- World Economic Forum’s Global Risks Report 2023 identifies the most severe perceived risk to economies and societies over the next two years.
- The report paints a stark picture of a world in potential ‘polycrisis’, where ‘disparate crises interact such that the overall impact far exceeds the sum of each part’.
- This article outlines key trends for 2023 and actions risk leaders can take to address these challenges.
So declares Portia, the archetypal ‘Gen Z’ character in the popular HBO series, The White Lotus. The statement is included in a scene that prompts two young characters to debate that generation’s stereotypical — and rather dramatic — world view.
However, after the release of the World Economic Forum’s Global Risks Report 2023 in January, many CROs may be inclined to agree with Portia. The report paints a stark picture of a world in potential ‘polycrisis’ where ‘disparate crises interact such that the overall impact far exceeds the sum of each part’.
After three years of global pandemic, supply chain pressures, the return of war to Europe, multiple extreme weather events, increasing cyber incidents and even talk of the use of nuclear weapons, if everything is not actually falling apart, it does not feel like a return to any sort of normal. Indeed, the report describes the early 2020s as ‘a particularly disruptive period in human history’.
In this time of extreme uncertainty, no-one can predict the future. And yet, arguably the whole purpose of the risk function is to ensure that, as far as possible, we do in fact predict potential futures and further, that our organisations are ready for them.
Reasonable or not, with that in mind, we have outlined the key trends for 2023 and actions risk leaders can take to address these challenges.
Risk trends in 2023
1. Economic risks and the cost-of-living crisis
According to the World Economic Forum Global Risks Perception Survey 2022-20231, none of the top ten global risks fall in the economic risk category. However, the number one global short-term risk by severity is the cost-of-living crisis, which the survey categorises as a ‘societal’ risk. The number three risk is ‘geoeconomic confrontation’, which is categorised as ‘geopolitical’ and includes currency measures, investment controls, sanctions, state aid and subsidies, and trade controls.
By contrast, in Australia, four of the top five risks cited in the WEF report are either economic risks or related to economic causes or impacts. They are ‘cost of living crisis’, ‘debt crises’, ‘rapid and/or sustained inflation’ and ‘geoeconomic confrontation’. (The fifth risk is ‘failure of climate change adaptation’).
Given increasing inflation, rising interest rates and the IMF stating that it expects that one third of the world will be in recession in 20232, the emphasis on economy- related risks is not surprising.
2. Geopolitical risk
In other parts of the world, geopolitical risks are perceived to loom larger. The risk of ‘interstate conflict’ was included in the top five risks of countries closer to the war in Ukraine, both in Europe and the Middle East. The return of risks such as risk of war involving larger nations such as China, and the potential use of nuclear weapons as a real possibility in Europe, upends the conventional wisdom that people can rely on what they have learned from past experiences. We hear about circumstances that have not occurred ‘since the First World War’, ‘since the 1930s’ and ‘since World War Two’’ but who in the world has had experience in events such as the impact of global pandemics, wars in Europe and potentially in Asia? Perhaps the late Queen Elizabeth, but not current governments and certainly mot most corporate managers. While we can of course learn from history, there is widespread lack of an ‘instinctive’ understanding of how to anticipate the fall out of these risks, which have led situations where we cannot secure the goods we want to buy, even pharmaceuticals, we cannot afford to pay the prices that are being demanded and energy supply may not be secure.
3. Climate change and other environmental risks
Despite the continual extreme weather events occurring in Australia, that risk not included in the top five Australian risks. However, five of the top ten global short-term risks, and four out of the top five global long-term risks in the WEF report are ‘environmental’ risks. The short-term risks are ‘natural disasters and extreme weather events’, ‘failure to mitigate climate change’, ‘large scale environmental damage incidents’, ‘failure of climate change adaptation’ and ‘natural resources crisis’. Not only are there significant immediate crises that must be managed, the WEF report also notes that the longer-term impacts of climate change are those that the world is ‘still the least prepared for’.
4. Cybercrime and emerging technology
While cybercrime ranks eighth overall in the WEF report, it will no doubt remain top of mind in Australia due to recent well publicised events such as those at Optus and Medibank. There is really no excuse for organisations to have not turned their mind to ensuring that an integrated cyber response has been agreed and tested, from security, to legal and media responses. (If you have not, let 2023 be the year that you lead this).
The Australian response includes legislative change, including increases in penalties under the Privacy Act and the introduction of the Security of Critical Infrastructure legislation and privacy and security regulation continue to be areas requiring monitoring and action.
There are both risks and opportunities in the technology sphere however and the challenge is for risk leaders to understand the upsides and downsides of emerging technology such as AI and quantum computing, and for organisations to secure talent in these fields.
5. Societal risks
While the continuing impacts of the COVID-19 pandemic are felt, the ‘cost of living crisis’ is impacting people directly and there is geopolitical instability, Australia has so far not reached the levels of societal polarisation seen in other parts of the world. ‘State collapse’ is listed as a top five risk in El Salvador, Sierra Leone and even South Africa and risks such as ‘large scale migration’ and ‘misinformation’ are also rated highly in some countries.
The challenges of addressing multiple urgent, interconnected risks
A number of challenges arise from these risk trends.
- There are multiple urgent risks to monitor — With the world feeling as though it is on a heightened state of crises on multiple fronts, prioritisation becomes difficult. While individual organisations do not need to fix global problems (unless that is their mission!), the current risk landscape poses multiple direct risks to Australian companies, from the continuing and evolving impacts of climate change, to an increase in cyber warfare, to supply chain shortages arising from the pandemic backlog and war, to energy prices and supply, inflation and international trade disputes impacting exports.
