The past three years have seen organisations weathering storms brought by trade wars, a global pandemic, geopolitical and economic strife, and more recently even armed conflict in Europe. A reappraisal of the risk horizon will help businesses prepare for yet more testing times to come. Deborah Ritchie reports

Businesses face an “historically broad and deep set of risks” this year. These risks are interconnected in nature and, for some companies, pose an existential threat. These were amongst the stark warnings from risk consultancy, Control Risks, whose latest RiskMap identifies the top risks for businesses as fractious geopolitics, armed conflict, disrupted energy systems and economic strife. If ever there was a ‘perfect storm’ of risks, it is now.

Geopolitical risks

There will be a continuing risk of escalation and overspill from the Ukraine-Russia conflict, the report’s authors warn. The complex commercial, operational, reputational, supply chain and sanctions risks from this war means many are considering what these would look like in the event of a conflict in East Asia.

Whilst armed conflict between the US and China is very unlikely in 2023, it is this relationship that poses the greatest geopolitical risk for businesses in 2023, according to the report, as competition and confrontation “move from the trade and technology realms into the military domain”.

The prospect of an accident or miscalculation involving US and Chinese military vessels operating in Asia is something that businesses should be aware of, as well as efforts to decouple critical supply chains.

Similar notes were struck in a recent joint report from the Chartered IIA and Airmic, which went as far as to urge organisations to be in a permanent state of readiness “that recognises the nature of today’s crises”.

Published one year after the beginning of the war in Ukraine, Navigating Geopolitical Risk highlights the challenge of responding to once-in-a-generation events that today are occurring with far more frequency.

With geopolitical tensions rising around the globe, they warn that businesses may not be prepared for the next big crisis. The report’s authors advise businesses to resist the temptation to be events-led, instead undertaking scenario planning to be agile for future geopolitical incidents or crises.

“Geopolitical risk is becoming far higher in profile on the risk radar of most businesses and is a board agenda item – and one which demands a collaborative response from risk and internal audit professionals,” comments Julia Graham, CEO, Airmic. “Building resilience is imperative. Businesses need to be prepared to deal with significant disruption caused by geopolitical incidents.”

Hoe-Yeong Loke, head of research at Airmic, says that geopolitics has not been so turbulent and unpredictable since the end of the Cold War. “Nevertheless, geopolitics is not a game of predicting future events,” he adds. “To build resilience in a challenging world, scenario planning and horizon scanning are key for organisations preparing for geopolitical risk.”

Amongst its key recommendations, the report proposes that boards, and the internal audit and risk management functions recognise geopolitical risk as a strategic risk to the business, adding that it does not sit in a silo but instead exacerbates and intensifies a myriad of other business-critical risks such as supply chains, legal and compliance, reputation, financial liquidity and cyber security. This includes planning that is constantly challenged, stress-tested and with regularly updated baseline assumptions about the likelihood and impact of the risks they could face.

Anne Kiem, chief executive of the Chartered IIA, comments: “With geopolitical risk still growing in severity, business leaders must learn lessons from the conflict in Ukraine, by making sure they are properly prepared for the next big crisis that could be coming down the track. Internal auditors, working in partnership with risk management, have a vital role to play in supporting organisations’ preparedness for major geopolitical incidents.”

An upside amid uncertainty?

Finding an upside amid such high levels of uncertainty is a challenge in itself, but, as Control Risks CEO, Nick Allan notes in his foreword to the firm’s RiskMap report, companies still see opportunity ahead.

“In Asia, the prospect of a post-Covid China may well provide a big boost to regional growth prospects in addition to the opportunity that can be found in countries that are benefiting from supply chain reassessments, such as Vietnam and Indonesia. Energy producers in Africa can at least look to improve government revenues and gas fields, such as those in Mozambique, have become strategic priorities despite operational challenges. In Latin America, institutional robustness in Brazil, Chile, Mexico and Colombia provides a level of reassurance for investors that some had questioned.” he asserts.

“The view from the US is mixed. A very strong dollar makes international assets cheap and the flexibility and dynamism of the domestic market, coupled [with] energy self-sufficiency, makes many optimistic that US firms will prosper more than others in 2023.”

Post-pandemic, he adds, for organisations that are able to build resilience and plan for the medium term, there are “anchor holds of opportunity”.

Covid: It’s not over yet

It is hard to believe it has been three years since the Covid-19 pandemic was declared. At the time of press, there had been 759,408,703 confirmed cases of Covid-19 globally, and 6,866,434 deaths, according to the World Health Organisation. Whilst much of the world has begun to find its ‘new normal’, and even China is reopening its borders to foreign visitors for the first time since the beginning of the pandemic, Covid-19 lingers in some form or other for many businesses and societies. It is in the Western Pacific that the most recent spike in cases has been recorded, with numbers reaching an all time high there in December.

