Skip to content

What is the value of risk reports for crisis management?

Two weeks ago the World Economic Forum (WEF) published the 2022 version of its Global Risk Report. This article explores how crisis management capabilities can benefit from this and similar reports.

Two weeks ago the World Economic Forum (WEF) published the 2022 version of its Global Risk Report. This report identifies global risk perceptions among risk experts and world leaders in business, government, and society. This article explores how crisis management capabilities can benefit from this and similar reports.

What are risk and threat horizon scan reports?

Several institutions publish a threat or risk report annually, of which the Business Continuity Institute (BCI) and the World Economic Forum (WEF) are the best known and most respected. Two weeks ago, the latter released its Global Risk Report with expectations for 2022 and beyond.

The Global Risk Report identifies global risk perceptions among risk experts and world leaders in business, government, and civil society. It presents the results of the latest Global Risks Perception Survey, followed by an analysis of key risks emanating from current economic, societal, environmental, and technological tensions. The report concludes with reflections on enhancing resilience, drawing from the lessons of the last two years of the COVID-19 pandemic.

In the Global risk Perception Survey, the respondents were asked to identify the 10 most severe risks on a global scale over the next 10 years. Climate action failure, extreme weather, and biodiversity loss – all environmental risks – are in the top-3 according to the respondents. The other risks are social cohesion erosion, livelihood crises, infectious diseases, human environmental damage, natural resource crises, debt crises, and geo-economics confrontation.

What are the limitations of risk reports?

Risk reports such as the Global Risk Report can be useful for crisis management preparedness, but you should appreciate their true value and understand their limitations. To start with the latter: Risk reports comprise expectations about the future, but do not have any predictivevalue. There is a small but important difference between expectations and predictions. An expectation is an acknowledgment of how things have worked in the past and are likely to work in the future (“we will likely be confronted with a new variant of COVID-19”). A prediction, on the other hand, captures this idea in a measurable way at a specific point in time (By the end of 2022 we will face a COVID-19 variant with much higher mortality rates”).

A limitation of risk reports is that they are solely based upon questionnaires and hence cover perceptions. These perceptions can be biased and we do not know whether the sample of respondents is representative. In addition, statements in risk reports are not always underpinned by scientific evidence. For instance, in the Global Risk Report, it is suggested that cyber-attacks can negatively impact corporate reputation. Research has shown, however, that this relationship is far more complex.

What is the value of risk reports for crisis management?

But if you take these limitations into account, risk reports can still hold value for crisis management. I will give three examples:

First, threat and risk reports can help the organization to focus attention on specific risks. There are infinite risks while crisis management capabilities typically have only limited time and resources. This means that crisis management capabilities need to prioritize and focus on risks that matter most to the business objectives of the organization. Risk reports can drive the selection of crisis management exercise scenarios and contingency plans. In 2019 – one year before the COVID-19 crisis – the Global Risk Report contained a dedicated section on the rising threat of disease outbreaks. This could have triggered organizations to prepare for pandemics.

Second, risk reports can be used as input for business continuity risk assessments. These assessments are helpful to identify existing and emergent threats that could disrupt the business. By using the Global Risk Report, organizations can assess how the identified top-3 environmental risks can impact their business. Considering the failure to act upon climate change, for instance, would it be a good decision to build a data center in an area that is actually below sea level?

Third, risk reports can be used to examine whether the organizations’ crisis management organization meets the needs of future crises. For instance, the rise of supply chain threats could require much more involvement of procurement and other stakeholders that maintain relationships with third parties in the crisis management organization. On the other hand, the role of facilities could change too as many people will continue to work from home in the future.

Next

Cyber Crisis Management: 5 Good Practices

10 good practices for implementing third-party risk management