- Risks are interconnected3 — as illustrated above, more risks are causing other risks. They are interconnected, as is illustrated by the WEF report’s ‘interconnections map’ and it is a challenge to understand and communicate the connections.
- Risks compound each other — Assessing the potential or probable impact of a risk eventuating may be ineffective if assessed in isolation when there is potential for different combinations of risk to eventuate, and the overall impact will not be the same as a simple tally of the impacts of individual risks.
- There is tension between managing crises and preparing for longer term risks — With crises now no longer rare events, organisations are managing the impacts of multiple crises on a constant basis. The WEF report notes that ‘resources are absorbed by crisis management, rather than directed to preparedness for future risks’.
- Global risks need to be translated into local risks — With global risks dominating the news cycle, and being important to the state of the world generally, it can be a challenge to bring the conversation and analysis back to the potential impacts and mitigations for specific organisations. This is needed however, or it is all too easy to form the view that ‘everything’s falling apart’ or is too big to solve, and then fail to take practical action to prepare for those risks eventuating.
How can CROs manage these challenges?
The good news is that there are several key themes that underpin actions that can be taken to mitigate these risks — and none of them require reinventing the wheel. Dealing with the potential ‘polycrisis’ requires organisations to have a robust risk-aware culture, strong collaboration, resilience and to carefully consider how best to address the interconnective nature of the current risk landscape.
1. Strengthen risk-aware culture
Now is not the time to drop the ball on embedding risk culture. With so many urgent current and potential challenges, the risk function will simply not be able to monitor all the risks and mitigation actions. They will be reliant on their organisation having a culture of risk awareness and proactive mitigation across all areas.
In additional to employees being risk-aware and proactive, risk functions will also be particularly reliant on the timely and open sharing of information to detect emerging risk events. This only happens when there is a general culture of transparency and speaking up about risks.
There is also an opportunity to increase education and understanding of the interconnected nature of risks, identifying potential flow-on impacts generally and identifying the specific relevant impact larger macro trends or events may have on individual organisations.
2. Gather the experts: collaboration in 2023
When there are so many urgent, wide-ranging and disparate risks in play, it’s more important than ever for the risk function to collaborate with subject matter experts, including experts in cyber security, climate risks and ESG, finance and economics, physical infrastructure and third-party risks. Not only because they are experts in their fields, but also because the interconnected nature of risks means that all perspectives will be needed to assess the overall risk. For example, where geopolitical risks may cause economic risks, which in turn may prompt government response or societal impacts to customers.
Despite the many current challenges, there are also many opportunities in a changing environment. Risk functions are usually skilled in facilitating different perspectives to inform an overall view and ensuring that opportunity in risk is not overlooked.
3. Build on the recent uplifts in resilience
The authors of the WEC report wonder ‘is preparedness even possible?’. However, organisations have no choice but to prepare. With the manifestation of an increasing number of risks being clearly outside of organisations’ control over recent years, the emphasis on risk mitigation has inevitably moved from primarily preventive controls to contingency.
When preparation and resilience is required, the central and integrative role of the risk function becomes crucial to organisational success. No one is better placed to lead the integration of siloed response plans to unexpected events into more robust central crisis preparation and management.
In particular, the crisis management and resilience improvements necessitated by the COVID-19 pandemic should not be forgotten and can inform approaches to preparedness for other potential events. Further, very different risk events can cause similar impacts, for example the operational disruption to critical systems could be caused by both extreme weather events and cyberattacks. Strengthening plans therefore prepares for both risks.
The centrality and perception of risk functions in many organisations was elevated during the pandemic and this visibility and recognition can be leveraged to continue to add value, particularly in organisations which do not yet have a truly integrated response to cyber incidents.
4. Recognise the interconnectivity of risk: choosing the most effective risk tools and practices
The presence of increasingly interconnected risks poses a challenge to more traditional risk management practices, including assessment of risks individually in terms of likelihood and impact, and assigning ownership of each risk to one owner.
Firstly, the potential combinations of flow-on risks often will not have one logical owner. Secondly, the potential ‘compounded’ effect of several risks resulting in a ‘polycrisis’ requires assessment of a range of potential impacts.
Scenario planning is certainly not a new idea for risk, but is often not commonly used, or only used for specific types of risk, particularly where time and resourcing are in short supply. However, it is a particularly useful method where more discussion is required, risks are not clear cut and there are many potential outcomes. The WEF report concludes that ‘greater levels of uncertainty should shift the focus from the probable to the possible’ and address ‘the full scope of possible impacts’.
Choice of ‘experts’ in the room and encouraging open thinking will also be important in scenario analysis. This is particularly important for the risks that feel most unfamiliar, such as the geopolitical risks not seen for decades, where the identification of potential impacts will not come from personal experience.
There is also the challenge of reporting or communicating the interconnectivity of risks, rendering standard-form reporting of individual risks — even if simplified on a page or well described in detail — less useful in conveying the overall picture of risk.
5. Balancing immediate crisis management with longer term risks
The WEF report notes that on a global scale, cognitive biases focus attention on recent catastrophic events, which is necessary for crisis management. However, resources are then diverted from preparation for longer term risks such as climate change.
The same can happen to individual organisations. There is no doubt that in 2023, priority must be given to immediate cyber threats (for example), and it is natural for management to want to focus on what is immediate. However, there is a role for risk functions to play in ensuring that longer term considerations are not forgotten, such as the risks and opportunities from emerging technologies or the transition to decarbonisation.
Conclusion
In 2023, CROs can continue to build on the solid foundations of risk management to ensure organisations are prepared for the potential volatility of 2023 — even if everything seems to be falling apart.
Published by FRANCESCA DICKSON FGIA FCG Head of Corporate Governance & Risk, BPAY Group