Covid will likely be with us forever, albeit in a much milder form. In many other ways, Covid is certainly not over yet, as unresolved business interruption-related issues remain for insurers in 2023.

Law firm DAC Beachcroft anticipates further cases dealing with other aspects of causation and aggregation will now be litigated in the wake of the Stonegate, Various Eateries and Greggs trilogy, decisions which brought a degree of clarity to the insurance market on aggregating occurrences, causation and how furlough is to be treated going forward.

“Aside from the almost inevitable appeals on these issues, unresolved issues remain, including over coverage for venues which never had to close, and issues arising out of loss of income for reasons other than inability to trade. Insurers will also have to deal with questions in relation to quantum arising from deaths, Long Covid and other causes which might extend the cover available for insureds,” the law firm reports in its Informed Insurance predictions for the year. “A series of litigated claims that will address coverage under various ‘at the premises’ disease clauses are also due to be heard in 2023. It also remains to be seen whether policyholders will try to unravel any of the Divisional Court’s findings on those prevention of access clauses left unaffected by the Supreme Court judgment in the FCA test case.”

Speaking to CIR Magazine, Jonathan Mitchell, partner at DAC Beachcroft, says it is important to note that the emphasis appears to be on guidance at present, but employers will need to be live to the possibility of claims if guidance is not followed. “Covid regulations have not been in place since 2021, however Covid-19 and flu continue to be a risk that must be effectively managed. At present, most employers may simply suggest that employees who have cold/flu or Covid-19 symptoms self-certify or work from home. In reality, this is probably no different to arrangements prior to the pandemic. There is, however, flexibility for employers to develop and adapt control measures specific [to] their needs. If new guidance is given, it would be a brave employer who chose not to follow any updated guidance without having first considered the risk.”

Whilst many employers have adopted a new hybrid working model following the lifting of Covid-19 restrictions, should updated work-from-home advice be issued, then employers will need to consider existing home working risk assessments and ensure they are up-to-date, he adds. “Of great importance is that the prevalence of various transmittable respiratory diseases in the community will make it incredibly difficult for an employee to demonstrate that they caught a virus in the workplace and to establish a breach of duty.”

Wider claims trends

In other major claims developments, DAC Beachcroft’s international experts anticipate that claimant representatives will continue to test the waters for occupational and environmental air pollution exposure claims, particularly where illness and/or injury can be clearly evidenced.

“Research and reporting around the physiological impact of exposure to diesel emissions continues at pace, with recent reports highlighting that toxic air particles are found even in the bodies of unborn babies,” the law firm notes in its annual predictions report.

“Significant hurdles remain for large scale actions, but the judiciary has shown it is prepared to be flexible in assigning responsibility for the consequences of air pollution where local and national regulators were involved. Whether such flexibility will extend to liability in negligence for exposure remains to be seen.”

In a related development, employers in the UK are advised to be aware of the Health and Safety Executive’s plans for the year to reduce work-related mental health issues and stress. DAC Beachcroft anticipates that HSE inspectors will take “keen interest in company policies for managing stress in the workplace during future investigations of workplace incidents”.

Construction sites, in particular, are a key focus for the Executive, which will be visiting sites to check employers and workers know the health risks in relation to moving and handling materials.

More widely, the law firm expects to see progression of objectives such as the launch of an occupational health and safety qualification in prevention and management of
work-related stress.

Cyber risk landscape evolves

Sophisticated cyber attacks are increasingly targeting critical national infrastructure, including gas, steel and power plants – attacks that can create systemic exposures for insurers whether they offer cyber cover or not.

The 2021 Colonial Pipeline ransomware attack was a high-profile example of the growing cyber threat for critical national infrastructure. The attack shut key conduits delivering fuel from Gulf Coast refineries to major East Coast markets for days, which led to panic-buying at petrol pumps and had a knock on effect across a number of industries, including aviation. The largest cyber attack against CNI in the US led to a State of Emergency being declared, and forced the government and companies to consider the reality of this risk, as more systems are moved online. In the UK, a cyber attack on South Staffordshire Water in 2022 claimed to have poisoned water supplies at the treatment plant in the middle of the country’s worst drought in history. These attacks are anticipated to continue to pose a threat, their effect cascading cross sector, and often – as with so many risks – without geographical borders.



This article was published in the Q1 2023 issue of CIR Magazine.

Download PDF

Contact the editor