3 minute read


In life, there are certainties like death and taxes, but there’s one more constant: risk. The COVID-19 pandemic starkly reminded us of this fact as we grappled with evaluating and reevaluating personal risks with each wave of the pandemic. Businesses face similar challenges, and their ability to manage and mitigate risk plays a crucial role in their success.

This post is part of a series. The link for the part II can be found here.

The Origins of Business Risk

Businesses encounter risk from both external and internal sources. External factors like inflation, supply chain disruptions, geopolitical shifts, climate-related disasters, competition, reputation issues, and cyberattacks can significantly impact an organization’s plans. Internally, poor leadership decisions or unauthorized disclosures of sensitive information can also pose risks. Yet, perhaps the most dangerous risk is missing opportunities for innovation and growth.

The modern era is marked by frequent shocks related to socioeconomic, economic, and climate factors. In 2019 alone, there were 40 weather-related disasters causing over $1 billion in damages each. To stay competitive, organizations must adopt flexible risk management strategies, which involve forecasting new threats, recognizing shifts in existing threats, and forming comprehensive response plans. While there’s no magic formula to navigate crises, a well-structured risk management strategy can shield an organization from critical disruptions.

Understanding Risk Management

Risk management involves identifying, handling, and mitigating threats through various approaches and activities. After recognizing a risk, organizations develop measures to reduce its potential impact. While eliminating risk is ideal, other methods include loss mitigation (like insurance) and redundancy (using backup systems to prevent data loss during outages).

The Three Key Elements of a Comprehensive Risk Management Strategy

A proactive risk management plan comprises three critical components:

1. Detecting Risks and Addressing Vulnerabilities

Organizations must maintain a proactive stance by analyzing how risks might evolve over time, handling systemic risks, and identifying new risks that may emerge.

2. Evaluating Risk Tolerance

Companies should define risk tolerance levels that align with their values, strategies, capabilities, and competitive landscapes. This involves reassessing risk profiles, rejecting some risks unequivocally, and considering the effectiveness of control mechanisms.

3. Choosing a Risk Management Approach

Organizations must decide how to respond when confronted with new risks. This decision-making process should involve leaders from various departments and adapt to changing circumstances.

Developing Adaptable Risk Management

Effective risk management is crucial for survival, especially during severe or abrupt risks. Here are five actions leaders can take:

  1. Reframe the vision for risk management: Set clear goals, define risk levels, and engage in conversations with business leaders to foster well-informed decision-making regarding risk versus reward.

  2. Establish agile risk management procedures: Form cross-functional teams with the authority to make swift risk management decisions.

  3. Leverage data and analytics: Digital tools and data can enhance risk management efforts, providing better insights and predictions.

  4. Cultivate future-ready risk expertise: Equip risk managers with fresh competencies and knowledge to understand evolving risks.

  5. Strengthen risk culture: Foster an organizational mindset that responds swiftly to threats.

The Role of Scenarios in Grasping Uncertainty

Scenario planning helps leaders turn abstract hypotheses into narratives that depict plausible future scenarios. This offers advantages like expanding thinking, identifying likely futures, safeguarding against groupthink, and challenging conventional wisdom.

Insights on Risk in Financial Institutions

According to chief risk officers (CROs), banks face heightened exposure to rapidly evolving market dynamics, climate change, and cybercrime. While the pandemic’s impact on nonfinancial risk is expected to diminish, climate change is anticipated to become a substantial concern. Cybercrime remains a top risk for financial institutions.

Understanding Cyber Risk

Cyber risk encompasses potential digital losses, including financial, reputational, operational, productivity, and regulatory aspects. It can also manifest as physical world losses, such as damage to operational equipment. Cyber threats, like privilege escalation, vulnerability exploitation, and phishing, create the potential for cyber risk.

A Risk-Based Cybersecurity Approach

A risk-based cybersecurity approach prioritizes risk reduction over achieving a specific level of cybersecurity maturity. It focuses on addressing the most critical vulnerabilities effectively. Steps include integrating cybersecurity into enterprise risk management, evaluating vulnerabilities across people, processes, and technology, comprehending threat actors, and monitoring risks against risk appetite.

Prudent Investments in Risk Management

To manage high-consequence, low-likelihood risks (or “big bets”), organizations must prioritize existential threats. A two-by-two risk grid assesses the impact of an event against the certainty of that impact. Investments aimed at safeguarding value propositions can enhance an organization’s resilience.

In a constantly changing world, managing risk effectively is not just about creating plans; it’s about regularly evaluating and updating them to remain relevant and resilient.