2021 is the year of uneven recovery as the aftermath of the pandemic creates a world of haves and have-nots. The competition is tense between nations and within them, as debt and government spending increases for curtailing the current crisis. The relationships between state and business and between society and business have become critical for companies. If 2021 does not mark the end of the pandemic, it will be the year that determines what is left when the worst is over.
While we have seen some superficial stabilisation in the US-China relationship, the two countries will continue clashing across a wide range of issues while advancing their efforts for global supremacy. At the same time, at the helm of some of the most dangerous regimes sit authoritarian leaders, bent on flexing on the global stage in the fields of cyber, nuclear, space, military and economic domination.
On top of this, an inflection point has come for the relationship between businesses and climate change. No organisation can now afford not to take a stance. In 2020 we saw the meteorological authorities run out of names for climate events and this year backdating the beginning of the hurricane season by two weeks. Nations have been facing wildfires, long droughts and extreme winters and heat spells, not ruling out the possibilities of long-overdue earthquakes, supervolcanoes and extended power and internet outages due to solar flares.
The rapid digital transformation that exploded during the pandemic will continue at an accelerated pace, bringing ever greater connectivity in the workplace. But, with remote work and increased social media use comes increased exposure and vulnerabilities. The challenges for business will be opportunities for cyber threat actors who will capitalise on increased connectivity and hasty solution adoption. Companies across the world will have to balance the drive for technological innovation with security, integrity and resilience challenges.
Now is the time to shift from crisis response to embracing uncertainty. With the arrival of COVID-19 vaccines turning forecasts more positive, those businesses that refuse to embrace risk in 2021 are in danger of failing to capitalise on the post-COVID recovery. To successfully ride the wave of post-COVID recovery, many businesses will need to transform their business models in even more significant ways than they already have. Companies’ competitiveness will be defined by their values, as much as by productivity and profits.
How do we prepare for the perfect storm?
Increased risk awareness
Risk awareness is the raising of understanding within the corporate community of what risks exist, their potential impacts and how they are managed. By having a greater understanding of their specific roles and responsibilities in risk management, project managers and employees will be able to understand their accountability; this is exhibited by increased participation in risk identification, increased assumption of risk ownership and more proactive thinking. Having greater risk awareness means stakeholders will be able to better recognise risks as they appear, instead of waiting until they become issues. As risk awareness increases, it adds new risk experiences – and greater experience results in better risk assessment and judgment.
Flexible security and risk mitigation strategies
While security strategies are long-term and take time to both implement and iterate, we don’t have that luxury anymore. Why? Because in addition to the ever-evolving threat landscape, there are plenty of other internal and external factors to consider. For example, privacy laws, regulations, compliance standards, company size, board members, budgets and individual employees all affect an organisations’ security posture and should, therefore, influence strategies.
A community-centred approach to security
As the human element continues to be one of the biggest risk factors in business continuity, it’s absolutely essential that those in security leadership positions make a pointed effort to engage with their employees to communicate risks and responsibilities. Also, as I have stated before and is part of my vision for the Corporate Community Resilience Program I created, any of those existing and possible crises described above (or the combination thereof) are bound to affect the employee at home and as a citizen. From 2021 and going forward, risk awareness should not be siloed as a specialty, but something that is executed bottom-up in the organisation.
In this scenario of permanent uncertainty, business and risk management need to go hand-in-hand. Security protocols need to be defined in the boardroom and implemented across the corporate community. Whether all these risk factors come together to form the perfect storm of business continuity risks, or if they individually intersect, we need to be prepared to tackle the predictable consequences of a disruption. As we continue to explore this scenario, high risk awareness, clear protocols and flexible risk mitigation strategies are a necessity in the ‘New Normal’.
By Peter Backman
You can connect with Peter on LinkedIn here