As we look ahead to 2023, risk management is top of mind for organizational leaders—and for good reason. Crime/violence, weather, fire and transportation/logistics are the top rising global risks threatening businesses, according to the Global Risk Impact Report. When OnSolve analyzed risks to our customers, we saw reports of assault, homicide and theft all more than doubling and reports of blizzards tripling. Reports of fires increased by 127 percent, and the risks associated with transporting people and goods went up by 146 percent.
Though these increases are alarming, organizations and government agencies can take proactive steps to improve preparedness. Leaders and risk managers should focus their attention on these top five predictions for what the risk landscape will look like next year and plan ahead to strengthen organizational resilience.
1. The sharp increase in severe weather and the “end of seasonality” will demand continuous monitoring and a stronger, more effective communications strategy.
Traditionally, it was thought that the most severe weather events occurred along predictable, well-defined patterns in time and place (e.g., summer wildfires in the Western states, hurricanes in a well-defined season in the Southeast, extreme winter weather in the Northeast). Unfortunately, now we’re seeing longer seasons, as well as events outside of those traditional seasons and locations. This “end of seasonality” combined with the increase in frequency of severe weather poses a continuous risk to organizations and government agencies. Leaders must be ready for anything, at any time, in order to protect people and mitigate the damage of such events.
In this context, cities are working toward improving how they communicate with residents, using technology to reach more people faster. In 2023, agencies and organizations of all sizes will need to assess how they’re using technology to learn of changing weather events more quickly—and to deliver communications to at-risk persons.
A well-planned communications strategy backed by modern critical communications technology makes it possible to deliver geo-targeted alerts via phone, email, SMS, IPAWS, desktop and voice. Features like response options enable both staff and residents to mark themselves safe. In addition to the technology itself, investing time in best practices and education around emergency alerts and mass notifications is critical. Topics such as how to craft an effective message, how to communicate with other cities or agencies, and general training on the features and functionality available in the communications system are some of the areas where training will help improve outcomes.
2. The convergence between physical security and cyber security will continue.
Two trends will continue simultaneously: Cyberattacks and geopolitical instability. The intersection of these trends heightens the risk for both (e.g., risks associated with Russia, Taiwan, Eastern Europe, etc.). Traditionally, companies have charged their Chief Security Officer or Chief Information Security Officer with a defined focus—either cyber or physical risk. However, the convergence and interplay of those risks require leaders to understand and respond to both.
Currently, many organizations are still managing risk in siloes. The teams in charge of physical security work independently from teams managing cyber threats, and the incident management solution and/or the communications technology often work independently from the person tasked with managing risks.
To overcome these siloes, organizations will need to examine convergence on the response side. You can start by asking these questions:
- Where is your organization most vulnerable to cyber and physical threats? Where is the intersection of those threats?
- What is the input from IT, physical security, HR, finance and other stakeholders within your organization—particularly as the risk landscape changes?
- Where are your teams misaligned in identifying and managing those threats?
- Do you have an operational risk plan in place to address these threats?
- What’s your security strategy for remote or traveling workers?
3. “The shift” will continue, as leaders in the private sector step into risk management roles traditionally “owned” by public sector institutions.
As part of our commitment to and support of the public sector—from company founders with military experience to employees with police backgrounds to ongoing relationships with local, state and federal response organizations— we’ve had many conversations to gain insights into challenges faced by public sector risk professionals. Similar conversations with private sector leaders have revealed a frustrating trend: the institutions relied on for public sector stability have been stretched like never before. From the management of infectious disease in the U.S. to local law enforcement to geopolitical stability in Eastern Europe and Asia, assumptions about the continuity of business operations and the scope for private sector decisions are rapidly changing.
For example, historically, the following assumptions could be taken for granted: Ukraine is a stable location for sourcing software engineers. China is a stable location for single-threaded supply chains. And it extends beyond international or geopolitical: Employees can come to the office; retail locations will remain open; electricity will work reliably. Traditionally, it was assumed that business leaders could focus solely on the operations of their organization—and assume stability outside of their “four walls.”
That’s obviously no longer the case. Business leaders—not just risk managers—are re-examining their international labor and supply chain sources. Chief legal officers are working with their HR and risk teams to create COVID policies. Sales executives are making decisions to close or board up stores (e.g., 2020 unrest; Portland retail crime)—or even leave countries (e.g., Russia). This expanded scope for the business leader was unprecedented prior to 2020. Consequently, roles in the private sector are shifting and expanding as leaders step in and fill the gaps in crisis response and risk management. Private sector leaders are making decisions and assuming new types of responsibility outside their prior areas of expertise.
With leaders wearing new hats, 2023 will continue to be a time of transition as the domain of the risk manager becomes the domain of the executive. As roles expand and risks reshape the threat landscape, active engagement, planning and cooperation within organizations—and between the public and private sectors—will be imperative for successful risk management and crisis response.
4. Public safety will remain a focus in a changing regulatory and political landscape.
Now that we’re past the midterms, we've started the two-year countdown to the Democratic and Republican party conventions, as well as the 2024 election. City and county officials are already ramping up their planning and preparedness. The risk of civil unrest will continue to increase the demand (and drain) on public safety resources. Crime will remain a political issue.
The protection of citizens is not just physical; regulations are also increasing in a myriad of areas. Privacy regulations such as the European Union’s General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA) and the most recent California Privacy Rights Act (CPRA) continue the path toward putting data privacy in the hands of the consumer. Climate change disclosures, in review by the SEC, add compliance requirements. Even colleges and universities have to report more information to continue obtaining the same funding.
In the midst of these compliance requirements, risks continue to grow and as a result, the requirement to communicate continues to grow. Privacy regulations require companies and governments to think critically about how they know their employees and assets are at risk—and how they communicate.
In 2023, technology will play a pivotal role in improving public safety. Government entities will turn to the private sector to help them revamp critical communications with technology that can pinpoint threats, coordinate response teams and deliver timely and targeted alerts to people in the zone of impact. Expect a surge of interest in technology such as critical communications and AI-powered, analyst-vetted risk intelligence that filters out the noise of irrelevant data and helps leaders focus their attention on relevant threats and make informed, proactive decisions.
5. Organizations will rethink the duty of care to maintain employee health and well-being in a distributed future of work.
In our post-pandemic world, remote and hybrid work has dramatically increased the duty of care burden on organizations. Consider the following questions: What types of incidents fall under the purview for management? What about crisis response teams? The principles remain the same: any incident that puts our people or our operations at risk. However, the scope has multiplied—there are now “thousands of nodes” to consider and a massive “surface” to protect, including all areas where employees work.
Whereas the home locations of employees used to be considered their private business, the shift to remote work has created a tectonic shift in the footprint of security. When private homes of employees (and their internet access) are compromised, so is the security of business operations. Home security, personnel welfare and business continuity are now inextricably linked.
Travel is another piece of the duty of care picture. As post-pandemic travel continues to rebound, every organization will need to develop a strong travel risk management program that outlines clear policies, provides consistent employee training and leverages efficient technology that enables swift communications. The ability to locate travelers based on their itinerary and mobile app location tracking, as well as the option to search rail stations, flight numbers, hotels and more that are impacted by a critical event, are just a few examples of how technology can help organizations and agencies protect their employees, no matter where they are.
The bottom line: Organizations and government agencies can take proactive steps to improve preparedness. Watch our on-demand webinar for more expert advice on how to enhance your organization’s readiness for the challenges of 2023.