It’s easy to see how the techonomic cold war heightens a range of risks for companies. At the broadest level, it creates new sources of geopolitical risk for global corporations that could find themselves enmeshed in geopolitical tensions. Companies face increased operations risk as global supply chains become vulnerable to trade wars and company bans. They face heightened intellectual property (IP) risk as the race between nations to dominate next-generation technologies increases the likelihood of governments intervening on behalf of domestic firms, including through corporate espionage and IP theft. Perhaps most significant, though, is the intensification of cybersecurity risk, as lines blur between state and non-state malicious actors and a new kind of cyber-attack emerges: weaponized disinformation.
The weaponizing of disinformation — explored more fully in two other megatrends, “synthetic media” and “future of thinking” — raises challenges for companies beyond cybersecurity. Businesses face increased reputational risk through the prospect of malicious actors deploying deepfake videos and other synthetic media to damage a company’s brand and reputation. Synthetic media could also be used to drive down a company’s stock price, creating new sources of financial risk.
“The next frontier of cybersecurity is disinformation,” says Kris Lovejoy, former EY Global Advisory Cybersecurity Leader. “Deepfakes and other synthetic media can exact significant damage, and companies need to shore up their defenses — whether through technology or training.”
Perception and inaction
If failing to address long-term risks can place companies in peril, why do businesses fail to adequately address them?
To some extent, this is a product of behavioral biases and flawed incentives. Behavioral economists have demonstrated that we tend to excessively discount future risks, meaning that we underestimate their likelihood and don’t give them the attention they deserve. Incentive structures typically amplify this behavioral penchant for short-termism. For instance, since managers are measured and rewarded based on quarterly financial performance, there is a disincentive to invest in risk mitigation efforts that might pay off in the long term but impose costs in the near term.
The reluctance to take on long-term risks may also be a result of how they are perceived. “Leadership teams often view long-term, strategic risks as beyond their control,” says Tonny Dekker, EY Global Consulting Enterprise Risk Leader. “For risks that are driven by larger forces which management teams cannot control, such as geopolitics, managers may assume that there is little-to-nothing they can do to control or mitigate them.”
Four steps for managing long-term risks
But while it may be true that management teams cannot control the forces driving these risks, it doesn’t necessarily follow that there is nothing they can do to mitigate the risks themselves.
Here are four steps that leaders should take to address long-term risks:
1. Envision future states and scan for risks
Start with a scanning exercise to visualize future states and identify long-term risks. The EY Megatrends and similar forward-looking publications can provide a useful starting point for such an exercise. Ensuring that boards and management teams have cognitive and experiential diversity might similarly broaden thinking to identify risks that might otherwise be missed.
2. Map “trust journeys” to prioritize risks
Risk and trust are intertwined, since implementing risk mitigation measures is one way to boost trust. Dekker recommends that companies use a “trust journey” framework in their approach to long-term risks. “Start by identifying the stakeholders most pertinent to your business,” he says. “For an electric utility, this might be regulators, while for a professional services firm, it might be employees. Then, identify the risks that matter most to your most important stakeholders — which you should prioritize as the risks most critical to your business.”
3. Conduct risk assessments to quantify risks
Once you’ve identified the risks most pertinent to your stakeholders and business, the next step is to use analytics to estimate the potential impact of these risks. This should take into account correlations between risks and their overall correlation with time, both of which make such risks more likely than they might otherwise appear. Quantifying risks provides a basis for understanding their impact on your business as well as for efficiently allocating finite resources.
4. Build flexibility into strategic planning
These long-term risk assessments should inform your strategic planning. A key element of planning for long-term risks is to include optionality into plans, for instance, by building supply chains with redundancy and flexibility so that your global operations are more resilient to geopolitical risk.
The good news is that the COVID-19 pandemic has focused the attention of boards and stakeholders on risks over the horizon. Use the opportunity to give these issues the attention they merit.
Our latest thinking
Summary
The COVID-19 pandemic has highlighted the importance of focusing on a range of long-term risks that have a significant impact on business operations and growth. Despite the potential global impact of these risks, companies continue to both underestimate and underinvest in them. However, leaders can mitigate these risks by envisioning future states, mapping trust journeys, conducting risk assessments and building flexibility into their strategic plans.
