Airmic 2014: Is risk changing or is it all in our heads?

Accurately identifying and prioritising risk is crucial for business success and, more specifically, to help risk managers decide on investment priorities. Establishing a rational, dispassionate view of risk helps with making a more informed decision about how to treat that particular threat.

Put simply, our response to risk is defined by our perception of it. The challenge for risk management practitioners is that risk is rarely perceived purely in the context of its technical parameters or probabilistic outcome. Instead, as human beings, our risk perception is defined by complex psychological, social and cultural factors.

One of the most important influences on risk perception is the media.

We all know how the media can skew events and how this can have a negative impact on the way the general public treat a specific threat. Sometimes this can have a particularly detrimental effect.

Here is one extreme example. Studies have shownthat in the days immediately after the terror attacks of 9/11, thousands of Americans chose to drive rather than to fly.

Researchers assume that fear of terror attacks compelled Americans to take to the roads instead of flying, thus exposing themselves to the heightened risk of injury and death posed by driving. This was an irrational judgment based on an emotional response to the horrific scenes that were given blanket coverage in the global media immediately during and after the terror attacks. It may even have led to greater numbers of deaths on the highways.

I believe risk managers have an important role to play helping organisations accurately contextualise risk and helping decision-makers make the most informed choices – based on scientific, rational risk assessments. Not emotional responses. If the media is hyping up events – it’s the role of the risk manager to stabilise the situation and to encourage reason to prevail.

Recent research by Willis indicates that risk priorities appear to shift significantly, in line with the emphasis that business leaders place on a particular risk at a certain point in time. These decisions over risk priorities are most likely driven by topical events, media scrutiny, shareholder pressure or the whims of the CEO.

For example, the Willis study shows that in 2007, technological, cyber and intellectual property risk were high on the agenda as companies were concerned by the challenges of integrating new systems and information technology. The risk then lost importance in the priority rankings until 2013 when reports of large scale cyber-attacks, security breaches and system failures made the headlines, bringing this risk into sharp focus again.

It is my belief that – while globalisation has almost certainly made risks more interdependent and complex – the types of risk facing businesses have not changed dramatically over recent years. This despite a myriad of high profile global risk events such as natural disasters, political upheaval and corporate catastrophes, that have served to heighten our awareness of risk, in a business context.

The elements that encompass business risk – such as IT platforms, physical assets, legislation and people – have remained more or less constant, even if the environments in which businesses operate in have evolved and expanded, leading to heightened exposures in certain areas. For example the risk of fraud has been on the risk management radar for some time, the dawning of the technology age, however, has magnified this risk by opening up new ways for people to commit this crime anonymously.

These issues will be the subject of a debate at this year’s AIRMIC conference, which I’ll be involved in. If you’re coming to AIRMIC you can join us for the workshop – or watch this space for my post-workshop analysis.