Author: Carolina Klint, Risk Management Leader, Europe, Marsh & McLennan Companies (MMC)
- Space junk, cyber threats and terrestrial infrastructure failures require effective and responsive public-private action – on a cosmic scale.
- The global risks identified in this year’s Global Risks Report demonstrate the need for organizational resilience and learning from the challenges of the past two years.
- Businesses that manage risk well will thrive in a changing risk landscape and create trust with their stakeholders.
Life during the COVID-19 pandemic has challenged governments, businesses and communities, resulting in: deep social, political and economic scars; unprecedented disruptions; and tense nation-state and business rivalries. At the same time, we have seen spurs to innovation and transformation.
During this period of divergent recoveries, businesses have been preparing for continued economic uncertainty, rapid changes in societal circumstances, and the potential intensification of risks, while also focusing on improving resilience to future crises.
The global risks identified in this year’s report demonstrate the need for countries and companies to improve their organizational resilience and learn from the failures and successes of the past two years. Those that have managed risk well, recovered from setbacks and crises, and thrived in a changing risk landscape have been adaptable, created trust with their stakeholders, and worked cooperatively to overcome challenges.
As recovery and the push towards a more sustainable future continue, three risk areas that businesses should consider focusing on in the short and long term are cyber, space and infrastructure.
Cyber risks: The threat of complacency
Cyber risks have intensified over the past two years as we’ve become more dependent on digital systems. Businesses are continually rethinking their operational strategies, digitizing and automating processes in response to lockdowns, increased absenteeism, and consumer demands for more efficient purchasing and speedy delivery.
In many instances, changes are being made on the backbones of aging technology infrastructure and insecure network protocols, which has exacerbated supply chain disruptions and exposure to cyberattacks.
Cyber threats have evolved, as seen by the rise of ransomware-as-a-service — a now prevalent, low-barrier means of attack. Cyberattacks also continue to be more costly — 2021 saw the highest average cost of a data breach in almost two decades, rising from $3.86 million to $4.24 million on an annual basis. Furthermore, cyber insurance pricing in the United States rose by 96% in the third quarter of 2021, marking the most significant increase since 2015 and a 204% increase year-over-year.
Given these circumstances, it’s understandable that the adverse consequences of technology advances were seen as a top-10 medium- to long-term risk by this year’s survey respondents. Ultimately, the consequences could be wide ranging and include even higher cyber insurance costs, critical infrastructure failures, loss of trust in governments and businesses, slowdowns in “smart cities” and other digital transformation agendas, and interventionist regulations and policies.
Divergent government agendas around how to control cyber risks — and suspected or actual complicity in cyberattacks — will complicate the risk assessments and investment decisions businesses must make to prepare and respond to attacks.
We are also seeing the emergence of the metaverse, which will more tightly connect individuals, businesses and governments through digital tools and platforms convergence, and will be built on blockchain technology and immersive virtual reality experiences. Discussions about potential regulation, privacy guardrails and cyberattack vulnerabilities are already taking place at government, industry and societal levels — but the metaverse may come into existence without all of its risks being addressed.
Intergalactic risks: Can there be a safe space?
Space is more accessible than ever, as evidenced by a record 145 orbital space launches globally in 2021. Space tourism also got off the ground with several private-sector rocket launches, and the first commercial space station was announced with operations slated to commence by 2024.
The diversification of actors is an exciting development but dated space governance frameworks are coming under considerable pressure, exposing fault lines between the ambitions of different players and the acceptability of their actions. Growing security concerns, increased competition among global communications providers and leisure flight operators, weapons tests, the threat of harmful space debris, and nation-state pride may disrupt commercial and scientific endeavours, increase geopolitical tensions, and threaten future cooperative efforts around governance.
Dated space governance frameworks are coming under considerable pressure, exposing fault lines between the ambitions of different players and the acceptability of their actions.—Carolina Klint, Marsh’s Risk Management Leader for Continental Europe
However, if we can successfully manage these emerging risks, we’ll realize the full potential for technological and human advancement that space presents, especially with longer-term missions to the moon and Mars in play and enhanced orbital satellite capabilities being launched to monitor and respond to climate change events.
Reliability risks: Infrastructure investment
Throughout the pandemic, public, private, digital, and space infrastructures have been tested by sudden shifts in how and where people work and unprecedented demand for online services and deliveries to homes. Pipeline shutdowns, canal blockages, deteriorating roads, bridges, tunnels, and dams, and power and internet outages are just a few problem areas encountered globally. And these tests of infrastructure resilience occurred against a backdrop of sustainability agendas driving decarbonization and green technology implementation, and severely disruptive and costly impacts from extreme weather events. In the US alone, weather and climate disaster costs topped $105 billion, surpassing the disaster cost rate for 2020 at a higher pace over the first nine months of 2021.
Many national pandemic recovery programmes have homed in on infrastructure investment and renewal as a means of stimulating economic activity, addressing critical reliability risks, and building future resilience. In November, the United States passed a $1 trillion package that covers roads, bridges, clean water, broadband access, electric vehicle charging stations, and more. While the scope of other countries’ activities may not be as large, many have focused on similar targets.
In this rush to rebuild, reinforce, and in many cases reinvent infrastructure usage and transform industries, governments, businesses, and communities, it’s important to undertake appropriate risk assessments that account for potential catastrophic risks. They should also minimize barriers to investment — such as political and trade credit risk — and returns, and think creatively about levels of backstop for pooled insurance schemes targeted at catastrophic risks.
Global risks: Renewed resilience
To build greater resilience at local, national and global levels, governments, businesses, communities and NGOs will need to work more closely together than ever before. By building real partnerships across public and private sectors, based on new approaches to risk mitigation, allocation and data sharing, we can make choices now that will enhance our risk preparedness and resilience.
One important step in this direction is to focus efforts on improving ESG credentials, and in the context of risk management and resilience, the diversity and inclusiveness of our organizations at all levels. If we are going to reduce the “resilience deficit” and preparedness gaps uncovered by the pandemic and recent weather events, supply chain failures, and geopolitical incidents, we need to improve the quality of our decision making, take a more holistic view of risk, and clearly connect risk to strategy.
Diversity and inclusion can help drive sound risk management practices, relevance with employees, customers and communities, and long-term resilience in our constantly changing world.
Through more effective public-private partnerships and the adoption of new approaches to risk management and resilience, when the next crisis emerges, we will respond with greater agility and cohesiveness to create a more sustainable future.