While organisations have become much better at understanding how to mitigate conventional risk, risk managers and their enterprises should focus more on complex risks, according to the World Economic Forum (WEF).
“Humanity has become remarkably adept at understanding how to mitigate conventional risks that can be relatively easily isolated and managed with standard risk management approaches,” says the WEF in The global risks report 2018. “But we are much less competent when it comes to dealing with complex risks in the interconnected systems that underpin our world, such as organizations, economies, societies and the environment.
It says that many of these systems are under strain – not least because of the accelerating pace of change. Such complex risks cause a special problem because of their interconnected nature.
“When risk cascades through a complex system, the danger is not of incremental damage but of ‘runaway collapse’, or an abrupt transition to a new, suboptimal status quo,” it concludes.
Environmental threats were prominent in WEF’s annual Global Risks Perception Survey. All risks in the environmental category – from natural disasters to extreme weather events and failures in climate change mitigation – had risen both in likelihood and impact.
Cybersecurity risks were also growing in prevalence and in their ability to disrupt organisations and individuals.
“Attacks against businesses have almost doubled in five years, and incidents that would once have been considered extraordinary are becoming more and more commonplace,” the survey said. Ransomware attacks accounted for 64% of all malicious emails, it said.
And the targets that hackers choose are widening. Cyberattacks are increasingly targeting critical infrastructure and strategic industrial sectors. “This is raising fears that, in a worst-case scenario, attackers could trigger a breakdown in the systems that keep societies functioning,” it concluded.
There was some good news on the economy, which WEF said was finally getting back on track. But underlying risks persist, including potentially unsustainable asset prices, increased indebtedness – particularly in China – and strains in the global financial system.
WEF has developed some new risk management resilience tools to help examine more systemic risks across an organisation’s operations. Its nine identified lenses are grouped under three topics:
“It is not the case that measures to deal with systemic risk simply add up to the sum of these nine lenses,” Roland Kupers, an adviser on Complexity, Resilience and Energy Transition and a fellow at Oxford University, said in the report. “The interconnected nature of the underlying system precludes this. However, considering these nine aspects will provide a comprehensive—and, crucially, a practical— method for mitigating those risks.”
He warned that it was essential for such an exercise to be separate and distinct from the standard processes used for dealing with normalised risks.
WEF’s report supports IRM’s own research into the future of risk and risk management in its recent document Setting the risk agenda.
“As the complexity of risk increases – founded on transformations in technology, climate and natural resources, and political and socio-economic influences by 2025 – organisations need to reflect on existing risk architecture and its suitability for managing such risks,” said IRM’s report. “As new risk trends emerge, as identified in this survey, organisations should simultaneously be willing to adopt new, or adapt existing, risk systems and processes.”