How can organisations increase their awareness of future critical risks?

"Look at the big areas of risk and choose which ones you're going to plan for, and which ones you're going to take that opportunity from.  A lot of organisations have done very well out of COVID-19."

Ahead of teissR3 | Resilience, Response and Recovery Online Summit 2020, Dr Sandra Bell, CEO and Founder of the Business Resilience Company, talks to Jeremy Swinfen Green about mitigating the negative effects of risk, as well as taking advantage of the uncertainty that risk provides.

teissR3, taking place 15th - 24th September 2020, is the leading event focusing on how you improve your organisation’s cyber resiliency and adopt best-practice in incident response and crisis management in a post-COVID-19 world. Register your place by clicking here.

Video transcript

So how can organisations increase their awareness of future critical risks? How can they be sure that the problems that they've identified are the most significant ones?

Well, I think, again, you've got two issues sort of wrapped up in here. What we've done in the past, so you've got sort of risk awareness, which is all about understanding as you say and anticipating those risks, looking at the environment that you're in, how that's changing, what are the threats, what are the hazards of doing business in this particular environment?

Then you're looking at your vulnerabilities. What is it about your company that could actually fall or cause a hazard and create a risk? And so that is about the risk awareness. But then you've got an element, but what do you do about those risks once you've identified they're there?

So for example, a pandemic like COVID-19 was always going to be on the cards. It wasn't a black swan. It's nothing out of the ordinary. Pandemics are things that do happen. And if you look on things like the World Health Organisation, the scale, all of those sorts of measures that we've seen like the social distancing, the closing of workplaces, the closing of schools, all of that, are in the plans and an open source. And so therefore every Organisation will have known that that sort of thing was coming along.

But then it's about, as I say, the second bit is what do you do about it. Now we've got into a habit of having things like business continuity, like operational resilience, that will actually plan for things that you can foresee to mitigate, if you like, the negative effects of something happening.