Over the past few months many publications have carried articles referencing expert sources that identified the top risks of 2019. With so many postulations, how do we know what risks our businesses could face?
The fact of the matter is that risk environments are changing constantly. Companies that are ill prepared to identify risks proactively, monitor their environment and take the necessary action will see their businesses, value and supply chains severely impacted and reputations damaged – sometimes permanently.
Here is a brief summary from a number of randomly selected publications for you to consider.
Global consulting firm Protiviti and North Carolina State University’s ERM Initiative joined forces once again for their yearly survey and produced a report that details the top risks currently on the minds of global boards of directors and executives. According to the report, “Board members and C-suite executives view a somewhat riskier environment for business in 2019 compared to the prior two years.”
These are the top 10 risks that Protiviti and North Carolina State University’s ERM Initiative identify (Image: protiviti):
According to the World Economic Forum’s first edition of a Regional Risks for Doing Business report that reflects the views of more than 12,000 business people across 140 economies, “Unemployment and underemployment” represent the biggest risk for doing business around the world. The second biggest risk is the “failure of national governance”.
Here are the global risks (Image: World Economic Forum):
And here is a snapshot of the top risks in each global region (Image: World Economic Forum):
On a global level, the WEF and Protiviti do not see Cyber threats as the biggest risks yet when it comes down to a regional level, North America, Europe, East Asia and the Pacific see Cyber Attacks as the main threat.
CYBER SECURITY THREATS
The Information Security Forum (ISF), an organization that positions itself as “the trusted source that senior security professionals and board members turn to for strategic and practical guidance on information security and risk management,” identified four key threats for 2019
- The Increased Sophistication of Cybercrime and Ransomware
- The Impact of Legislation
- Smart Devices Challenge Data Integrity
- The Myth of Supply Chain Assurance
The ISF is of the opinion that the coming year will bring a “hyper-connected world where the pace and scale of change, particularly in terms of technology, will have accelerated substantially. People will find themselves caught in a vortex of economic volatility and political uncertainly far beyond the levels experienced before. As for organizations, some will prosper in this new world, many will struggle – the key differentiating factor will be the degree to which organizations are prepared to meet the challenges.”
WatchGuard Threat Lab imagined a string of attacks that could lead to a cybersecurity apocalypse. The company’s security predictions for 2019 “ from likely to audacious, but in all cases there’s hope for preventing them with layered security defenses that meet them head-on!”
- AI-driven chatbots go rogue
- Utilities and industrial control systems targeted with ransomware
- The United Nations proposes a cyber security treaty
- A Nation-State launches a “fire sale” attack
- Fileless, self-propagating “vaporworms” attack
- A WPA3 Wi-Fi hack demonstrates industry-wide lack of wireless security
- A major biometric hack shows the weakness of single-factor authentication
- Attackers hold the internet
ISA (International Strategic Analysis) is a world leader in the fields of country intelligence, economic forecasting and international market analysis. Looking ahead to 2019, it has identified the following 10 Leading Geopolitical Risks in 2019 as potential events to look out for:
- The Threat of a US-Chinese Cold War
- Russia and Ukraine’s unresolved position
- The Ambitions of Saudi Arabia and the UAE
- The Brexit Mess
- More Migration Crises (in Europe, the Arabian Peninsula, and the United States)
- Afghanistan’s Never-Ending Conflict
- Latin American Political Divisions
- Unresolved issues in Syria
- Venezuela’s Collapse
- El Nino and Rising Climate-Related Risk
On the business side, according to Fast Company’s Stephanie Vozza, 10 CEOs predict numerous changes to businesses in 2019. Companies not ready for these events or changes will put themselves at risk. The CEOs identified the following events that will change how businesses do business:
- More of an impact from the #MeToo. “With the tailwind of the #MeToo movement followed by the largest number of women elected into politics in any U.S. cycle, we are on the verge of significant change in the way women experience their professional lives” (Melissa Smith, CEO of payments tech company WEX Inc.)
- Leadership skills will be tested. “Leaders will be tested over the next few years, and they’ll need to know how to adapt when the times are not in their favor” (F. Scott Moody, CEO of K4Connect, a technology solutions provider).
- The new trade environment will affect business. “With newly implemented tariffs and continuing uncertainty around future trade developments, companies will need to reassess their supply chains to evaluate the cost and pricing of their products,” ( Beth Gerstein, CEO of Brilliant Earth, provider of ethically sourced jewelry).
