The pandemic we are living through has brought home the need to take seriously risks that might seem improbable or far off in the future. As we are all learning, such risks, once unleashed, can expand quickly and with devastating global impact.
Yet, companies frequently fail to take adequate measures to address megatrends and their associated long-term risks. There is a significant disconnect between the matters identified in the corporate risk disclosures mandated by regulators — which frequently include long-term, strategic risks — and the risks actually addressed by corporate Risk Management functions — typically shorter-term, operational threats.
A world of cascading risks
Of course, long-term risks are not limited to pandemics. They can include everything from climate change to debt crises and social unrest, and they merit serious attention. In a recent blog post, I argue that we now live in a time when improbable events will occur not just with greater frequency, but also simultaneously — and that we are systemically underestimating the probability of such “cascading risks.”
The EY Megatrends reports highlight a range of long-term risks that companies face in today’s market. While the megatrends focus on long-term forces spanning the social, political and economic realms, they can generate risks that are squarely in the business domain and have near-term consequences.
The Megatrends 2020 report, for instance, explores how we are increasingly operating in a “techonomic cold war,” driven by populist leaders with interventionist instincts and the race to dominate next-generation technologies such as electric vehicles and 5G networks. In this environment, businesses are increasingly likely to be targeted using a range of unconventional tactics, from company bans and blacklists to cyberattacks using weaponized disinformation.
It’s easy to see how the techonomic cold war heightens a range of risks for companies. At the broadest level, it creates new sources of geopolitical risk for global corporations that could find themselves enmeshed in geopolitical tensions. Companies face increased operations risk as global supply chains become vulnerable to trade wars and company bans. They face heightened intellectual property (IP) risk as the race between nations to dominate next-generation technologies increases the likelihood of governments intervening on behalf of domestic firms, including through corporate espionage and IP theft. Perhaps most significant, though, is the intensification of cybersecurity risk, as lines blur between state and non-state malicious actors and a new kind of cyber-attack emerges: weaponized disinformation.
The weaponizing of disinformation — explored more fully in two other megatrends, “synthetic media” and “future of thinking” — raises challenges for companies beyond cybersecurity. Businesses face increased reputational risk through the prospect of malicious actors deploying deepfake videos and other synthetic media to damage a company’s brand and reputation.
Synthetic media could also be used to drive down a company’s stock price, creating new sources of financial risk.
“The next frontier of cybersecurity is disinformation,” says Kris Lovejoy, EY Global Advisory Cybersecurity Leader. “Deepfakes and other synthetic media can exact significant damage, and companies need to shore up their defenses — whether through technology or training.”
Perception and inaction
If failing to address long-term risks can place companies in peril, why do businesses fail to adequately address them?
To some extent, this is a product of behavioral biases and flawed incentives. Behavioral economists have demonstrated that we tend to excessively discount future risks, meaning that we underestimate their likelihood and don’t give them the attention they deserve. Incentive structures typically amplify this behavioral penchant for short-termism. For instance, since managers are measured and rewarded based on quarterly financial performance, there is a disincentive to invest in risk mitigation efforts that might pay off in the long term but impose costs in the near term.
The reluctance to take on long-term risks may also be a result of how they are perceived. “Leadership teams often view long-term, strategic risks as beyond their control,” says Tonny Dekker, EY Global Consulting Enterprise Risk Leader. “For risks that are driven by larger forces which management teams cannot control, such as geopolitics, managers may assume that there is little-to-nothing they can do to control or mitigate them.”
Four steps for managing long-term risks
But while it may be true that management teams cannot control the forces driving these risks, it doesn’t necessarily follow that there is nothing they can do to mitigate the risks themselves.
Here are four steps that leaders should take to address long-term risks:
- Envision future states and scan for risks
Start with a scanning exercise to visualize future states and identify long-term risks. The EY Megatrends and similar forward-looking publications can provide a useful starting point for such an exercise. Ensuring that boards and management teams have cognitive and experiential diversity might similarly broaden thinking to identify risks that might otherwise be missed.
- Map “trust journeys” to prioritize risks
Risk and trust are intertwined, since implementing risk mitigation measures is one way to boost trust. Dekker recommends that companies use a “trust journey” framework in their approach to long-term risks. “Start by identifying the stakeholders most pertinent to your business,” he says. “For an electric utility, this might be regulators, while for a professional services firm, it might be employees. Then, identify the risks that matter most to your most important stakeholders — which you should prioritize as the risks most critical to your business.”
- Conduct risk assessments to quantify risks
Once you’ve identified the risks most pertinent to your stakeholders and business, the next step is to use analytics to estimate the potential impact of these risks. This should take into account correlations between risks and their overall correlation with time, both of which make such risks more likely than they might otherwise appear. Quantifying risks provides a basis for understanding their impact on your business as well as for efficiently allocating finite resources.
- Build flexibility into strategic planning
These long-term risk assessments should inform your strategic planning. A key element of planning for long-term risks is to include optionality into plans, for instance, by building supply chains with redundancy and flexibility so that your global operations are more resilient to geopolitical risk.
The good news is that the COVID-19 pandemic has focused the attention of boards and stakeholders on risks over the horizon. Use the opportunity to give these issues the attention they merit.
The COVID-19 pandemic has highlighted the importance of focusing on a range of long-term risks that have a significant impact on business operations and growth. Despite the potential global impact of these risks, companies continue to both underestimate and underinvest in them. However, leaders can mitigate these risks by envisioning future states, mapping trust journeys, conducting risk assessments and building flexibility into their strategic plans.
By Gautam Jaggi
About the author: Gautam Jaggi is EY Global Markets EYQ Global Insights Director.
This article originally appeared at https://www.ey.com/en_us/megatrends/what-unseen-megatrends-will-shape-your-transformation and is republished with permission.