Know your risks and their cost - Business Works
BW brief

Know your risks and their cost

by Howard Kerr, Chief Executive, British Standards Institution Organisations are focused on risks, including cyber-attack and IT outages, but underrate the impact of more frequent events, says Howard Kerr, Chief Executive of the British Standards Institution. Health and safety incidents have become the leading financial loss drivers for businesses around the globe, with cumulative losses now outstripping the costs of more high-profile disruptions such as cyber-attacks or IT outages.

Meanwhile, political change has entered the top ten list of future threats for the first time since 2015, while Blockchain and Artificial Intelligence are new risks which rank amongst top sources of potential disruption in the year ahead.

These figures stem from the annual British Continuity Institute 2019 Horizon Scan published today in association with us at BSI. The report analyses the risks and threats recognized by 569 organizations worldwide, comparing these against the impact of actual disruptions over the past year. Now in its eighth edition, the report reveals a significant gap between perceived risks and actual issues from the past 12 months.

For the year ahead, organisations are most concerned about high-impact events, including cyber-attacks, IT outages and extreme weather events, despite the fact that other incidents recurred more often and have a cumulatively higher impact. Some of the threats perceived to be low risk are being underrated when looking towards future resilience.

In the table below, we can see the data from organizations that suffered financial losses of more than 7% of their annual turnover. Through statistical analysis, a cumulative amount of financial loss per each threat was derived.

Incident Cost (US$ billions)
Health & safety $1186.41bn
Reputation $1036.44bn
Adverse weather / natural disaster $500.75bn
IT and telecom outage $308.88bn
Lack of talent / key skills $254.46bn
Interruption of utility supply $244.15bn
Supply chain disruption $181.61bn
Cyber attack / data breach $144.84bn
Introduction of new technology $97.35bn
Natural resources shortage $$86.86bn
Product quality incident / product recall $74.78bn
Political change $66.15bn
Regulatory changes $63.82bn

You can see that health and safety incidents feature as the costliest event for organisations, with losses of $1.186 billion, closely followed by reputation damage at $1.036 billion. This raises further concern over the lack of attention from organizations towards risks linked to health and safety in the next twelve months. It might be also argued that the top two most costly disruptions are connected, as a health and safety incident can lead to reputation damage, receiving negative press and close scrutiny by external stakeholders

Other key findings of the research identified:

  • Political change is predicted to be one of the top ten disruptions in the next 12 months, but the financial aspect of political change seems to be neglected, as threats related to exchange rate volatility and higher cost of borrowing do not appear in the top ten.

  • Organizations with business continuity plans in place for more than a year suffer fewer disruptions than their peers. They report lower losses (6%) than the average (7%) from disruptions in the last twelve months.

  • Organizations direct a lot of time and attention towards risks that were previously considered 'black swans' - events that struck as a surprise, with a high impact on those affected. These events then become a key focus of attention. Risks such as critical infrastructure failure and natural disasters are among the most anticipated disruptions with high risk scores (5.47 and 5.43 respectively).

It is easy for leaders to be kept awake at night by high-profile risks such as cyber-attacks, technology disruptions and IT outages, but they must not ignore the smaller, more frequent risks that steadily erode the bottom line. Organizations that do not take all threats they face seriously, or develop plans to manage them, are exposing themselves to not only reputational loss but what can become quite severe financial costs. Achieving true Organizational Resilience means identifying not only the big risks but also the under-rated issues that may just seem 'business as usual' and can easily be missed.

To find out more or obtain a copy of the full report, please visit: the BSI web site

Tweet article
BW on TwitterBW RSS feed