After COVID-19, Organizations Are Increasingly Focused on Resilience

The experiences of the COVID-19 pandemic have forced organizations to think more about risks and resilience, including finding a way to balance the near-term crisis with longer-term exposures, according to a panel of experts.

Moderating a recent Federation of European Risk Management Associations (FERMA) webinar titled "Global Risks and Resilience," Typhaine Beauperin, FERMA's CEO, noted that the pandemic has prompted organizations to think more effectively about both expected risks and unexpected ones. To that end, FERMA has made "From Risk to Resilience" its theme for the year, Ms. Beauperin said.

"When possible, it's important to balance responding to the crisis in the short term while working to increase resilience to other risks facing the business and society in the longer term," said one of the webinar panelists, Carolina Klint, managing director and risk management leader of Continental Europe at Marsh.

"The pandemic has changed the way we think about risk because we've all had the opportunity to learn first-hand that these low-frequency, high-severity events do happen, and their impact can be quite sudden and quite serious," Ms. Klint said. The crisis has also provided greater understanding about the interconnectedness of risks, she said.

"The crisis we faced is clearly unprecedented," said another panelist, Philippe Cotelle, head of insurance risk management at Airbus Defense and Space. To some extent, many companies' ability to cope with the situation and move quickly into a digital mode is a good example of resilience, he said, and many businesses had spectacular results in switching to remote workforces and an emphasis on e-commerce.

"However, such a situation is there to stay," Mr. Cotelle said. "The world will never be back to where we were before the crisis."

As businesses made such drastic changes to digital business while in a crisis mode, some companies had to compromise security, he said. Now, should they be confronted with a cyber issue, the costs for many companies will be greater than before because they've become more reliant on online work and commerce. The threat is also manifesting itself in the increased number of cyber attacks since the beginning of the pandemic.

"We see a gap increasing between the companies that were prepared before COVID and were mature enough in managing these types of risks ... [and] the companies that were not ready beforehand, and maybe the smaller ones," Mr. Cotelle said. That later group is facing a "security debt," he said, and will need to incur costs to get their cyber security to the necessary level.

Valentina Paduano, chief risk officer and sustainability officer at Sogefi Group, said that resilience is the ability of an organization to be flexible and reactive not just to events like the pandemic but to other sorts of developments in the business environment as well.

"That means to have a business mindset ready to evaluate any new opportunities and risks," she said, with the company able to develop new ways to do business as appropriate as conditions change. "This is a resilient approach," Ms. Paduano said.

The pandemic has shown that companies with consolidated risk management have been able to be more reactive in executing responses to the crisis and reducing the pandemic's negative impacts on the organization, she said.

Ms. Beauperin noted that much of FERMA's discussion of resilience in the pandemic's wake is informed by the World Economic Forum (WEF) Global Risks Report 2021.

"Many of our clients use it as a reference point for thinking about the emerging risk landscape, key threats, and how resilient their organizations are," said Ms. Klint. "One of the main areas of focus in this year's report is resilience in the face of the pandemic."

Ms. Klint discussed three areas of risk discussed in the WEF report.

Human Risks. "2020 proved to be the emotional equivalent of a marathon," she said, given the effects on mental health from lost schooling, changing work arrangements, job losses, isolation, and the economic downturn. "I think businesses need to recognize that their employees are human beings and pay attention to the mental health risks from the ongoing pandemic stresses," Ms. Klint said. She suggested that businesses should be prepared to provide employees with programs and tools free from any stigmas associated with mental health. "Companies may actually be able to use the pandemic as an excuse to create friendlier workplaces," Ms. Klint said.

Digital Risks. The WEF report highlights how the rapid change to remote working increased cyber exposures and created more complex and potentially less secure networks. "We see attack rates going up, significant spikes in fraud attempts, greater volatility," Ms. Klint said. The volume of cyber attacks doubled since the early days of the pandemic, she said, highlighting the need for organizations to focus on cyber security.

Sustainability. "The motivations for organizations to concentrate on sustainability and ESG [environmental, social, and governance] comes from all angles," she said. Regulators and policymakers are implementing more ESG performance-related requirements while customers are also focusing on organizations' production and supply chains. "Consumers and investors expect companies to reflect their values," Ms. Klint said, and businesses need to take steps to prevent negative impacts on revenues, reputations, and even access to talent.

The relative predictability of the business environment in recent decades might have allowed businesses to pursue efficiency at the expense of resilience, Ms. Klint said. Now, with the experience of the pandemic, many organizations are willing to invest in resilience. "2020 has left us with a new appreciation of risk and resilience," she said.

Eugenie Molyneux, chief risk officer of Commercial Insurance at Zurich, noted that across the risk landscape, different risks become issues at different times as that landscape changes. As organizations look to create resilience, it's important to recognize that some risks that might appear longer-term concerns actually need to be assessed and managed today, if organizations are to be prepared for them when they do arise.

"It's very important for risk managers to see that bigger picture, including the direct and indirect risks and including the timing," Ms. Molyneux said. "You need to think about how long it might take to mitigate some of those risks." In assessing risks, organizations should also look at trends, scenarios, and tipping points, testing risk tolerance boundaries against extreme scenarios, she said.

"The insurance industry absolutely sees the need to help its customers be more resilient," she said. "The more resilient the customers are, the better risk they are, from our perspective,and therefore the more likely they are to get the coverage they want."