We could be sleepwalking into a new crisis. How should the business world prepare? 

The World Economic Forum has released its annual Global Risks Report (GRR), which in particular highlights:

- We will need to find new ways of practicing globalization that respond to the insecurity experienced by many people

- Political strains, most notably the increasing polarization of society, require a radical rethinking of existing institutions and processes to address global risks

- Risks are intensifying, but the collective will to tackle them appears to be lacking. Instead, divisions are hardening and we are drifting deeper into global problems from which we will struggle to extricate ourselves

Looking a bit deeper, I take four main points away from this year’s report:

Alarm bells are ringing. The IPCC’s Special Report on Global Warming of 1.5 °C gives us just 12 years to limit the most substantial impacts of climate change. Urgent changes are needed to reduce the risk of extreme heat, drought, floods and poverty, requiring significantly greater political unity and will than currently demonstrated.

Environmental risks dominate the GRR’s Global Risks Perception Survey (GRPS) for the third year in a row, accounting for three of the top-five global risks by likelihood and top-four by impact. Survey respondents seem increasingly worried about environmental policy failure and its potential impact, with the most frequently cited risk interconnection being the pairing of “failure of climate-change mitigation and adaptation” and “extreme weather events”.

Furthermore, the report highlights that climate change exacerbates the urgent need to close the global $18 trillion gap in infrastructure investment, and that rapidly growing cities and the ongoing effects of climate change are making more people (and businesses) vulnerable to rising sea levels.

Against this backdrop, we strongly recommend that businesses develop a climate resilience adaptation strategy and act on it now. We recommend this strategy be built around 3 steps:

Step 1: Identify the broad business and strategic risks following the Task Force on Climate-related Financial Disclosures’ scenario-based approach
Step 2: Develop a granular view of the risks involved, including, for example, individual locations
Step 3: Develop a mitigation strategy involving appropriate resilience-enhancing adaptations

In the GRPS, “massive data fraud and theft” was ranked the fourth-biggest global risk by likelihood over a 10-year horizon, with “cyber-attacks” at number five. This sustains a pattern recorded last year, with cyber risks consolidating their position alongside environmental risks in the high-impact, high-likelihood quadrant of the Global Risks Landscape. A large majority of respondents expect increased risks in 2019 of cyber attacks leading to theft of money and data (82%) and disruption of operations (80%).

This view among the many stakeholders forming the GRPS sample is also shared when looking at the business community alone. As the Regional Risks of Doing Business report 2018 highlighted back in November 2018, businesses view cyber-attacks as the number-one risk in doing business in North America and Europe as well as East Asia and the Pacific. This strongly suggests that businesses need to strengthen their cyber security and resilience in order to maintain confidence in a highly connected digital economy.

So how can businesses respond to this growing threat?

Build a culture of awareness: Cyber risks are not just an IT concern, nor are they limited to certain sectors of an organization. Every employee, from board members to interns, plays an important role in keeping an organization cyber-secure, and should understand their responsibilities for holding data securely

Adopt a mindset of cyber resilience: With reputational risk, economic losses and legal consequences on the line, it is crucial for companies to create and implement an incident response plan in the event a cyber incident occurs. Responding quickly and effectively will not only mitigate these risks, but also ensure a successful recovery in the long run.

Practice, practice, practice: While practice may not always make perfect, it can be pivotal when responding to a cyber incident. Just having an incident response plan in place is not enough; it’s imperative that the plan is practiced and updated on a regular basis, adjusting as needed for different scenarios and variations of cyber threats.

Geo-economic tensions ratcheted up during 2018 across trade, investment and sanctions policies. Furthermore, the rate of global growth appears to have peaked, while inequality - in particular within-country inequality - continues to rise and is seen as an important driver of the global risks landscape.

GRPS survey respondents do not feel confident about an easing of the current situation; 91% expect increased risk in 2019 of economic confrontation and friction between major powers, 88 % expect an increased risk of erosion of multilateral trading rules and agreements, and 85% expect an increased risk in political confrontation and friction between major powers

Like many global risks, coping with such key geopolitical and geoeconomic issues is often a challenging and somewhat daunting task for businesses. Companies have a choice: manage geopolitical risks or be managed by them.

Leading organizations understand they don’t have to “roll with the punches” – they can take action, be proactive, and incorporate geostrategy into their business strategy and operations. We believe the board, management and risk functions of an organization each have a role to play in managing geopolitical risks and opportunities. This can be managed in three steps:

Step 1 - Understand: understanding a company’s exposure to geopolitics is a global footprint assessment in which organizations consider their economic activities across the globe and how each might be impacted by geopolitics. Areas of focus include supply chain, people, corporate functions and stakeholders.

Step 2 - Prepare: once an organization understands its geographic footprint and how its strategic goals could be impacted by geopolitics, it is time to prepare. Areas of focus include investing in knowledge and networks, considering strategic redundancies and modularity assessment.

Step 3 - Act: a company needs to act as early as possible when geopolitical disruption occurs. There will be situations that can be proactively prepared for well in advance, and other situations where it will be important to quickly determine a course of action that minimizes disruption and cost. For example, potential protectionist measures, whether in the form of tariff or quotas, are something that a company can clearly prepare for. However, there will always be geopolitical events that are hard to predict.

We must keep in mind that the increased interconnectivity and complexity of global risks are here to stay. In such a context, and with today’s increasingly complex and tightly coupled systems, caring for business means considering everything that could affect it.

Adopting a holistic approach to manage global risks is crucial. It's important to recognise early warning signs, encourage scepticism, and mitigate our cognitive biases through using structured decision tools. We must be open to learning the lessons from small failures which can help us to prevent catastrophe … rather than sleepwalk into it.