- We’ll deal with culture differences in business practices. “In 2019, we’ll see business leaders begin to focus more on the benefits of both cultural changes and their plans on how they will successfully merge the two.” (Taso Du Val, CEO of Toptal, a global talent network).
- Trust and transparency are paramount. “The marketplace will realign as a result of the importance and value of customer trust” (Andrew Rubin, founding CEO of Illumio, a cybersecurity provider).
- Weed will get branding because “marijuana dispensaries will provide not just weed, but atmosphere and experience” (Pat McBride, founder and CEO of The McBride Company, a design firm for the hospitality and leisure industries).
- Experiences change the face of retail and “consumers will continue to put a premium on connection and experiences, and smart retailers will reimagine ways to turn transactions into immersive and enriching experiences that celebrate discovery, exploration, and learning” (Christine Barone, CEO of True Food Kitchen, an organic restaurant chain.)
- Diversity will become enforced. “As the long-overdue focus on gender and racial equality continues, government will increasingly step in to legislate for change” (Fred Stevens-Smith, cofounder and CEO of Rainforest QA, a quality assurance software company).
- Brick-and-mortar retailers fight back. “While the past decade has seen a big push around ecommerce and online investment, people still love to shop in physical stores, and 2019 will see more brands shifting their focus to physical locations”(Tom Buiocchi, CEO of ServiceChannel, a facilities management platform).
- “Data ethicist” becomes a thing. More decisions are made using artificial intelligence (AI). “The technology is ultimately responsible for making a decision, but the steps it took to get there will be informed by data scientists programming with human ethics in mind” (Gil Elbaz, CEO of Factual, a location data provider).
It is crucial to remember that none of the risks identified by any of the organizations in this article are mutually exclusive. It is very common for one event to drive an issue, snowball into a secondary crisis or threat by combining with other threats. It is also not uncommon for an organization to have to deal with a number of risks that are realized at the same time. Both these possibilities lead to an enhanced and potentially devastating risk and threat profile on multiple dimensions.
The implications are very severe and will certainly impact a company’s threat and risk profile. Resulting damage could include potential reputational destruction and erosion of internal and public trust not to mention legal action and sanction if the entity is found to be irresponsible and has not taken the necessary steps to mitigate the risks.
From a mitigation perspective, what should companies be doing for the duration of 2019 to help protect their reputations and solidify trust? We suggest 10 key aspects:
- Know and understand your vulnerabilities and risks by implementing the necessary risk audits
- Take the necessary steps to mitigate the risks identified
- Become more situational aware so potential risks can be identified and tracked allowing proactive action to be taken if necessary. Don’t forget to follow the risks that are impacting your customer, partner and supplier base. Crises and risks have a nasty habit of cascading across supply and value chains and it is your responsibility to proactively identify threatening issues and events. “We did not see it coming” may not be your get out of jail free card.
- Follow geopolitical events (see 2) as they will often be an indicator of potential domestic issues that could materialize. In addition, follow domestic threats or events as they could likely impact your business or present a threat to your industry. For example, an increase in ransomware or data breaches in your industry could mean you are next!
- Invest in important plans that can protect reputations and enhance business operations: business continuity and disaster recovery; cyber security; crisis communications; emergency management; public relations, etc.
- Ensure that you have the necessary teams trained to take proactive steps to manage a threatening event (see 4) as soon as it is identified
- All plans must be constantly tested, exercised and updated
- Investing in insurance is an excellent mitigation strategy – but do not make it your only one (see 4). It must be part of your greater risk management and recovery strategy.
- Implement communication and crisis management processes and policies up and down your supply and value chain, especially to clients, partners, regulatory bodies/authorities and the media
- Don’t think it can only happen to someone else!
About Fortress Strategic Communications:
Fortress Strategic Communications provides specialized strategic public relations and crisis communications consulting to companies that offer products, services, and solutions designed to manage and mitigate all types of risk. Typical clients are active in the security, disaster recovery, cyber security, safety, business continuity, homeland security, and emergency management domains. FSC also provides public relations counseling to startups looking to enter the broader enterprise risk management arena. The company draws on their executives’ combined 20 years of global experience in a broad array of vertical markets. For more information please visit www.fortresscomms.com or contact us via firstname.lastname@example.org