Council Post: Navigating Enterprise Risk In An Unprecedented Year

Jason Edelboim is President and Chief Operating Officer at Dataminr where he leads the company’s go-to-market.

Before the pandemic, the real-world consequences of a poor response to a crisis spanned sharp declines in shareholder value, executive resignations, and impacts to brand reputation, customer loyalty, employee retention and more. 

In the past six months, the stakes have gotten higher. Throughout the pandemic, public- and private-sector organizations have faced an unforeseen and unfamiliar risk landscape. Every decision had, and has, the potential for dire repercussions that extend beyond the loss of business. Enterprises, more than ever, have been challenged with managing cascading events and an entirely new risk profile. 

The pandemic is unique in that it dramatically expanded the risk profile of virtually every company on the planet while also distributing the concentrated areas of risk that enterprises are accustomed to — most notably, physical spaces for employees and customers.

As offices cleared out and millions of knowledge workers were sent home, physical campus security risks dissipated. Travel spending plunged in the early weeks of the pandemic, shrinking travel safety risks.

Meanwhile, through my experience leading a company that uses AI to detect risk, I saw nearly every other risk category grow. 

The Expanding Surface Area Of Risk

Companies are facing a larger-than-normal evolving set of risks today. The “surface area of risk” is composed of the elements that define your risk exposure, such as managing a global organization or operating a horizontally integrated organization. Covid-19 expanded every organization’s surface area of risk while making existing ones more complex. Instead of having to worry about the safety of 100 workers on a single campus, companies now have to worry about their safety in 100 locations and the impact of a variety of threats (e.g., wildfires, hurricanes, etc.) from home.

The FBI says cybercrimes jumped fourfold during the pandemic, with Covid-19-related ransomware and spear-phishing campaigns hitting hospitals and local governments. Hackers struck Honda in June, forcing the automaker to temporarily halt its production lines. The prospect of a distributed workforce digging in for the long term means IT departments have less control over security, thus opening up new attack vectors.

Risks to front-line workers who stayed on the job through the pandemic remain high. In mid-April, as the number of confirmed cases of Covid-19 stood at more than 780,000 in the U.S., some companies had still failed to outfit employees in stores and warehouses with masks and gloves. Looming on the horizon are class-action lawsuits from front-line workers and their families who fell ill, suffered permanent health complications or lost their lives during the pandemic.

In addition to the operational complications, retail businesses faced new kinds of reputational risks associated with, but not limited to, following public health mandates, consumer reactions to their pandemic response, in-store safety measures and claims of price gouging all over the country. 

In short, the surface area of risk has been redefined for enterprises, forcing them to not only identify a new constellation of risks in real time, but also to rethink approaches to operational resilience in this new reality.

Identifying risk is a shared responsibility.

The unpredictable nature of risk in the modern enterprise was exacerbated over the past 30 years, due largely to globalization and the acceleration of technologies such as the internet, mobile and now 5G that make the world more interconnected than ever. Still, for some organizations, the risk was managed — and manageable — by one team. 

In the Covid-19 era and after, there is an added dimension of risk across all critical business functions. This makes it essential for all decision-makers to have access to the right information in real time so they can evaluate past risks and the likelihood they’ll reemerge, as well as scan the horizon for potential risks the company hasn’t faced yet. This is where I believe a chief risk officer comes in.

Last year, more than 90% of companies believed risk management would become more important to achieving strategic goals in the next five years, according to a survey by Deloitte. Still, about half of the companies surveyed said they haven’t hired a chief risk officer. The survey suggests that companies with CROs financially outperform their competitors and are more likely to see a compound annual growth rate of more than 5%. 

At high-performing companies, risk management teams or CROs are part of all significant strategic decisions, providing a holistic perspective on the company’s risk profile. Effective risk management can increase a company’s chances of meeting its strategic and financial goals and improve shareholder value.

What’s next?

It’s virtually impossible to avoid corporate risk. In a 2019 survey, nearly 70% of senior leaders said their company had experienced at least one major crisis in the past five years. 

So, what can enterprises do? 

First, establish a risk response framework that clearly denotes the necessary processes and roles. Take into consideration who from your organization needs to be involved, such as members of the C-suite and individuals from operations, crisis communications and human resources.

Second, audit your tech stack across functions. Are your tools best in class? Where are the gaps? Are you the last to know about information critical in the Covid-19 era (e.g., a new government mandate that impacts your employees or an important supplier)? Have you experienced a series of remote work communication complications? Identify the new core features and infrastructure required for effective and collaborative remote work.

In this process, you can discover potential emerging risks and pull together the cross-functional team necessary to mitigate damage. 

Third, stress test the impact of potential gaps and business-critical events under the new pandemic lens. Organizations are discovering entirely new types of crises, but now they have the opportunity to test against the new possibilities. This is now a strategic imperative that can protect corporate reputation, aid in operational resilience and limit long-term impacts to the brand. 

More than ever, cross-functional leadership, well-defined processes and new technologies must work in harmony so that when the inevitable next crisis does unfold for your organization, you are ready to respond.

Forbes Business Council is the foremost growth and networking organization for business owners and leaders. Do I qualify?