Katelyn Johnson, PhD, Senior Manager, Verdantix
Risk is everywhere—an ever-present factor that impacts every facet of life and business operations.As the global risk landscape evolves, organizations face complex challenges such as climate change, technological disruptions, and emerging regulations.
When it comes to risk, you often don’t know what you don’t know.
To adapt, businesses must transition from traditional risk management approaches to frameworks that account for both visible and hidden risks.
Operational resilience—defined as the ability to predict, prevent, endure, adapt, and rebound from disruptions—requires planning for even the most far-fetched scenarios. A thorough approach to scenario analysis and risk preparation is essential to ensuring business continuity in the face of uncertainty.
HOW IS THE GLOBAL RISK LANDSCAPE SHIFTING?
The global risk landscape is increasingly dominated by environmental, societal,
and technological risks. Over the next two years, key concerns include cyber insecurity, misinformation, extreme weather events, and biodiversity loss. Looking further ahead, environmental risks such as biodiversity loss, natural resource shortages, and critical changes to Earth systems take center stage.
Environmental risks are particularly prominent due to their long-term implications.
For example, biodiversity loss has become a significant focus of emerging regulations, such as the Task Force on Nature-Related Disclosures. This task force is a voluntary framework – it hasn’t become mandatory regulation (yet).
Increasingly, regulations are being aligned to existing voluntary frameworks like the Task Force on Climate-Related Financial Disclosures (TCFD) and Task Force on Nature-Related Financial Disclosures (TNFD)–placing increased focus on firms’ climate-related risks or impacts on biodiversity. These frameworks aim to drive accountability and transparency in managing environmental harm.
This shift underscores the importance of businesses moving beyond traditional risk frameworks and incorporating these emerging threats into their overall strategies.
Lessons from Antarctica – Risk Management in Extreme Environments
You may be wondering what a climate scientist’s role has to do with business risk. My background working in Antarctica is all about risk—managing it, planning for it, and surviving it. In this work, I’d be stationed six hours from the nearest support base, with no help coming—unless the weather clears. Supplies are limited, and you’re trying to drill ice cores half a mile deep while running heavy machinery in subzero temperatures. You plan for everything, but even then, something always goes wrong.
Transporting the ice cores is just as risky. They must stay below -18°C (-0.4°F) at all times, or the record is ruined. Once, a dockworker strike delayed a shipment, and someone forgot to plug in the freezer container. Years of work, gone.
Risk was everywhere, but we made it work because we planned for the unexpected. If we can manage risk in Antarctica, we can certainly manage it here. It’s all about building resilience—anticipating challenges so thoroughly that even when things go wrong, the impact is minimal.
What Role Does Technology Play in Risk Management?
While technology brings immense opportunities through digital transformation, it also introduces significant risks such as cyberattacks, data breaches, and compliance failures. The rapid evolution of technology requires organizations to address both operational vulnerabilities and external threats.
For example, the European Union’s Artificial Intelligence Act introduces a phased approach to regulating AI development, emphasizing safety, transparency, and ethical standards.
The Act applies globally to companies offering AI-enabled products or services in the EU market and establishes categories of risk, ranging from high-risk sectors like healthcare and law enforcement to unacceptable uses like exploitative practices and election interference.
Balancing the benefits of new technologies with the risks they pose is critical for businesses to thrive in a rapidly changing environment.
How Can Companies Prepare for Climate-Related and ESG Risks?
Climate risks are increasingly affecting operational continuity as extreme weather events grow more frequent and severe. According to the UN’s 2023 Emissions Gap Report, global efforts to meet Paris Agreement targets have fallen short, requiring a 42% reduction in emissions by 2030. This failure increases the likelihood of more extreme weather events, such as heat waves. Events that disrupt operations and supply chains.
Regulatory frameworks, such as the EU’s Corporate Sustainability Due Diligence Directive, demand greater transparency around environmental harm and human rights within supply chains. These mandates extend beyond
Europe, affecting companies with global operations or supply chain ties to the region.
Businesses must prioritize environmental, societal, and technological risks in their short- and long-term planning, integrating these considerations into risk management frameworks.
What Are the Key Challenges in Achieving Operational Resilience?
Operational resilience involves an organization’s ability to adapt, endure, and recover from disruptions while maintaining essential functions. Achieving this resilience requires addressing not only known risks but also hidden risks that often go unnoticed.
Hidden risks—referred to as the “hidden part of the iceberg”—include supply chain dependencies, cascading risks, and local factors such as regulatory changes or employee safety. For example, an extreme weather event may not directly impact a business but could disrupt supply chains, local infrastructure, or production capabilities, leading to unsafe working conditions, increased costs, or missed contractual obligations.
Businesses must also consider compound risks, where multiple disruptions coincide, and systemic risks that affect entire industries or markets. Addressing these interconnected risks requires comprehensive planning and scenario analysis.
Actionable Steps for Enhancing Risk and Resilience Frameworks
- Think Beyond Compliance: Develop forward-looking strategies that go beyond meeting minimum regulatory requirements
- Establish Cross-Functional Ownership: Collaborate across departments to manage risks holistically
- Continuous Training: Keep employees updated on evolving regulations, compliance responsibilities, and ethical practices
- Prepare for Long-Term Risks: Create adaptive strategies that account for both immediate and future challenges
Final Thoughts
Risk management? It’s no longer confined to individual departments or isolated frameworks.
Today’s interconnected risks demand a unified approach. One that prioritizes resilience, leverages technology, and fosters a culture of accountability.
By aligning on risk priorities, breaking down silos, and adopting an integrated approach, businesses can manage risks holistically, improve compliance, and strengthen operational resilience. Organizations that embrace these strategies will be better equipped to navigate the challenges of a rapidly changing world and thrive in the face of uncertainty.
Interview conducted by SAI360.com. For more, visit https://www.sai360.com/resources/grc/managing-the-iceberg-addressing-visible-and-hidden-business-risks-whitepaper-pdf
