopt AI, respondents appear focused on the need to establish proper risk frameworks and processes.

The risk of rapidly changing market trends is a top agenda item for most boards in the industry and is closely tied to failure to innovate or meet customer needs (number seven). In the case of technology, media and communications companies, properly monitoring the market to track and even anticipate trends is imperative. The focus of this monitoring should include not just incumbent players but also the disrupters from other sectors that may have a competitive edge.

How Can Technology, Media and Communications Organizations Mitigate These Risks Effectively?

We encourage companies to expedite R&D and product launches to succeed in a rapidly evolving tech environment. However, neglecting risk is not the solution. Tech firms should establish innovation-friendly risk management structures. Collaborating with knowledgeable insurance brokers and risk consultants is essential to secure fair insurance capacity. For those adopting new tech, creating risk management frameworks and sandbox environments for safer risk assessment is crucial. Addressing human resource impacts and providing clear communication outlining future plans is essential. And anticipating and proactively addressing regulatory challenges, aligning common interests and cooperating when possible is advisable.

Organizations should quantify their cyber exposure using insurance and risk mitigation to protect critical digital assets such as customer and financial data and minimize business interruption. Regular reviews and continuous improvement are vital due to the evolving nature of this risk. Companies must carefully evaluate and manage AI usage to contain cyber exposure, with board oversight on AI-related cyber risks. Insurance shouldn’t be overlooked; it should be adjusted to match exposure and risk tolerance. Optimizing insurance spending by consolidating brokers and programs can lower costs. Whether innovating internally or investing in others, safeguarding valuable IP through IP protection and talent retention is essential.

Organizations should develop a strong employee value proposition to attract and engage talent, incorporating healthcare and wellbeing measures. The key is not to lower hiring expectations but to hire, motivate and retain high-caliber talent in the most cost-effective manner. Highly sought-after talent such as specialists in software engineering, data and UI/UX should be prioritized.

AI can help address talent shortages by automating tasks, but it also requires careful planning for skill shifts, acquisition, retention and reskilling. Leadership oversight is essential in avoiding errors and regulatory scrutiny. For companies heavily reliant on specific talent, anticipating future needs, fostering diversity and tailoring benefits is crucial.

Companies should conduct a comprehensive review of digital infrastructure exposure, identifying potential risks across various aspects such as applications and billing. Following the review, they should manage these risks through recovery plans, supplier diversification and advanced failure-detection tools. Additionally, companies should establish crisis plans to prepare for financial, communication and recovery contingencies.

General Disclaimer
This document is not intended to address any specific situation or to provide legal, regulatory, financial, or other advice. While care has been taken in the production of this document, Aon does not warrant, represent, or guarantee the accuracy, adequacy, completeness or fitness for any purpose of the document or any part of it and can accept no liability for any loss caused by reliance on it. Any recipient shall be responsible for the use to which it puts this document. This document has been compiled using information available to us up to its date of publication and is subject to any qualifications made in the document.