The increased globalization of business has brought new opportunities, including lower production costs and a larger customer base. But internationalization also increases companies’ exposure to global risks. From environmental to economic to political, risks know no borders. An organization’s resilience depends heavily on the resilience of its suppliers and purchasers, whose supply chains can span multiple countries.
Overall, the number one risk in terms of impact on society is the failure of climate change mitigation and adaptation, according to the World Economic Forum’s Global Risk Report 2016. Weapons of mass destruction ranked second and water crises ranked third. Large-scale involuntary migration also rated among the top five for impact, as did severe energy price shock. Involuntary migration was named the most likely risk.
“Global risks are increasingly becoming more interconnected and that is having a profound effect on businesses and economies,” said Linda Conrad, director of strategic business risk management at Zurich Financial Services, which sponsored the report. Climate change, for example, is connected to a number of issues that could have universal impact, such as water and food availability. “You may think, I’m not a food or beverage company, so why does this matter? But even if you are not a beverage company, you need water for cooling of production sites and warehouses and for cooling of electronics—the cyber infrastructure relies on water.”
In the United States, the top risk concern was cyberattack, followed by data fraud or theft. This makes sense, since 87% of the U.S. population uses the internet and the country ranks second globally for online business-to-consumer transactions. As a result, cyberrisks are considered one of the most important business threats.
Political risk is also high on the list of international concerns. Key issues include failure of government, interstate conflict, large-scale terrorist attacks and weapons of mass destruction. “It’s really come to the forefront in the last two years,” Conrad said. “Prior to that, the Global Risk Report’s top issues had been financial because we were in a recession. But for the last two years it’s been geopolitical, including this year’s mass migration.”
This increased concern about geopolitical risks is illustrated by the recent increase in terrorist attacks. “From 2014, the total number of deaths from terrorism increased by 80%,” she said. “It’s the largest increase in 15 years, since the World Trade Center attack.”
Because of this heightened political risk climate, Conrad said that major concerns include riots halting production for a company or its supplier, the imposition of capital controls that prevent currency exchange and conversion, or governments suddenly canceling projects, revoking licenses or expropriating assets.
Proactive adjustments need to be made to operations and long-term strategies, the report shows. These issues also need to come to the attention of senior management and the board, which should be talking about the risk agenda. “It’s a call to a holistic or ERM approach because not only does profitability need to be protected, but also reputation,” Conrad said.
Executives and boards should be asking about adequacy of coverage for their political and supply chain risks. In the report, executives in 14 countries saw failure of national governance as the highest risk to doing business. “Geopolitical risk is tied to large-scale involuntary migrations as well as water crisis, cyberattacks and profound social instability,” she said. These risks can threaten companies’ very existence as they can face dangers not just where they operate, but where they sell and where they buy.
Heightened by the cascading impact, “these risk issues seem to be seeping deeper into our psyche,” she said. “People are more aware, but it’s not enough to just be aware, this needs to surface in our strategy—it’s time to respond and build resiliency.” The report calls for clear thinking about new ways to enable a wide range of stakeholders to jointly address global risks.
Conrad recommends scenario planning to identify links between the issues and business operations and long-term strategy. Once that is completed, the next step is stress testing. “It can be a desktop scenario: ‘We purchase from China, what if the Chinese government shuts down operations there?’ Or looking at a scenario like the floods in Thailand a few years ago, when more than 50% of the hard disk drives were not able to get into the supply chain, and asking what steps can be taken now to avoid the impact,” she said.
Scenario planning often reveals that the cost of recovery is frequently underestimated by four to 10 times. “Medium-sized companies really need to pay attention because they have less of a cash-flow cushion than larger ones,” she said.
While examining these risks, it is also important to look for opportunities. For example, a company moved some of its operations to India to take advantage of lower costs only to see its carbon footprint go up because of India’s comparatively lax environmental standards, Conrad said. They were able to split their operations and move some of it back to the United States where there is greener energy. “In the process, they ended up developing a new product that would allow the two areas to link from a cyber perspective,” she said. “They ended up increasing their efficiency, lowering costs and lowering their carbon footprint overall simply because they were looking for an opportunity in all that.”