The Risk of Risk Consultancy and the Need to Be Fully End-to-End Trust Management

The recent announcement by PwC to recruit 1000 Risk consultants (1) is typical where large factory oriented consultancies like PwC often recruit large numbers of people and there is often a high rate of change inside the organization as it chases the latest deals that are selling in the market.

The area of risk and cyber threats is particularly attractive to consultancies at the moment in three major trends requiring advisory support and solutions.

Firstly, the rapid increase in cyber attacks and the need for the board and organizations to invest better in protection and management systems.

Secondly there is an increasing demand for innovation and agile solutions from companies seeing new ways to compete in the market. Digital disruption is changing customer experience who are increasingly 24/7 and always online and mobile device and mobile apps connected. This is changing how and what companies need to have in place to deliver their products and services either direct or indirectly online and off line. Companies may not fully understand the changing risks and issues this new technology and customer behavior using these tech solutions will have on their business bottom line as well as how the risks and threats change.

Thirdly, this is driving the rise of what Gartner call, "bimodal IT" where there is the increasing use of agile innovative prototyping to and flexible customer and operating model solutions but at the same time there is the existing legacy systems and IT portfolio management that needs to be stable and managed. This creates a paradox in the need to change the IT while at the same time retaining a sense of control and robust delivery. This is further changing the risk profile of organizations and the need to navigate through enabling both worlds.

Consultancies have always operating in the risk advisory space but this is likely to evolve into becoming an integrated offering across all consulting services rather than and add-on called "digital trust" or something the actuaries and so-called Risk Partners offer as a due diligences oversight service. The more enlightened consulting offerings will need to work end-to-end and integrated with trust and cyber risk to deliver the Enterprise Risk Management ERM and the Security Information & Event Management SIEM services that are truly 21st century and fit for purpose.