World Economic Forum Report Shows Evolving Risks
The World Economic Forum recently released its Global Risks Report 2023. The report highlights and examines perceptions of risks that will impact us the most both over the near term as well as over the next 10 years. Let’s focus on some that can have a direct affect on organizations, their assets and most importantly, their people.
Cost of Living Crisis
The costs of gassing up our cars, heating and cooling our homes and other basic needs such as groceries and medication has spiked while at the same time, we’re living in a time of economic uncertainly which includes widespread layoffs. This puts an almost unprecedented amount of financial pressure on most of us. Add in the elements of “opportunity” and “rationalization” and you have all the elements of Cressey’s Fraud Triangle. Financial pressure is the leading reason why people in positions of trust commit fraud and all organizations should be on heightened alert for internal fraud as a result. At a minimum, organizations should conduct fraud risk assessments that are tailored to their unique risk profiles encompassing products and services, customer base, geographic footprint and commercial partners. Once the risks have been identified, assess the controls that are in place that are intended to mitigate those risks. Some will be adequate, others may not be working in practice and some risks will have no mitigating controls whatsoever. The most important part of performing a fraud risk assessment is to use the results to implement changes with the goal of lowering the organization’s overall susceptibility to risk.
Natural Disasters and Extreme Weather Events and Geoeconomic Confrontation
These risks were discussed separately in the report. We are considering them together since the response to these two categories of risk have significant overlap. Global organizations should have emergency evacuation and travel security plans in place in order to be able to safely evacuate their personnel in emergency situations be they extreme weather, natural disasters or civic unrest. There is no excuse for not having a proven plan and resources in place and experienced crisis managers at the helm.
Crisis management planning may sound daunting and may be something you don’t necessarily want to think about but the stakes could not be higher. Tsunamis, hurricanes, earthquakes and other natural disasters are the agents of chaos. Likewise, there is nothing more frightening than out of control civic unrest or rising hostilities from the host country itself. Organizations must have a plan to evacuate personnel and resume business operations. Those plans come about from crisis management planning. At the risk of oversimplification, crisis management planning consists of structured discussions surrounding the various events that can put personnel, facilities and operations at risk. Once those events have been agreed upon, the discussion should then move to where people should be moved and how. Equally important is to designate should oversee their safe evacuation. Most companies don’t have all of the resources necessary to perform emergency evacuations and the outside companies that specialize in them will be too busy to onboard your organization in the midst of an emergency situation. The time to retain outside emergency evacuation assistance is before you need them. Determine what you may need to arrange from those outside resources and retain them. Communications get disrupted during disasters and mobile phone networks may be down or overloaded. There should be a location where your people know to go to assemble safely and for you to be able to account for everyone absent the ability to call, email or text them. That same location may likewise be where you temporarily relocate until your primary location can resume operations. There should also be a previously determined phone number where people can leave messages as to their location and whether they need assistance. Ideally, these various instructions should be communicated and stored on everyone’s mobile device. If the disruption is the result of civic unrest or growing hostilities within the host country, evacuations and temporary relocation may not be so temporary and neighboring countries with less instability must be a part of the plan.
Widespread Cybercrime and Cyber Insecurity
The exponential growth of digital information and our ever expanding reliance on enabling technology and connected devices makes every organization susceptible to network intrusions, ransomware attacks, theft of intellectual property, business email compromise and financial crime. System safeguards alone won’t stop intrusions from occurring since social engineering attacks and spearphishing can breach even the most secure networks. Cybercrime awareness is much better than it used to be but there is still a need for constant training and communication since the threats and threat actors continue to adapt their attacks and techniques.
Business continuity planning is likewise very important. Like crisis management planning, there needs to be a well thought out plan for situations in which your computer network suddenly becomes unavailable.
How will you communicate, fulfill customer orders and continue operations if your network is taken down?
Is all of your information safely backed up?
Has anyone performed tests or audit procedures to ensure that the backups can correctly be restored in the event of a catastrophic data loss?
Cybercrime will be a part of our professional lives for the rest of our lives. As an organizational leader, you cannot assume that your CISO or IT department has it under control. Ask questions including has the company performed desktop exercises or other simulated attacks and what have we done to make sure that our networks can be restored from our network backups?
Erosion of Social Cohesion and Societal Polarization
In the past 6 years, violence and extremism has entered the mainstream here in the U.S. and has been tacitly endorsed or abetted by some of our own elected officials, rogue police officers and members of the military such as those who attacked the Capital on January 6th. Organizations that are based on hatred or divisiveness are gaining popularity. Racially charged violence is on the rise. These are very dangerous times. Workplace violence has always posed a serious risk to organizations and the erosion of social cohesion only adds to it. Organizations must have appropriate response protocols to respond to red flags of potential violent acts, harden their facilities against unauthorized access and train for active shooter incidents.
Employers have a social contract and a moral obligation to ensure their employees are safe despite these growing dangers. This requires systemic vigilance and monitoring for any threat to employees or facilities. Threats posted on social media or overheard in the breakroom, threatening emails or texts, altercations observed in the workplace or elsewhere involving company personnel are all potential warning signs of imminent dangers. Organizations should raise awareness through training and communication on how to recognize warning signs, steps they should take to escalate concerns and have the confidence that the organization will take the appropriate steps to intervene and safeguard their personnel.
Overall, reports like the World Economic Forum Global Risks Report provide important information of the risks about which organizations are most concerned. Such reports are not unabridged lists of all organizational risks and they are no substitute for the performance of risk assessments. They simply help raise awareness on the different categories of risk, provide insights into what other organizations are worried about and serve as a reminder that most risks require thoughtful consideration, planning and continued improvements to internal controls, communications and training.