Risk and resilience: how to thrive in the cyber age

‘Traditional corporate governance principles on their own are inadequate in the face of digital transformation’

The business environment can be exciting and unpredictable in equal measure. Opportunities for innovators who find openings that others fail to spot are unprecedented. At the same time, they face and cause risks that we did not even know about a few years ago; change can happen at break-neck speed. How we respond to this risk can be the difference between sustainable success and failure.

Against this background Airmic, which represents those who work in risk, commissioned a report from CASS Business School to examine the impact that the so-called fourth industrial revolution can be expected to have on the resilience of companies. Although Roads to Revolution is fundamentally positive, it warns that organisations cannot continue to manage risk as they have in the past and expect to remain successful.

The level of risk is greater in the cyber era

This is an age when a teenage hacker working out of his bedroom can potentially cause as much economic damage as a tropical storm, when a systems failure or social media event that hits the unprepared business can leave a reputation in tatters. We must understand and deal with this kind of challenge.

“Board members need to understand that traditional resilience measures alone are insufficient in the digital age,” our report says. Regular reviews of stakeholder purpose and continuous business model reinvention are necessary for the future success and sustainability of organisations.

The report underlines that good governance becomes even more important in the cyber age. But it goes further than that: traditional corporate governance principles on their own are inadequate in the face of digital transformation. In simple terms, there are a whole lot of emerging risks out there that could flatten a company unless they are identified, understood and overseen.

Cyber-related tech has helped businesses to innovate

It has always been the case that firms must reconsider their purpose from time to time to stay successful. After all, the Shell oil company famously started out life, as the name suggests, importing and selling shells. The difference now is that things happen so fast that companies need to reinvent themselves almost all the time; to be alert, inquisitive, open to change and agile.

Cyber-related technology is, of course, at the heart of developments. It no longer merely helps us to carry out existing processes more efficiently. Digital transformation of business models is now core to how we add value, how we reinvent our purpose, organise our enterprises, our networks, supply chains, the products and services we offer, and how we relate to our customers and other stakeholders.

I have no doubt that an increasingly cyber-dominated business environment will continue to make the world more interesting and more prosperous. We need not fear innovations such as artificial intelligence, blockchain and quantum computing. But there will be losers as well as winners. The winners will be those organisations and individuals that acquire the necessary expertise, collaborate and embrace change. They will understand that positive risk management can make enterprises sustainable in these unpredictable times.

Risk must be a top priority for business leaders

It is important to stress that good risk management is much more than a theoretical concept. Another CASS report, Roads to Ruin, commissioned by Airmic in 2011, featured 18 case studies of corporate catastrophes. It found that all could have been avoided had the board been better informed and more responsive.

Many board members do not understand what positive risk management can do for their businesses, while many risk managers do not understand and align to the business drivers sufficiently to wield strategic influence within their organisations. Changing this culture and putting risk at the heart of corporate thinking is a top priority with cyber at the centre of the discussion.