CEE findings from the Global Risk Survey

Business leaders globally—and particularly in Central and Eastern Europe—are aware their organisations face increasingly complex and interconnected risks. What’s less obvious is how to assess risk intelligently so that organisations can transform—and build resilience, create value and prosper during this time of uncertainty. 

PwC’s Global Risk Survey 2023 explores how leading organisations are changing the way they perceive risk by adopting a human-led and technology-powered mindset. For this year’s report, we surveyed 3,910 business and risk leaders—including 218 boardroom and C-suite respondents in the CEE region—from across tech, operations and finance, as well as risk and audit. CEE respondents are based in the Czech Republic, Hungary, Moldova, Poland, Romania and Slovakia, providing a truly regional view of risk and what matters to businesses both in CEE and globally.

Executives recognise that some external disruptors bring opportunities while others still pose more of a risk. The transition to new energy sources, cited by 43% of respondents in CEE (globally: 54%), is seen as the biggest opportunity among external disruptors. This is closely followed by changes in customer demand and preference (CEE: 40%; globally: 47%). However, supply chain disruption (42% globally and in CEE) and changes in regulation (CEE: 39%; globally: 28%) are the main external factors seen as more of a risk than an opportunity. 

Global analysis shows that the industry sector also has an impact on whether organisations sit at the value protection or value creation end of the risk appetite scale. Those in faster-moving sectors, such as retail and tech, are more likely to embrace risk and seek opportunity. Those in regulatory-driven sectors, such as government and pharmaceuticals, however, are more likely to prioritise compliance and focus on risk avoidance. Different functions within the organisation also have different perspectives on risk, with those in finance roles more likely than others to say their organisation is focused on risk avoidance over a high risk appetite.

Regulation is another external factor that influences the risk landscape. A raft of new regulations on emerging technologies have been introduced recently—with more in the pipeline—and this process will continue. CEE EU member countries must navigate a complex regulatory framework, with the EU's implementation of the Pillar Two tax rules, the EU AI Act, Foreign Subsidies Regulation, the NIS2 Cybersecurity Directive, the Digital Operational Resilience Act (DORA), the Cyber Resilience Act and more. Staying innovative and compliant is, therefore, more relevant than ever. 

Cyber and digital and technology risks rank high in executives’ threat landscape in CEE, with 29% and 20% respectively feeling extremely or highly exposed.

• These risks, however, are not putting organisations off investing in technology, with around half planning to invest in cybersecurity tools and AI, machine learning and automation technologies (CEE: 42%; globally: 51%).

• The main factor triggering a review of an organisation’s risk landscape is in preparation for technology investments.

• Technology disruptors are also much more likely to be seen as opportunities compared to other external non-tech disruptors, with 49% of CEE executives seeing generative AI  fully as an opportunity rather than something to be afraid of.

Only inflation and macroeconomic volatility rank higher than cyber (the top tech-related threat) in terms of the risks respondents feel most exposed to, while other digital and tech risks are on a par with geopolitical threats. As many as 29% and 20% of CEE executives respectively felt that they were extremely or highly exposed to cyber and digital risks (globally: 37% and 32%).

^{Q. How exposed do you believe your organisation will be to the following key threats in the next 12 months?}

There is a clear ambition among organisations to take a more tech-powered approach to risk, as seen by their intention to invest in AI, machine learning, and cybersecurity. Forward-thinking companies are already investing in AI-driven tools for better threat detection and response, thus using AI to stay ahead of threat actors.

This enthusiasm for GenAI echoes the Global Digital Trust Insights Survey. This survey found that 40% of CEE respondents plan to use generative artificial intelligence for cyber defence in the next 12 months. This jumps to nearly 65% across Europe.

• As many as 31% of CEE executives (globally: 40%) are very confident their organisation can balance growth with managing risk effectively, and a further 50% (globally: 51%) are somewhat confident.

• While global results show mixed views between economic buyer groups, with 50% of CEOs/board members ‘very confident’ compared to 34% of Operations and 30% of Audit leaders, we see far greater alignment in CEE (32%, 34% and 40% respectively).

