Natural disasters, human errors and terrorist attacks are just a few examples of events that can have enormous consequences for an activity.
Knowing the risks, preparing management and response plans, and knowing how to implement them in time of need are essential requirements for any activity. We will discover how large companies have faced crises that otherwise would have destroyed them, and we will learn how these experiences can help any company prepare for the worst.
It’s not about if it will happen, it’s about when.
The catastrophic events collected in the acronym DISRUPT
In recent years, more and more companies are finding themselves dealing with catastrophic events, and consequently they are changing their approach to the risk of business interruptions.
There are six main factors that have brought risk management to the fore.
These factors are often summarized with the acronym DISRUPT:
- Interdependencies – a denser network of interdependence between companies and services, for which an interruption risks affecting the entire supply chain;
- Short-term focus – the reduction of business cycle times, which leads to a more focused mentality on the present;
- Regulatory compliance – state risk prevention laws become increasingly specific and comprehensive;
- Urban concentration – urbanization goes hand in hand with the growth of some companies, and this increases the risks linked to the activities;
- Greater Probability of shocks – what appear to be minor risks in the long term tend to accumulate;
- Pressure for Transparency – companies are increasingly subject to scrutiny by the media and the public, and therefore interruptions also tend to play an increasingly important role in their public image.
Responsibility for a company’s readiness often falls on administrators, managers and managers, who are increasingly required to deal with risk planning and management.
If your organization has not yet faced a serious outage or crisis, the question to ask is not if it will happen, but when.
Disasters such as the terrorist attacks of 2001, Hurricane Katrina of 2005, the financial crisis of 2008-2009, and the earthquake in Japan of 2011 have led many companies to work more on predicting catastrophic risks, and to build risk management programs more robust, ready to be implemented in case of need.
Companies must be ready to imagine the unimaginable, plan response strategies, and prepare to face the worst.
Entrepreneurial decisions to manage interruptions
Managerial decisions are often made following an intuitive thought, characterized by different biases , that is, prejudices that lead not to face a situation objectively.
Among these, for example, there is the availability bias, or the tendency to base one’s own risk calculations using only the information available, thus leaving aside eventualities that have never occurred in personal or corporate experience.
When it comes to catastrophic events, therefore with low probability but high impact, a common trend is to underestimate the impact of events that have never occurred in the past, and to focus too much on events that have already happened.
Another bias that negatively affects managerial decisions is the status quo bias, or the tendency to try to keep a situation that seems stable unchanged.
All these arguments are part of an intuitive thought, which tends to be very personal, and therefore not to fully analyze a situation.
A deliberative approach, on the other hand, places greater attention on a systematic analysis, in addition to more complex decision protocols, both essential factors to guarantee the readiness of a company to face catastrophic scenarios.
Although the costs of designing and implementing these strategies are high, a positive aspect is that more executives are now ready to adopt a deliberative approach, having a greater awareness of the bias and that can lead them to make badly informed decisions, in addition to a greater openness to learning from the experiences of other companies that have faced similar situations.
The risk appetite of a company represents the type and quantity of risks it is willing to take to achieve its objectives. It is opposed to risk tolerance, or the maximum loss that it is willing to accept against a given risk.
Many companies have developed a deliberative risk-analysis cycle. Learning from past experience, the company identifies and assesses the dangers it could face, after which it establishes appetite and risk tolerance, the foundations on which to build its risk management strategies.
A large risk appetite requires greater tolerance for interruptions. Finding the right balance between the two measures has become an essential part of company resolutions, and can explain the growing importance that the role of Chief Risk Officer has assumed in many companies.
Risk management and crisis response strategies, combined with a company’s culture, are the main ingredients of the deliberative approach adopted by many large companies.
Many risk management strategies have emerged following large-scale disruptions faced by various companies since the 2000s, including the 2001 attacks and the 2008-2009 crisis. Companies are also learning from their own experiences, even in cases where catastrophes have been avoided by a whisker.
Companies are struggling to prepare and manage adverse events, disruptions, and crises, more comprehensively, in the area of corporate risk management and business continuity planning.