Xanara’s Newsroom

ASKXANARA
March 2024

Building a resilient organization in the face of emerging risks

Building a resilient organization in the face of emerging risks

Risk professionals from across the Middle East generally agree about the key risks facing their organizations in the coming two years, with the cost of living crisis at the top of the list. Marsh surveyed leading risk managers and C-suite executives during recent roundtables related to the World Economic Forum (WEF) Global Risks Report 2023 (GRR), which was released in January.

Participants agreed across the board that the cost-of-living crisis is the top risk facing their organizations in the short term, which was also the top risk cited in the GRR.

Regional risk professionals generally agreed on the overall makeup of the top five risks, if not the specific ranking. For example, participants from Bahrain and UAE ranked geo-economic confrontation as their number two short-term risk, while Qatar placed it at number four and Oman at number five.

Which stakeholders should manage risks related to cybercrime and cybersecurity?

UAE participants leaned heavily to saying businesses are the most effective stakeholder to manage cyber risks (47%), followed by the national government (21%) and public-private cooperation (13%).

Omani participants were the most likely to see the national government as the most effective manager of cyber risk (48%), followed by local government and businesses (both at 24%).

Qatari respondents split fairly equally among businesses (31%) and public-private cooperation (27%), followed by national government (22%). Bahrain participants followed a similar pattern, with businesses (39%) and public-private cooperation (31%) topping the list, followed by national government (14%).

What role does the insurance industry have to play in mitigating cyber risk?

Across the region, participants were more likely to see an insurance role in mitigating cyber risk than they did for insurers having a role in climate risk mitigation. In this case Omani participants were the most likely to see an insurance role.

 

Building a resilient risk management culture

While it is both interesting and insightful to have a view of how organizations across the region view specific emerging risks, many of the steps to mitigating them are linked to building a resilient organizational risk management strategy.

The 2023 GRR report focused in part on the interconnectivity of crisis events occurring at the same time or in the same place, what the WEF called “polycrises.” Globally, these polycrises — from the cost of living to climate change to cybersecurity and more — are causing many organizations to make ever more comprehensive assessments of the risks they face.

At Marsh we believe that characteristics of a sound resilience approach can be built around the following principles:

  • Resilience is more than a compliance exercise. It involves dynamic assessments of risk that entails a continual, proactive reappraisal of whether the actions being taken to address them are enough in an environment marked by constant change and polycrises.
  • Resilience is not a task to be left only to risk professionals. It requires an organizational framework that fosters engagement across the enterprise and that is united around a common view of the risks and crisis scenarios that could cause the most damage to — or represent the biggest opportunities for — the organization.
  • Risk resilience should be connected to strategy, including incorporating risk finance and transfer strategies into a coherent system designed to maximize all investments made to build resilience.
  • Resilience should be measured and monitored so as to provide an ongoing assurance that the organization is able to respond to events, recover from them, and, importantly, thrive in the world’s ever-changing external risk environment.

Resilience isn’t about predicting the future with certainty or reaching some specified destination. Instead, resilience aims to help identify uncertainty in dynamic systems and environments through scenario planning, risk modelling and data analysis, stress testing, and more.

It seeks to measure the potential impacts of events, and in doings so reduce uncertainty to a feasible degree, which in turn enables better decisions about where to invest.

Having a robust resilience strategy can lead to a number of potential benefits — including higher levels of trust in the organization and its leadership, improved financial performance, and improved readiness for any crisis.