• In CEE, as well as globally, there is a misalignment between CEOs and risk executives on the strategic value the risk function provides. CEOs are generally less likely to agree the risk function is demonstrating strategic behaviours, compared to how risk executives rate themselves.

Most organisations (CEE: 81%; globally: 91%) are confident they can balance growth ambitions with managing risk effectively. However, survey responses show differences in perceptions across different job roles and functions. Compared to risk executives, CEOs are less likely to agree the risk function is demonstrating behaviours such as bringing risk insights to the board for better oversight, guiding the business through complex change and challenging senior management. For example, 51% of risk executives in CEE say they are challenging senior management on strategy and risk appetite, whereas 33% of respondents from the CEO/Board level state that this is the case.

This leadership disconnect needs to be resolved if risk management is to amount to more than value protection and a reactive response to threats. Fostering greater collaboration between the risk function, leadership and the wider business and having more strategic conversations earlier in the process are key if organisations are to find opportunities where competitors only see risk. 

There's an opportunity for more targeted conversations between these groups on what's really valuable to the business and how to get some or more alignment on risk appetite. In other words, there are opportunities to demonstrate new ways to create value from risk.

This conclusion is echoed in PwC’s Global Internal Audit Study 2023. Our survey found that, in addition to better governance, more risk awareness, and stronger internal control, executives believe that a high-performing internal audit (IA) function can help to optimise business processes and systems. Well-deployed IA can also help instil confidence to make better and faster management decisions and to obtain trust from external stakeholders, including investors, regulators, and customers. When equipped with the right technology, vision and talent, IA's 'superpowers' can not only protect value but also create value by ensuring organisations can capture the upsides of risk.

Global analysis reveals a top performing 5% of organisations spread across all industry sectors—identified in the research as “Risk Pioneers”—who are forging ahead in the pursuit of opportunity. Underpinned by strategic enterprise-wide resilience and guided by a human-led, tech-powered approach, these pioneers are significantly more likely than other organisations to be upskilling internal teams. The pioneers are also likely to be making greater use of advanced analytics, predictive modelling, cybersecurity tools and cloud to navigate risk—and more likely to see emerging technologies such as GenAI as an opportunity rather than a risk.

This leading group is better aligning the navigation of risk with business strategy to achieve a greater range of outcomes and value—from more robust regulatory compliance and streamlined reporting to enhanced customer trust and identifying new commercial opportunities.

Notably, this group was also more likely to describe their risk appetite as “eager” or “hungry.” This clearly links to one of the underlying themes of the study—that companies need to approach risks intelligently to transform and thrive. 

Organisations can no longer afford to rely on a reactive approach to risk that focuses primarily on avoidance. According to the CEE edition of PwC’s Global CEO Survey, almost half (48%) of CEOs believe their company will no longer be economically viable over a decade from now if it continues on its current path. From climate and geopolitical risk to macroeconomic volatility and the disruptive power of technology, organisations, therefore, must change and reframe the way they see risk to build resilience and unlock opportunity. The ability to adapt and reinvent at pace amid this constant change and uncertainty is vital for survival and sustainable growth. 

PwC's Global Risk Survey 2023 reveals how leading organisations are changing the way they perceive risk by embracing the transformative power of technology and data. Technology and data-led solutions are playing an increasingly significant role in shaping organisations’ exposure to risk, their appetite for taking risk in pursuit of new opportunities and the tools they are using to mitigate it and build resilience.

Our survey highlights that, whilst CEE executives see technology investments as a trigger to review their organisations' risk exposure, technology disruptors were more likely to be seen as opportunities compared to other disruptors. Global analysis shows organisations that had been successful in changing their approach to risk and achieving better outcomes were almost three times as likely to be using the most current technology and data to navigate risk.

There is an ambition among most CEE organisations to take a more tech-powered approach to risk, which is demonstrated in their intention to invest in AI, machine learning, automation, cybersecurity and cloud. When this ambition is seen through the lens of value creation, this allows them to consider risk intelligently. This, in turn, helps them reinvent, transform and prosper in the face of today's complex and changing risk landscape.