London: A new report from Source Information Services (Source) says that the global market for risk consulting has risen by over $1bn (9 per cent) to just under $14bn in 2014. Work in financial services dominates the market, accounting for 35 per cent ($5bn).
The report says that although regulation and compliance work has been the driver of most of the growth to date, cybersecurity is set to have a significant impact in the near future.
Big Four firms carry out the majority of global risk consulting, accounting for 61 per cent. However, Source warns that they may be set to miss out on the next stage of growth if they don't react to the growing demand for cybersecurity expertise.
Dr Fiona Czerniawska, founder of Source, and author of the report, said: "Big Four firms aren't seen by clients to have the specialist expertise required to capitalise on this wave of increased investment in cyber security. These firms now have a limited window of opportunity to either recruit or acquire organisations with these skills."
"Despite recent growth, the global risk consulting market is at a crossroads. Our research shows increasing polarisation between 'low cost' and 'high value' parts of the market will create new challenges for consulting firms across the board."
Regulatory-related risk consulting work falls into the low-value part of the market. There will be exceptions, a new regulation, focus, or issue, but by and large this work is familiar to clients. As a result, clients turn to consultants for cost-effective support when they can't handle the workload themselves. While Source's research suggests that the management activity and investment is fairly evenly split between compliance and more strategic work, the clients questioned said they were more likely to rely on consulting support for the latter.
By contrast, cyber risk falls into the high-value end of the market. Source's research explains it's relatively new territory for most organisations, and success here is going to depend on a consultant firm's depth of expertise, not on the number of people you can deploy. The consulting market for cyber risk is smaller than that for regulatory-related work, but Source's evidence suggests that this is going to grow more quickly. Not necessarily because organisations are doing more, but because they're more reliant on consultants to help them.
Risk-related initiatives are on the up...
The proportion of organisations (most of which are very large and international) that say they either already have existing risk-related initiatives and/or are planning new ones has been rising steadily. Two years ago, over two thirds (68 per cent) of organisations said this was the case, the majority of which were in the financial services sector. The equivalent figure today is 85 per cent, a proportion that's now fairly consistent across all industries.
The increasing number of risk-related initiatives has led to a dramatic rise in the use of consultants. The report states that in 2013, just 27 per cent of organisations said that their investment in risk-related areas would drive up their use of consultants. Today, it's almost doubled to 50 per cent. This trend holds across most parts of the private sector, however public sector managers are still very much focused on saving money and so are more likely to rely on their own, in-house resources to do this type of work.
Dr Czerniawska concluded: "What all of these developments are pointing to is two distinct markets for risk consulting. There are plenty of firms at the moment that think that it's possible to play in both: we suspect they may have to choose."