The Perfect Storm of Risks and How to Weather Them

Bill Raisch
Director, International Center for Enterprise Preparedness, New York University

A perfect storm of risks to global corporations is forming. It is a new risk environment that has already begun to dramatically impact major corporations in numerous incidents around the world. These impacts will only continue to grow. This new risk environment compels new approaches to risk if the global firms are to survive and succeed. Active collaboration by businesses against common threats is now an imperative for survival. A proactive as opposed to reactive stance towards risk must be taken, one that embraces an increasingly dynamic environment and which necessitates active alliances with other corporations and governments.

With threats and interdependencies growing, leading firms have begun to recognize that they don’t have the internal resources necessary to adequately address these risks on their own. They are looking to jointly address shared risks and leverage the force multiplier of collaboration. Increasingly, efforts are being undertaken to combine risk intelligence, insights, strategies, and capabilities to address common threats, realize cost economies, and identify potential opportunities that they could not achieve individually. One effort involves the establishment of a new Global Risk Network integrating global corporations with key international and national governmental agencies, NGOs, and critical infrastructure in targeted nations across the globe. 

 

The Perfect Storm in the Making:  Increasing Risk in a Complex & Interdependent Global Business Environment

Substantial New & Recurring Risks:  A diversity of recurring risks continues to disrupt business operations and wider economies with what can be devastating impacts. These include natural hazards such as hurricanes/typhoons, tsunamis, tornadoes, volcanoes, floods, and earthquakes. Public health threats include localized contagions and pandemics. Man-made threats include black-outs, communication system failures, fraud, workplace violence, and terrorism. 

In addition, new types of threats to business operations have developed with the potential for impact not only on individual businesses but also wider markets. These include cyber thefts/industrial espionage, related but distinct cyber hactivism, systemic financial risks, wide-spread political volatility, and civil unrest.

Risk Amplifiers: Widening Geographic Footprints, Growing Interdependencies and an Ever-Hungry Media.  The combined forces of off-shoring, outsourcing, international marketing, and global supply chains have resulted in a dramatic expansion of the corporate geographic footprint of operations. That expanded footprint has effectively created a wider physical target for a diversity of potential risks that could impact operations. Often operating in dozens of countries spanning a diversity of climates and terrains, global corporations are vulnerable to both man-made and natural hazards on a scale far beyond the historical regional or national focuses that firms have had in the past. International corporations are additionally subject to a spectrum of regulatory and market forces, varying infrastructure capacities, and differing political and cultural environments in the various countries in which they operate. 

International corporations also have increasing reliance on (and resulting risk from) external infrastructure that enables their core operations including external software/services, communications, and electrical power provided by a wide range of private and public entities in the countries in which they operate across the world.  

Global supply chains are increasingly operating with just-in-time policies that provide little if any safety stock. The most recent example of this was the automobile manufacturing disruptions in the aftermath of the 2011 Japanese crises. 

With 24/7 news coverage and hundreds of channels of media searching for content, any corporate event can quickly receive wide attention often playing to human nature’s thirst for the sensational.

Reduced defenses to risk:  Despite increasing risks, fewer resources are now available to address risk on a corporate level due to economic constraints and a prevalent assumption that addressing risk is an overhead function to be minimized. In many firms, budgets have been cut on an across-the-board basis, often resulting in drastic reductions in risk management activities of all kinds. Lower headcounts, reduced risk assessment and analysis, lower redundancy, and overall less capacity to address disruptions of any size is the norm in most corporations. These reduced internal defenses are in turn compounded by similar reductions undertaken by the external dependencies of most firms up and down their supply chains and even in critical external infrastructure providers.

In sum, increased risks amplified by a wide geographic operation, complex interdependencies, and a hungry media are resulting in a hyper-charged risk environment that directly threatens corporate revenue and assets unlike any situation in recent history.

Collaborating to Compete:  A necessity to address increasing uncertainty in the global business environment

Lacking sufficient internal resources, many international firms are recognizing the imperative to jointly address shared risks. Increasingly, corporations are reaching over corporate walls in an effort to leverage the force multiplier of active collaboration. They are looking to combine risk intelligence, resources, insights, strategies and capabilities to address shared threats and identify potential opportunities. Much in the same way that nations undertook alliances in the past to strengthen their ability to address shared threats so too are global corporations.

One effort addressing this challenge of international risk involves the establishment of a first-of-its-kind Global Risk Network. It is an effort being championed by senior professionals from a spectrum of firms including Barclays, Cisco Systems, Deutsche Bank, Garda, Goldman Sachs, Guardian Life, Indy Racing League, Jet Blue, Lancers Network, Microsoft, NC4, Novartis, Palantir, Pfizer, Prudential, Simudyne, Securitas/Pinkerton, Royal Bank of Scotland, Target, Thomson Reuters, and Vodafone.

The “guiding principles” identified by this developing Global Risk Network initiative have been distilled from interface with well over one hundred international organizations, public and private. As such, they offer insights into what may be perceived as the core challenges in addressing this new dynamic global operating environment and potential strategies to address these challenges on a collaborative basis.

Actively engage key stakeholders:  The interdependencies of a globalized economy must be acknowledged and relevant stakeholders from the public and private sector must be directly engaged in addressing shared risks. As an example, the Global Risk Network is working to connect:

•    Leading corporations with international operations

•    Cross-national organizations
     
(United Nations, INTERPOL, WHO, etc.)

