Unlikely they may be, but hidden risks and ‘black swan’ events can be extremely damaging. So, how do you prepare for the unexpected?

The StrategicRISK Europe Benchmark Survey has revealed a number of hidden risks facing European businesses in 2016.

The failure of critical IT systems, failure to innovate and damage to company reputation or brand are risks with a low likelihood of occurrence but a high financial impact, should they take place.

Speaking to StrategicRISK, FERMA president Jo Willaert said businesses must conduct a proper assessment of the risk landscape they are operating in before they make any strategic decisions.

“It is crucial that when you set up the strategy of the company, you are aware what all the risks are and that people are taking care of those risks,” he says.

John Windsor, head of insurance at Marks and Spencer, says organisations can prepare for these unexpected events through the use of traditional risk management techniques, to assess the risks, and through careful crisis management planning.

“The most important thing is to know what your risk is – quantify and identify the risk and make sure you understand it,” he says. “Your business continuity plan must involve the physical part of your business, but the IT guys and insurers must also be included from day one, as should the press office to ensure you all speak with one voice. You don’t want to have people going off and saying things they don’t have enough knowledge of to discuss.”

10 hidden risks (low likelihood, high impact)
Damage to company reputation/brand
Failure to innovate
Failure of critical IT systems
Terrorist attack
Supply chain risk
Contractual risk
Non-malicious loss of critical/customer data
M&A
Fraud and corruption
Currency/FX risk

Communication is key

He adds: “Reputational risk in any event, whether it be cyber or fire, is hugely important. You have to maintain the support, loyalty and confidence of your customers. The most important thing when something does happen is to make sure you’ve got a tried and tested response to these things.

“Communication is key – it has to be confident communication to make sure your customers realise you do know what you are talking about and you are trying to address the situation.”

Margareta Drzeniek-Hanouz, director of the Centre for Global Competitiveness and Performance at the World Economic Forum, notes that companies must also be aware of the costs of risk mitigation and make sure any measures are proportionate to the risk faced.

She adds: “It’s really about a cost-benefit assessment and each will be very different depending on the operations [of the business] and economic exposure of those risks [to the organisation].

“Proper assessment of that exposure and the potential impact is needed; there’s no silver bullet or miracle solution.”

Bottom 10 risks – combined
Water shortages 1.6
Piracy 2.0
Pandemic 2.1
Injury to workers 2.1
Strikes/industrial relations 2.1
Social unrest 2.2
Neglect of CSR 2.2
Climate change 2.2
Man-made disaster 2.3
Environmental risk 2.3

As well as the risks highlighted by the survey, Tetra Laval International group risk management and insurance director David Howells says risk professionals also need to be aware of the threat of black swan events. “These ‘hidden risks’ or ‘black swan’ events, are considered to be so unpredictable that they cannot be measured or modelled,” he adds. “But that doesn’t mean they should be ignored.

“While they may seem to come as a complete surprise, it is generally accepted that they can be rationalised afterwards. Risk managers can prepare; using previous events we can develop scenarios to test and measure our resilience.

“It is a challenge to motivate an organisation to consider events that are, by definition, so unlikely to occur that they cannot be modelled, but the use of examples helps. The organisation’s strategy will have considered these scenarios and without even identifying the event, it will have considered how diversified it is, it will monitor performance across a multitude of areas and use key indicators to determine when it is necessary to rebalance and realign operations.”

But Windsor says it is important for risk managers not to overlook the more old-fashioned threats.

“Yes, you do have to look at the emerging risks, but you can’t forget about the traditional risks that have been around for many years,” he says. “For me, the three main threats would be the traditional perils, fire and flood, because of the effect they can have depending on where and when they hit, as well as terrorism and cyber risks.”