Top Ten Technology Risks for 2021

The United States has been dealing with the Covid-19 pandemic for about a year. In February/March 2020, many organizations sent most or all employees to work from home due the pandemic. It has been a year of disruption and change in how we work, and a year of increased risk to organizations as a whole, including technology-driven risk.

In the fall of 2020, ISACA and Protiviti conducted a global survey of almost 7,500 IT audit and risk leaders and professionals to gain their insight on some of the biggest technology risks their organizations will face in 2021. The organizations surveyed were broken into two groups: digital leaders and other organizations. Digital leaders were identified as organizations who claim to either have a proven track record of adopting emerging technologies or disrupting traditional business models; have digital aspects of strategic plans in place that are managed quantitatively or continuously improving; and have enabled high levels of process optimization or innovative and disruptive technologies.

The top 10 technology risks for 2021 were identified as:

  1. Cyber Breach
  2. Confidentiality and Privacy
  3. Regulatory Compliance
  4. User Access
  5. Security Incident Management
  6. Disaster Recovery
  7. Data Governance
  8. Third-Party Risk
  9. Remote Workplace Infrastructure
  10. Availability Risk

The top 10 list of risks is similar for both digital leaders and the other organizations. The biggest discrepancy is regarding cloud strategy and adoption. While digital leaders are highly concerned with this, other organizations are not. This stems from digital leaders moving more processes and systems into the cloud and preparing for the future. It should come as no surprise that there are inherent risks any time you introduce new technology solutions. With this, cyber breach is the top technology risk for 2021, so identifying the risk of exposure remains ever so critical. In a year where the majority of office workers may continue to work from home, it remains critical for organizations to continuously assess, monitor and effectively manage technology risks.

Risk Assessment Frequency

Assessing risk is a very important part of any organization’s security, especially in today’s technology-driven work environment and in the midst of a pandemic. Of the organizations surveyed, 92% claim to assess technology risk in some capacity. The frequency of risk assessments depends on the type of organization. 49% of organizations who claimed to be digital leaders identify and assess technology risk on a continual basis (more than monthly). Only 24% of other organizations continually identify and assess technology risk. 41% of other organizations (not digital leaders) identify and assess technology risk on an annual basis.

As expected, some organizations are beginning to adjust how often they are assessing risk due the challenges of the pandemic. Of the organizations who completed risk assessments, at least a third (41% of digital leaders and 34% of other organizations) claim that pandemic-related disruptions and changes have caused them to adjust the nature or frequency of technology risk assessments.

Managing Risk

Of all industries and regions, Cyber Breach was either the first or a top 3 technology risk identified.  Confidentiality and Privacy, Third-Party Risk and Security Incidents all were near the top as well. Organizations need to be able to manage and assess risk in order to protect client, employee and third-party data. All organizations should conduct a technology risk assessment on at least an annual basis or more frequently as their technology landscape changes or new systems are introduced. As evident in the survey results, these assessments are starting to occur more frequently for more technology-focused and technology-reliant organizations.

How Can Schneider Downs Help?

Schneider Downs IT Risk Advisory practice can help conduct an organization’s technology risk assessment and assist in performing third-party risk management, as well as perform privacy assessments such as GDPR compliance and gap assessments. Schneider Downs Cybersecurity team can help with preventing and responding to cyber breaches and incidents. To learn more about our Risk Advisory and Cybersecurity services please visit and

If you specific questions please feel free to contact the team at [email protected]

You’ve heard our thoughts… We’d like to hear yours

The Schneider Downs Our Thoughts On blog exists to create a dialogue on issues that are important to organizations and individuals. While we enjoy sharing our ideas and insights, we’re especially interested in what you may have to say. If you have a question or a comment about this article – or any article from the Our Thoughts On blog – we hope you’ll share it with us. After all, a dialogue is an exchange of ideas, and we’d like to hear from you. Email us at [email protected].

Material discussed is meant for informational purposes only, and it is not to be construed as investment, tax, or legal advice. Please note that individual situations can vary. Therefore, this information should be relied upon when coordinated with individual professional advice.

© 2022 Schneider Downs. All rights-reserved. All content on this site is property of Schneider Downs unless otherwise noted and should not be used without written permission.

our thoughts on
The Top Ten Most Common Passwords of 2022
Shared Assessment SIG Questionnaire – What’s New for 2023?
Buyer Beware: Five Common Holiday Scams of 2022
New Phishing Scam Targets Verified Twitter Accounts
Cybersecurity Awareness Month is Over… Now What?
The Latest on the CommonSpirit Health Ransomware Attack
Register to receive our weekly newsletter with our most recent columns and insights.
Have a question? Ask us!

We’d love to hear from you. Drop us a note, and we’ll respond to you as quickly as possible.

Ask us
contact us

This site uses cookies to ensure that we give you the best user experience. Cookies assist in navigation, analyzing traffic and in our marketing efforts as described in our Privacy Policy.