Risky Business: What’s lurking in your risk landscape? Posted on June 5, 2018 by Tim Burke Businesses have always faced risks. In the 1920s, shopkeepers in small Midwestern towns were issued surplus World War I rifles so they could run into the street and shoot skedaddling bank robbers. But risks evolve, as do the ways any given risk may impact your business. Accelerating business risks Recently, I came across a couple of chunks of information at more or less the same time that spotlight the degree to which business risks are changing — and how fast: Cyberattacks that target businesses nearly doubled between 2016 and 2017, driven by an enormous spike in ransomware, including ransom denial-of-service (RDoS) attacks. Result: overall, the cost of a cyberattack has increased more than 27% from 2016 to 2017. 2017 was the most expensive year on record for natural disasters, due in significant part to extreme weather events across the U.S. that caused a total of $306 billion in damage. Last year saw 16 separate billion-dollar events, including three tropical cyclones, eight severe storms, two inland floods, a crop freeze, drought, and wildfire. Extreme weather events, natural disasters, and cyberattacks are not the only risks that challenge enterprises’ ability to sustain business continuity — but in terms of likelihood, at least, they rank as the top three. Top 10 global risks in terms of… Likelihood: Impact: 1 Extreme weather events 2 Natural disasters 3 Cyberattacks 4 Data fraud or theft 5 Failure of climate change mitigation and adaptation 6 Large-scale involuntary migration 7 Man-made environmental disasters 8 Terrorist attacks 9 Illicit trade 10 Asset bubbles in a major economy 1 Weapons of mass destruction 2 Extreme weather events 3 Natural disasters 4 Failure of climate change mitigation and adaptation 5 Water crises 6 Cyberattacks 7 Food crises 8 Biodiversity loss and ecosystem collapse 9 Large-scale involuntary migration 10 Spread of infectious diseases Source: World Economic Forum, The Global Risks Report 2018 Fortunately, you can respond to these risks by preparing for them. Consider cybersecurity, for instance: no less than 93% of 2017 breaches could have been avoided with common cybersecurity best practices like performing regular software updates, training staff to recognize phishing attacks, and blocking spam and fake messages. Similarly, it’s essential to have a good grasp of the environmental risks prevalent at your business locations — including the potential impacts of complex systemic risks, such as the unpredictable ways extreme weather or wildfire or flood can affect critical infrastructure. Recognizing these sorts of risks gives you the opportunity to ensure your enterprise systems and networks have been designed with the redundancy and resiliency necessary to sustain continuous operations during disruptions. Business continuity capabilities: one size does not fit all Your enterprise is unique, as is the mix of risks it faces. So the plans, policies, practices, and systems your enterprise needs to sustain business continuity when a disruption occurs are likewise unique. If you don’t have the resources in-house to develop, deploy, and maintain the risk management, business continuity, and disaster recovery capabilities your business needs, I urge you to seek help from a trusted technology risk management consultant with strong expertise in cybersecurity as well as business continuity and disaster recovery. In my next post, I’ll focus on several strategy-focused best practices that are critical to ensuring your enterprise has deployed the business continuity capabilities best suited to its needs.