The Top 5 Risk Management Challenges of the Year (2020)

Climate-caused catastrophes, protests, contentious elections, royal exits, Brexit, stock market plunges, and a worldwide pandemic are just some of the major events that happened over the course of the year. 

With the intent of becoming better prepared for whatever else may come our way, let’s review the top 5 risk management challenges that many companies experienced in 2020. 

1. Mega-Impact Events and Risk Transfer

The possibility of experiencing a mega-impact event (political unrest, consequences of climate change, and a pandemic . . . just to name a few) used to be thought of as a vague notion that may or may not occur far into the future. Now, no one is daft enough to think that’s the case. 

What makes the impact of such events even greater is the increased globalisation and intricate networks of organisations, supply chains, and economies, which makes it an impossibility to eliminate mega-impact risks through planning and preventative controls. 

This leads to a rising pressure for organisations to transfer risks with third-party insurance, in-house insurance, and risk-sharing agreements. However, these aren’t surefire ways to mitigate costs. Reasons why include: 

• A high potential for disputes, conflict, and litigation over transfers of risk.
• The inability to calculate proper insurance premiums.
• The likelihood of being under-insured in critical areas or over-insured in noncritical ones.

Still, you can expect insurance policies, risk-sharing agreements, and explicit contracts to play a larger role in upcoming risk management strategies.

2. Cybercrime

Every day, the risk of being subject to cybercrime goes higher as the skills and abilities of cybercriminals seem to advance faster than each day before. The list of entities that have been attacked this year alone includes Honda, several large banks, the manufacturing and healthcare sectors, a city in the American state of Alabama, and the huge newly-working-from-home workforce. 

The 2020 cybercrime statistics cited by CNBC are hard to hear:

• In the first quarter, the number of large-scale breaches increased by 273%.
• Destructive attacks are up 102%.
• Ransomware is up 90%.
• Island hopping is up 33%.
• The typical data loss that comes from a breach runs 10 million to 99 million records.
• The value of a company that experiences a data breach goes down by 7.27%.

Preventing cybercrime from infiltrating your organisation is critical now and will continue to climb the priority ladder as bigger, more organised, increasingly effective, and heavily financed groups of cybercriminals are churned out into action. 

3. Rapid (and Sometimes Rabid) Innovation

By rapid innovation, we mean the pace at which new technologies, processes, and business models (sharing-based, freemium, etc.) are implemented. 

By rabid innovation, we mean two things. Firstly, the competition to be first is fierce. This can cause strategies, plans, and implementation to be pushed, rushed, and/or hushed. Any (or a combination) of these will up the risk substantially.

Secondly, innovations are coming so quickly that regulation has a difficult time keeping up, putting organisations and everyday consumers at risk. So not only are innovations rushed to market, but they can speed right past any sort of compliance requirements—because there aren’t any. 

The threats posed to organisations who push such innovation are threefold:

1. Investments or projects operating in a legal grey area can cause huge losses if they end up being disallowed.
2. Fast-gaining market shares can crash when regulations are eventually put into place.
3. Disruptive organisations often incite the ire of lobbyists, causing negative publicity.
4. Taking shortcuts to meet self-imposed deadlines tends to cause mistakes that cost companies credibility and consumer trust.

Innovation is the life-blood of any economy, but it becomes risky when a high-risk innovation strategy falls outside the scope of current regulations and agendas. 

4. Reputational Risk

Living and working in a hyper-connected world via mobile devices, social media, and an ever-churning news cycle can exacerbate any word or deed into worldwide information. Social expectations are at an all-time high, and organisations need to rethink their fundamental approaches to addressing and responding to any issues that arise.

How has this rapid acceleration of intense scrutiny come about?

• Information is amplified to a networked world through social media.
• Everyone is hyper-available since they’re always connected to mobile technologies.
• Consumers are socially conscious and actively pressuring businesses to be responsible.
• Marketing strategies are multichannel, giving more control to consumers.
• Businesses are global and depend highly on third parties.

A pitfall of this rise in reputational risk is that even personal online activity can cause great damage to any organisation. Another is that since events happen so quickly, organisations are often forced to respond before a full investigation can take place.

5. Risk Aversion 

Sure, a financial fallout can come from any of the above risks or dozens of others. The thought of losing on an investment, especially a large one, means many risk-averse managers avoid taking any risk at all. While it’s understandable why this would be a common tactic, it’s actually quite a shame. 

Avoiding risk is not a sustainable management strategy. Not only because it constrains a company from growth, but also because an ignored risk can blindside you when you aren’t expecting it or prepared to deal with it. The results can be devastating.   

Have you heard of RAT? It stands for risk aversion tax. Harvard Business Review explains that “the difference in value between the choices the CEO would favor and those that managers actually make is a hidden [self-imposed] tax on the company.” 

As an example, HBR worked with a high-performing company to assess all the investments it made one year. The calculation of its risk aversion tax was 32%, meaning the company could have improved performance by almost one-third if they only made “investment decisions in accordance with the CEO’s [right] risk tolerance rather than that of [low-risk tolerant] junior managers.” From a company’s perspective, that equals a highly dysfunctional outcome of risk avoidance. 

Now, for the Good News

Yes, 2020 is a year no one will ever forget. The upheaval it has caused in every facet of industry (not to mention life in general) has done a number on supply chains everywhere. As part of the world’s supply chain has come to a screeching halt this year, others have seen sudden, unprecedented demand. Both of which can cause grievance. 

Was your company prepared to weather the upheaval? Did it already have a risk management strategy that had predicted some of these risks? Was it successfully put into play when things started changing so rapidly? Did that plan do what it was supposed to do when it came time to manage your risks? If so, then congratulations! That’s exactly why having a proper risk management system in place is so important.  

Through it all, believe it or not, there is good news. Through gains and losses, we’ve learned a lot, become much more flexible, and have resilience like never before. Can the same be said about your supply chain?   

BIO: 

Annabelle Smyth is a freelance writer located in Salt Lake City, Utah. She enjoys writing about supply chain management, human resource management, and employee engagement. She has most recently worked with Avetta and has valuable insight into supply management best practices. When not writing and educating herself, you can find her hiking the canyons with her dog and friends, spending quality time with family, or traveling to experience the cultures of the world.