Most crisis managers agree: The world became a riskier place to do business in 2016. With cyber crime on the rise, the volume of social media undermining their ability to manage reputation and political disruption causing uncertainty within boardrooms, last year presented a minefield of risks. And it’s only to get worse over the next three years managers believe.
hose sentiments derive from a survey of 537 senior executives conducted in November and December by The Economist Intelligence Unit (EIU) and sponsored by FTI Consulting. The survey assessed the sources of corporate risk in 2016 and its evolution over the next three years.
The executives, all of whom were involved in the crisis management function of their firms, hailed from 15 industries and represented firms around the world. Nearly one in five (19%) were members of their firm’s board of directors and 33% were from the C-Suite. The rest ranked at director or above. All represented companies with annual revenue of at least US$200 million.
The survey results show that risk managers across the world share similar concerns with old and new risks impacting on their ability to manage company reputation and protect financial value. Here, with commentary by five FTI experts, is a look at the risks keeping them up at night.
1. The World is a Riskier Place to Do Business
Product recalls. Bogus bank accounts. Company servers hacked. The sheer number and variety of corporate crises that occurred in 2016 all contributed to a sense among experienced crisis managers that last year was somehow different, reports the EIU. It seemed that risk escalated, their impact amplified and the pace of crises accelerated.
In fact, few corporations escaped a serious crisis last year. Nearly three-quarters (73%) of respondents reported at least one crisis that could have significantly harmed their firm’s reputation. Seventy-two percent of the executives reported a crisis that could have significantly harmed their firm’s financial value.
“There is a strong sense that crises are occurring more often and with more potential for reputational damage,” says John Klick, Senior Vice President. “That is leading to a greater sense of vulnerability among multinational corporations.”
That vulnerability is reflected in the survey findings, which showed an increase of risk in 2016 across all of the industries surveyed. When asked to assess whether the world became a riskier place to do business in 2016, almost two-thirds (64%) of respondents indicated it had.
2. Standard Risks + New Risks
When asked to identify the types of crises that had the greatest impact on the reputations and the financial values of their firms, the executive’s responses fell into three distinct groupings: standard risk, political disruption, and cyber-insecurity.
Standard risks embody traditional crises that executives have confronted for years. These are events that a good manager once could have taken care of and put to bed, such as product recalls, environmental accidents and workforce issues, among others. According to the survey, 34% of respondents cited standard risks as having had the greatest impact on their firm’s reputation in 2016. When asked about impact on financial value, 27% of executives cited a standard crisis.
Today’s executives not only confront standard risks, however. Two new risks — cyber insecurity (see item 3 below) and political disruption — also play a role. These are not so much events as they are systemic changes that put constant pressure on a firm and its crisis team. In essence, they are “always-on” risks that need to be built into their systems.
In 2016, political disruption accounted for 12% of crises that threatened their firm’s reputation, and for 14% of crises that threatened its financial value. Looking forward, when asked how they believe the U.S. Presidential election will affect crisis management at their firms, 43% of respondents said it would make it more challenging. That response gets at a sense of uncertainty — and not just in the U.S. Across the globe, the Trump election rocked the boat. In Asia-Pacific, 40% of executives said it would make crisis management more challenging; Europe reported 44%, North America 44%, and the rest of the world 46%.
“This marks a sea change,” says Mitch Silber, senior managing director, geopolitical intelligence. “The U.S. used to be perceived as having a sense of continuity. The presidency of Donald Trump suggests that continuity may be breaking down.”
3. Cyber-Insecurity is the #1 Nightmare
More than all other crisis types combined, cyber insecurity (hacking/release of sensitive information, cyber-attacks that steal assets, cyber-attacks that comprise data) topped the list of concerns for executives in 2016. When asked what type of crisis had the greatest impact on their firm’s reputation, 53% of executives cited cyber-attacks. When asked about greatest impact on their firm’s financial value, cyber-attacks reached 60%.
Anxiety about future attacks also trouble the executives, 36% of whom identified cyber-insecurity as the risk factor that will have the greatest influence on crises over the next three years. Given the rising number of firms who are digitizing their data and storing it on information networks, and the vulnerability that entails, it’s not surprising. But there’s also the success, scale, and variety of high profile attacks that potentially attract more criminals. Consider alone the Tesco Bank heist last November in which some 40,000 accounts were breached.
“The threat is evolving while hostile actors are becoming more pervasive and innovative,” says Peter Nolan, Senior Managing Director, Global Risk & Investigations. “You can expect companies to move to more fully integrate robust preventative measures into their day-to-day business operations and corporate cultures.”
4. Social Media is Running Amok
Historically, managers have felt able to control the dialogue surrounding a crisis and calm the waters. Lisa Dane, senior managing director of Global Risk & Investigations comments: “Companies traditionally had a ‘golden hour’ where they could gather themselves in a crisis and prepare a well-crafted, multi-pronged response for conventional media like newspapers and TV news. The ubiquity and immediacy of social media has eliminated that option.”
Social media has ramped up the speed and spread of a crisis. When the executives were asked whether social media amplified public knowledge about corporate crises in 2016, 70% replied in the affirmative. Nearly three in four executives (73%) indicated that social media accelerated the pace of corporate crises in 2016.
“The instant digitization of crises makes it all the more imperative that companies have strong crisis management teams and preparedness plans in place that can be launched immediately to manage and minimize reputational issues,” says Dane.
5. Where’s the Board When You Need It?
In this newly charged risk universe, more than two-thirds (67%) of respondents — board members and non-board members alike — agree that boards of directors will need to take a stronger role in managing future crises. But the survey shows that board members are rarely at the forefront of a corporate crisis — less than 12% of executives reported the board is likely to lead their company in a crisis.
Might that lead to confusion in a crisis? It may well depend on the nature of the crisis. When asked to identify the greatest responsibilities of the company’s leadership in a corporate crisis situation, the opinions of board members and other executives diverged. Board members took the long view, with 41% indicating that protecting the brand/customer base should be top priority, compared with 29% of non-board executives. On the other hand, 49% of executives said that minimizing legal liability was most important.
Meanwhile, all board members and executives agreed that the board should play an active role in crisis management initiatives such as determining crisis strategy.
“The board can bring a diversity of experience to managing a crisis,” says Brian Kennedy, Senior Managing Director. “As risks rise in the coming years, management is going to need to rely more heavily on a strong board in difficult times.”
AN EXPONENTIAL STATE OF RISK
Whether the risk of doing business in 2016 actually escalated or not, the sense of escalation among those executives surveyed is very real. This could be due to the fact that they now face a combination of both standard risks and new. When combined, standard risks plus the unpredictability of political disruption plus the growing menace of cybersecurity makes for a heady brew. Add in the amplification of crises from social media, and the possibility of risks might be termed exponential.
“We’re starting to see senior management teams devote a lot more preparation to contingency planning, says,” says Mitch Silber. “They’re trying to forecast where the risks are and make plans, even as long tail events occur. That’s a change over the past year. Now, it’s standard operating procedure.”