Risks & Megatrends
Airmic resource site
Risk professionals are operating in a world of volatility, uncertainty, complexity and ambiguity (VUCA). The Covid-19 crisis has brought that to a whole new level, putting the profession to the test. The key is velocity.
This resource site, brought to you by Airmic, offers knowledge content support to our members, partners as well as the wider risk management community. You will find guides, reports, articles and thought leadership pieces organised by five megatrend areas, to equip you to navigate the VUCA world of the Covid-19 new normal. The site began with research for Airmic’s 2020 annual survey report, and will be regularly updated and refreshed.
Cyber & technology
Individual and corporate exposure to cyber threats is expanding at a rapid rate. Artificial Intelligence techniques, while still in their infancy, are being utilised in more state and criminal operations for faster and harder-to-detect attacks. Targeting of operational technology is increasing as outdated analogue systems digitise and converge with IT networks at corporate headquarters.
Geopolitics & populism
The nature of risks today, especially geopolitical risks, is that they are increasingly interconnected. Indeed, while much has changed, there is a surprising element of continuity in the geopolitical threats that companies face in the Covid-19 era.
Governance, laws and regulations
Risks in relation to governance, laws and regulation continue to exhibit a significant level of concern for risk professionals and their organisations.
Trust & reputation
Trust and reputation have become increasingly important to businesses. With the pandemic, all businesses and organisations have been placed under additional stress. One might think they may be more easily forgiven for their errors, but consumers continue to find many corporate transgressions unacceptable.
Climate & environmental
Businesses will bear the brunt of climate change. These will cause knock-on effects that will disrupt supply chains and impact staff, ultimately leading to lost revenues and repetitional damage. Yet many businesses still see climate action as external to them – something for governments instead to deal with.
Business interruption from a cyber-attack
– resulting in fines (e.g. from GDPR), reputational damage
(e.g. recession in key economies)
Compliance with evolving digital regulation
(e.g. data protection, privacy and the upcoming online harms legislation)
Digital disruption to businesses and workforce
The organisation falling victim to phishing or fraud
Regulatory failing or incident
(e.g. Volkswagen scandal)
Social media-driven reputational risk
(e.g. #MeToo allegations)
Increased sanctions, regulatory activity, bribery and corruption, and anti-money laundering activity
Extreme weather events due to climate change
(e.g. fires, storms, flooding)
Victim of state
- sponsored cyber warfare
Climate change-induced shift in consumer sentiment towards your product or service
Societal change and unrest
(e.g. populist politics, riots, strikes)
Heightening shareholder litigation risk
(e.g. individual directors & officers (D&O) liability)
Loss of trust in media, information sources
(e.g. as a result of fake news)
Trade disputes and rising tariffs
Outbreak of war, acts of terrorism
Transition and liability risks from the transition to a low-carbon economy
(e.g. the economic and political impact of dramatic shifts in the price of carbon)
Risks to human health as a result of air and water pollution
(e.g. US-China tech war over Huawei)
Loss of trust in governments and elites
Catastrophes not necessarily related to climate change
(e.g. earthquakes, volcanic eruptions, human-induced environmental disasters such as oil spills)
Product-related reputational risk
(e.g. product recalls)
The average score on a scale of 1 to 5, where 1 means the megatrend is “not a concern”, and 5 means it is of a “very high concern.
Cyber & technology
Our new virtually enabled, data-driven and distributed homeworking has transformed the daily reality for millions of employees.
It has also increased our vulnerability to cyberattacks. Criminals have weaponised the fear and uncertainty of the pandemic to commit financial fraud and extort ransoms. Meanwhile state actors have focused on disruption, espionage and surveillance. The tactics are not new, but the scale and volume of the attacks have been. This has shone a stark light on those organisations that have not made significant progress in digitally transforming their operations.
Digital transformation is a nebulous term with many different definitions. At its heart, it is a way to empower an organisation with the skills, culture and data insights to enable innovation and growth. It is also a way to build resilience. Automation, Artificial Intelligence and cloud infrastructure, among other technological advancements, present huge opportunities. However, they also form the basis of a digital landscape that makes us more interconnected and thus more exposed than at any time before.
Our individual and corporate exposure to cyber threats is expanding at a rapid rate. Artificial Intelligence techniques, while still in their infancy, are being utilised in more state and criminal operations for faster and harder-to-detect attacks. Targeting of operational technology – the systems used to control industrial operations at manufacturing facilities, power plants and other critical infrastructure – is increasing as outdated analogue systems digitise and converge with IT networks at corporate headquarters.
Climate & Environment
While the Covid-19 crisis has occupied the full attention of governments, and rightly so, this has been to the detriment of urgent climate action.
There is a real danger of kicking the can down the road. Businesses will bear the brunt of climate change, which is already posing risks to them today. Flooding and other extreme weather events have damaged assets and have disrupted business operations. These will cause knock-on effects that will disrupt supply chains and impact staff, ultimately leading to lost revenues and reputational damage, all of which will intensify over time.
Yet, many businesses still see climate change as something for governments and NGOs to deal with and co-ordinate, and are unwilling to make investments towards that end. Most businesses are unlikely to take appropriate action unless forced to do so by legislation.