•    Targeted agencies of national governments (national security,
      emergency management, law enforcement, public safety &
      health, etc. of targeted nations)

•    Critical infrastructure providers (communications, power,
      transportation, etc. in selected countries)

•    Existing public-private risk partnerships 

•    Relevant NGOs (professional & industry associations and
      preparedness/response/relief organizations)

•    Key subject matter & research expertise (focusing on targeted
      risks and geography)

Identify & embrace “win-wins”:  Successful collaboration identifies and leverages common objectives. It is also important to acknowledge that various parties may have different rationales and objectives. To the extent that these objectives are complementary and non-competing, these can form a firm and ongoing rationale for active collaboration. Collaboration borne solely of good intentions can be difficult to sustain over the long term, especially if it is lacking in specific goals or is simply being reactive. All parties must see clear benefits in any collaboration.

Short-term as well as long-term pay-offs are critical:  Too often risk activities are focused solely on the high impact/low probability event which may or may not occur sometime in the future.  Instead, risk management strategies can be structured to yield clear benefits in both minor (and generally more frequent) as well as major incidents and disruptions. Step-by-step progressions (with distinct benefits at each stage) in achieving wider long term goals can also assist in clarifying near term value.

Establish a trusted network:  Create an environment of confidentiality where concerns and experiences related to sensitive risk topics can be shared. Chatham House rules, for example, have been observed in Global Risk Network forums and lessons learned are evaluated in a supportive manner.  

Share information and perspectives on shared risks:  This includes insights on existing and developing threats, vulnerabilities and their potential impacts. Premium is placed on understanding the nature and drivers of risks as well as actionable next steps to address them. 

Establish a truly global perspective for action:  While there are many initiatives that may address local or even national risks, global corporations are increasingly looking for global strategies and solutions which span continents and include first, second, and third world countries.

Identify and integrate with other initiatives:  In this increasingly complex world of “information overload” and diverse initiatives, global corporations are looking for simplicity and integration. There is a clear call out to not duplicate or compete, but instead to identify and coordinate with various efforts to achieve synergies. One key first step in this regard that the Global Risk Network is undertaking is to identify and map existing relevant risk initiatives, including their purpose, activities, and contact information.

Develop both organizational and personal dimensions for collaboration:  It is certainly important to create an “organizational network of networks,” connecting a diversity of organizations to concretely address risks. However, it is equally important to create a productive “peer-to-peer community” among individuals that represent these organizations so as to enable the establishment of personal relationships that support the sharing of insights and experiences as well as ultimately collaborate before, during, and after crisis events. For example, face-to-face gatherings in the Americas, Europe, and Asia as well as virtual forums are core activities of the developing Global Risk Network.

Maintain a problem-solving approach with a hard deliverables orientation and employ a project management discipline:  In this time-constrained environment, organizations cannot afford to come together to solely “vent” on common challenges. Rather they are looking for a better understanding of targeted risks and the active development of concrete strategies to address them.  In the case of the Global Risk Network, a central staff will provide the support to assure clear deliverables within set timelines.

Promote cross-pollination of insights across industry sectors to enhance risk strategies:  Firms see real value in a diversity of perspectives and approaches from differing industries on issues of risk. They want more than can be gained solely from their particular industry association. Manufacturing can learn from financial services, entertainment can learn from retail, and vice-versa.

Convene on neutral ground:  Collaboration optimally should occur in an environment without business or political bias.

Adopt an offensive as well as defensive stance / proactively address risks to achieve rewards:  Too often risk management activities are undertaken solely to protect the status quo (existing assets and operations) or as a compliance requirement. Their value is only seen as realized when and if an event occurs. In this increasingly dynamic global business environment, firms must instead start with their core objectives and future goals and ask how what factors in the future can positively or negatively impact the achievement of those objectives. In turn, risk management strategies should be focused on mitigating the potential negative factors and enhancing the potential positive factors—all with the goal of increasing the probability of achieving core corporate goals.


Alliances & collaboration are key to both survival and success going forward

In conclusion, we must fundamentally change our approach to risk and our strategies to address it. We must change our perspective on risk management from solely a shield against adversity to a wider arsenal of both a shield and a sword—a sword which can be used to proactively advance corporate objectives by addressing risks that impact those objectives.

We must in the process establish critical alliances. We must move forward from an isolated “us against the world” approach to one which proactively embraces and leverages collaboration externally with other corporations, governments, and relevant organizations across global operations. Through collaboration we can access resources, insights, and capabilities vital to addressing the growing threats of the business environment. 

Ultimately, business at its heart is about risk and reward. How effectively we address risk will ultimately determine the rewards. Alliances and collaboration will be vital in that endeavor going forward. n

NCF Fellow William “Bill” G. Raisch is the founding director of the International Center for Enterprise Preparedness (InterCEP) at New York University and a former private sector preparedness advisor to the Federal 9-11 Commission. Raisch is a member of the Board of Directors and the Executive Committee of the American National Standards Institute (ANSI) and serves on the Committee for Experts for ANAB – the accrediting body for the voluntary Private Sector Preparedness Program (PS-Prep).