by Gary Lynam, Director of ERM Advisory, Protecht
Across the broad spectrum of risk factors with the potential to impact organisations, geopolitical tensions have become increasingly significant. In particular, the conflict in Ukraine has brought challenges such as cybersecurity into sharp focus, with governments issuing regular and alarming warnings about the scope for state-sponsored attacks and disruption.
In April, for instance, the National Cyber Security Centre (NCSC), issued an alert about the risks to critical national infrastructure (CNI) from state-aligned groups, particularly “those sympathetic to Russia’s invasion of Ukraine.” Warning about the potential for “destructive and disruptive attacks” with less predictable consequences than those carried out by traditional cybercriminals, the alert “strongly encouraged” organisations to follow NCSC advice when the cyber threat level is heightened.
More broadly, the general “appetite for geopolitical risk management is growing”, according to recent analysis in the Financial Times. Alongside the Russia-Ukraine conflict, worsening US-China relations are encouraging more organisations to prioritise their efforts to monitor risks and forecast scenarios. The general consensus is that more organisations should be focused on identifying their potential exposure and response to geopolitical events, with experts from the likes of EY highlighting the importance of “a level head” and McKinsey on the need to “build resilience”.
Real and Significant Impact
In practical terms, recent geopolitical issues have made a very significant impact on the economic and supply chain risks faced by organisations around the world. During 2022, for instance, the conflict in Ukraine had a direct bearing on oil and gas prices, with costs spiking dramatically as supply uncertainty and the potential for fuel shortages caused huge concern.
This escalation of damaging risk can be best described as a culmination of ‘Grey Rhino’ events - a threat that is obvious and can be seen coming but by being ignored end up combining to create much more damaging situations. This ‘Grey Rhino’ event risk scenario underlines the interconnected nature – and severe consequences – of contemporary risk, especially for organisations operating in today’s highly complex and interconnected markets. For risk managers looking to prepare their organisations against scenarios like these over the past 12-18 months, there are some important lessons to be learned.
For instance, from globally significant events to more defined organisational risks, acknowledging, understanding and putting the right preventative strategies and processes in place can have a transformational impact on the ability of any organisation to approach the future with confidence in their resilience and ability to adapt.
Rapid advances in tech-led innovation are having a growing and positive impact on these issues, with the adoption of Governance, Risk and Compliance (GRC) solutions seeing particularly strong growth. Not only do these tools enable organisations to view, analyse and understand all of their key risk factors in a single platform, but they also allow risk professionals to measure overall risk culture within the organisation, track changes over time, and identify key challenges faced.
In doing so, teams can assess risks in more sophisticated ways, bringing the issues associated with geopolitics into greater focus and ensuring they are less likely to be ignored until it’s too late. But, for most organisations, effective risk management cannot be delivered in isolation. Instead, building alliances with risk specialists, advisors and software providers who are not only flexible but also capable of growing alongside each organisation offers an important foundation for an effective long-term strategy.
In choosing a set of GRC tools, for instance, it’s important to select a solution that can be tailored, modified and developed by the user themselves, as opposed to relying solely on software developers. This puts the control in the hands of the organisations taking the risks, empowering them to mould the software to best fit their unique requirements.
Moreover, risk management is not a one-off effort, but a strategic initiative that requires careful planning. Developing a strategic plan for the risk management function, based on a “blueprint” of a future vision, is vital. Organisations should consider where they want their GRC strategy to be over the next 1, 3, or even 5 years. This blueprint serves as a roadmap, allowing them to measure progress and adjust course as necessary.
This works best as a collective effort, and the entire organisation should be brought along on the risk management development journey. By involving everyone, leaders can foster a culture of shared responsibility and collective growth, ensuring the entire organisation is equipped to face the challenges and uncertainties of the future.
Taking place October 18 and 19, #RISK London brings high-profile subject-matter experts together for a series of keynotes, engaging panel debates and presentations dedicated to breaking down the challenges and opportunities that businesses face in times of unprecedented change.
“#RISK is such an important event as it looks at the broad perspective or risk. Risks are now more interconnected and the risk environment is bigger than ever before.”
Michael Rasmussen, GRC Analyst & Pundit, GRC 20/20 Research