Boards in the private sector, focused on quarterly reporting and answering to their shareholders, are less driven by the urgency to tackle climate risks. Such pressures leave companies with less bandwidth for complex environmental regulations and laws, which can be daunting to keep up with.
That said, the number of companies committing to net-zero emissions by 2050 is increasing. Last year saw a slew of new commitments towards this end by some of the world’s highest emitting companies.
Trust & reputation
Trust and reputation have become increasingly important to businesses. According to AMO, the total value of global reputation last year was in excess of $16 trillion.
This has come at a time when social media carries the propensity for amplifying reputational damage, especially following activist events such as #MeToo.
Reputation has been defined as the “emotional connection between people and companies”. The growing importance placed by businesses and their customers on it comes in the context of the rising importance of intangible assets. According to MSCI, intangible assets represent as much as 80% of the value of S&P 500 companies, and even higher for companies in sectors such as IT and health care.
The 2020 Edelman Trust Barometer found that business ranks highest in competence. But there are two different trust realities. The informed public – wealthier, more educated and frequent consumers of news – remain far more trusting of government, business, NGOs and media than the mass population. This has been driven by a deepening sense of inequity and unfairness in the system, where the perception is that institutions increasingly serve the interests of the few rather than the many.
Risk professionals should not underestimate how the phenomenon of fake news and disinformation campaigns can impact their businesses and organisations in very direct ways.
Geopolitics & populism
While the Covid-19 pandemic is primarily a problem of human health, it has carried inevitable consequences for geopolitics as well as domestic politics.
After all, geopolitics is about how businesses sit within the economy, policy and geography, and the impact that events such as pandemics have on this relationship.
Analysts are now warning of a new Cold War between the US and China. The on-off trade disputes between them, which created uncertainty for the global economy in the last few years, look likely to continue unabated.
Headline issues in the tech war have centred around the concerns of the US administration regarding the Chinese telecoms giant Huawei. This has led to other countries finding themselves in a delicate position between the US and China.
As employees began to work from home in compliance with the lockdowns around the world, this exposed their organisations to increased cyber risks and breaches.
A debt crisis among emerging markets is growing as developing countries face a wave of government bankruptcies, due to the global economy going into shutdown.
The Covid-19 pandemic threatens to spark a new wave of Euroscepticism and populist politics. For instance, in Italy, the first epicentre of the pandemic in Europe, a poll found that 88% of its people felt the EU had failed them – which could provide fertile ground for anti-Europe campaigns.
Despite calls by many for a green recovery from the coronavirus crisis, there is a risk that local and global efforts to tackle climate change are flagging, as other risks seem to be taking priority.
Governance, laws & regulation
Risks in relation to governance, laws and regulation continue to raise a significant level of concern for risk professionals and their organisations.
Compliance with evolving digital regulations continues to be among the top risks of concern to risk professionals over the medium term, and ties in with the overall importance of the cyber and technology megatrend.
As seen through directors and officers (D&O) claims notifications, scrutiny of the decisions made by directors and officers is intensifying. More and more corporate boards are being forced to defend themselves and their companies from a growing range of allegations involving matters such as bribery, corruption, sanctions, regulatory breaches and cyber security. New issues and exposures have also recently emerged, informed by movements such as #MeToo.
The current environment also may distract from risks relating to sanctions, regulatory activity, trade tariffs,bribery, corruption and anti-money laundering, but these risks continue to have material implications for boards and risk professionals. These risks are ever expanding, as evidenced by increased US pressure on Iran and the burgeoning trade war between the US and China over technology equipment and possible security threats.
Businesses that are informed enough to anticipate threats, prepare for them, stress test and adapt accordingly will be best placed to persevere in this climate. This requires strong corporate governance and robust enterprise risk management that gives organisations room also to innovate.
Survey & research methodology
Airmic’s 2020 survey on risks and megatrends received 150 responses from 14 February to 31 March 2020. For context, this corresponded to the period when the Covid-19 pandemic was beginning to hit Europe, in particular from the first cases of infection in northern Italy until the end of the UK’s first week of lockdown.
Subsequently, roundtables with Airmic members were held to gather qualitative responses. Written interviews were held with key representatives of the associations listed below in the acknowledgements.
Risk megatrends: ranking methodology
From a list of five risk megatrend areas with five sub-areas each, survey respondents were asked to assess the extent to which each of these would be of concern to them and their organisations, in the course of the next three years. They were asked to do so on a scale of 1 to 5, where 1 meant it was ‘not a concern’ and 5 meant it was of a ‘very high concern’.
The list of megatrend areas and sub-areas was mapped out by Airmic during December 2019 and January 2020, and reinforced through secondary research and benchmarking with other risk megatrend studies. To reduce selection bias and to pre-empt unforeseen risk areas, survey respondents were also offered open-ended options to identify and assess other risk megatrends not on the list.
A simple average for the level of concern each risk megatrend sub-area posed to all respondents was calculated and expressed as a score out of 1 to 5. The level of concern for any given risk can thus be formally denoted as:
where N_r is the number of respondents for risk r, and concern_(r,n) is the level of concern assigned by respondent n to risk r. The level of concern felt by respondents to each risk was measured on a scale of 1 to 5.