Organizations are underemphasizing emerging risks
These include risks posed by pandemics, cyberattacks, regulatory changes, and climate change and ESG matters.
Despite widespread agreement across businesses on the dangers posed by emerging risks, the vast majority of organizations continue overlooking and underappreciating the impact these threats could have on a company, according to a report from Marsh.
Although three-quarters of respondents in a Marsh survey said they believed their risk management and insurance buying practices were aligned with long-term growth strategies, just 25% of businesses have a comprehensive or formal process in place to evaluate and model the impact of emerging risks on the organization. Risks being underemphasized stem from a range of sources including pandemics, cyberattacks, regulatory changes, geopolitical tensions, emerging technologies, and climate change and ESG matters.
“The COVID-19 crisis, the temporary closure of the Suez Canal, major cyberattacks and other recent events, have all exposed the fragility of global systems and serious shortcomings in organizations’ preparedness to manage major crises,” John Doyle, Marsh president and CEO, said in a release. “As our report outlines, effective strategies to build more resilient businesses will not only facilitate faster recovery but also increasingly become a competitive advantage. Our survey findings show that more work needs to be done when it comes to anticipating and modeling key emerging risks as they develop.”
Road to resiliency
To help reduce the damages caused by emerging risks, resiliency is key. To begin that journey, the insurance brokering and risk management firm suggests the following four steps:
1. Expected the unexpected: The pandemic touched every business, but many struggled more than necessary because they failed to fully anticipate the extent of its impact. In fact, just 25% of Marsh survey respondents said they use scenario-based modeling across the enterprise or comprehensively to determine the potential impact of emerging risks. Further, 45% said they use scenario-based models only somewhat or in a limited way.
Organizations can better prepare by keying on certain metrics, according to Marsh. This includes measurements of risk aggregation and interdependences across a value chain, which can help slow the degree of contingent business interruption risks. Along these lines, information on supply chain partners and early warning crisis-event metrics are also vital.
2. Connect risk & strategy: By not anticipating risks or aligning them with corporate strategies, many businesses are limiting their ability to respond to new risks effectively. However, most organizations aren’t bringing risk management and long-term planning together, Marsh found. A big driver behind this is the inability of a majority of companies to deploy cross-functional collaboration, which can increase transparency into potential new risks and help in preparing better response plans.
3. Avoid gaps in perception of preparedness: Cognitive bias, or believing you have control over random events, leads to a disconnect between stated risk management strategies and how a business prioritizes and rates the impact of certain risks. Put simply: Organizations are overplaying their hands when it comes to how preparedness and the ability to respond, as well as recover, from an event.
To avoid the illusion of control, companies should conduct a thorough review of the risk terrain and make an honest assessment to if the organization has the necessary resources to pull through a shock event.
4. Measure what matters: Despite all the buzz around big data, organizations still struggle to consistently apply metrics to the business. However, by deploying a steady approach, companies can better measure their exposures.
For example, while certain risks were rated important or highly important by Marsh survey respondents, only a minority were conducting modeling and forecasting at rates that corresponded with the threat level.
Related: