The Quest for Global Risk Agility
Man-made risks, such as cyberrisk, physical security threats and climate change—are the driving forces in the global threat landscape. Unlike natural risk, which remains a central preoccupation, man-made risks have agency. Simply put, a tornado does not pre-plan where and who it will strike. A cyberattack, by contrast, is generally not a random event. While large organizations can often shield themselves from the financial consequences of many risks, the ensuing reputational harm can irrecoverably erode market share and stakeholder trust. Small- to mid-sized enterprises confront these challenges as an existential threat.
The quest for global risk agility is principally a management framework aimed at changing the way organizations and senior leaders think about risk. Rather than making risk an object of “passive control” and something to be feared, agile decision makers make risk an object to be understood—with a healthy dose of respect—and properly harnessed. There is a risk in doing nothing at all in these turbulent times. Organizations, large or small, can no longer afford to remain on the sidelines.
Organizations tend to be far too passive vis-à-vis their approach to risk management. Risk does not wait for a board to have a quorum among its members before it strikes. Risk also does not recognize the annual planning, strategy or budgetary cycles that are the drumbeat of large enterprises. Too few of these organizations—particularly publicly-listed firms—are marching to the drumbeat and, therefore the short-termism, of the stock market. In the era of man-made risks, decisions need to be framed around longevity and optimization, as opposed to short-term performance and maximization. It is only through this that organizational resilience and a spirit of collective survival will take hold.
The best place to start is to create greater awareness of man-made risk in the context of global risk analysis. Too often, boards and senior decision-makers do not know what questions they should ask of each other, or necessarily where to obtain the right answers. This reality is confounded by the individual silos or domains over which senior leaders reign, largely in indifference to and with independence from their colleagues in the C-suite. The first step is to acknowledge that they may not have all the answers, particularly within the context of long-range planning. It is every global firm’s duty and obligation to develop their own “foreign policy” with respect to operating in international markets. Of course, this also applies to operating domestically, where a rare breed of organization puts its value systems front and center in all decisions, large or small.
Businesses will never be outside the reach of controllable and uncontrollable risk—all they can do is attempt to manage them in a reasonable and effective fashion. In the era of man-made risk, which often clashes with natural risk, many firms need to greatly strengthen their organizational resilience and risk management procedures, or to consider getting into another line of business in another location. Some prime examples are those firms with high profiles and/or a lot of money (that may attract the attention of cybercriminals), those that operate in strategic sectors (that may attract the attention of nationalistic governments), and those located in flood-prone areas or that function in areas of the world particularly prone to terrorism. The intersection between man-made and natural risk will only grow with time, with increasingly profound potential implications.
If 2016 was the year of cyberrisk maturity in that there is not an organization in advanced markets that is not sensitized to their exposure, 2017 will be the year of decision opacity. In other words, decision-makers from large and small enterprises, and across sectors, will be confounded by a world that is increasingly difficult to read and, therefore, to make long-range plans for inventory, investments, hiring and market expansion. Risk can be measured, but uncertainty cannot: Uncertainty creates bank runs, erodes consumer and investor confidence and trust in counterparties and institutions. 2017 will mark a year of intense uncertainty. Those firms already seeking global risk agility—and actively devoting resources to and making decisions consistent with that objective—stand the best chance of actually achieving organizational resilience in the face of such uncertainty.