For much of 2020 and 2021, companies have been operating in crisis mode – focusing on responding to the challenges of the pandemic and shoring up their organizational defenses. Corporate resilience was top of the agenda for most boards last year, according to research from analysts McKinsey. Now that we’re entering the recovery phase, those same boards are pivoting to address not just resiliency, but also risk.
Looking ahead to 2022, there’s plenty in the pipeline that gives cause for concern. External shocks such as climate challenges and cybersecurity threats have the power to seriously disrupt unprepared organizations. However, shifting from a reactive approach to a proactive mindset isn’t always easy. When charting a course for 2022 and beyond, boards must play a key role in building resilience and mitigating risk.
New challenges for boards
According to McKinsey & Company, the biggest areas of concern for boards are political, macroeconomic and climate-related. Cybersecurity and emerging technology also make an appearance in the top ten external risks identified by survey respondents.
Climate risk and corporate governance
Climate risk has been on the corporate governance radar for several years, with governments adopting more rigorous Environment, Social, & Governance (ESG) standards and putting pressure on the private sector to follow suit.
The European Central Bank (ECB) clarified its requirements in this area in summer 2021, releasing guidelines by which companies can determine if their executive boards are equipped to handle climate-related transitions. These include examining the board’s experience, skills and knowledge of environmental risks and their financial impact.
KPMG recommends a climate governance strategy based on physical risks such as hurricanes and transitional risks such as regulatory changes and market shifts. The group highlights that climate risks are more prevalent in some industries than others, with those in energy, financial services, agriculture and transportation among the most vulnerable.
Cybersecurity threats
Cybercrime is on the rise in Europe, prompting the European Union to adopt a new cybersecurity strategy with the aim of strengthening its legislative powers and protocols. Data attacks aren’t going away. As technology evolves so too do the hackers and cyber-smart companies are following the EU’s lead in getting their defences ready for the next wave of cybercriminals.
A fully rounded risk management strategy in this area focuses on both external and internal threats, taking into account the fact that breaches often start within an organisation’s own infrastructure.
Getting the right tools can help mitigate this risk. Using a secure central corporate governance platform or board portal, which meets the highest industry security standards, can close any gaps and guard against future leaks.
Digital disruptors
Emerging technology brings both reward and risk, and an effective risk management strategy starts by distinguishing one from the other.
Implementing new technology can have unintended negative consequences. Perhaps it doesn’t integrate with a firm’s existing digital infrastructure, leading to operational inefficiencies. Staff may not be adequately trained. The technology could lead to new security concerns.
Board training and education can help. Being alert to upcoming trends, working with trusted partners, putting the right resources in place, ensuring engagement with management and other staff – these all mitigate risk and enhance reward.
The role of the board in building resilience
Board members don’t have to be IT specialists to recognize the risks of cybercrime or disruptive tech, nor do they need to be environmental engineers to appreciate the potential issues associated with climate change.
Their role is to assess liability and chart a course through both predicted and unforeseen turbulence, and that doesn’t just mean making sure the balance sheet has enough room to withstand shocks. It means playing out scenarios, running stress-tests and working with internal auditors and accountants to assess areas of vulnerability.
Doing this effectively may mean going back to basics – ensuring effective communication and information-sharing through tools such as board portals, making sure board members and management are fully integrated, and investing in skills training.
In times of uncertainty, fast decisions are wrong decisions. Outlining strategy ahead of time can help companies be as prepared and agile as they can be, so they can bounce back instead of ricocheting from one crisis to the next.