The Russo-Ukraine conflict has shone the spotlight on exactly how interconnected our world has become today. Such geopolitical events highlight the fact that a specific risk does not exist in isolation. Instead, it impacts a host of other challenges.
The Ukraine crisis has resulted in a complex set of risks including business interruption, regulatory and legal compliance, supply chain disruptions, cyber threats, human capital concerns and ESG considerations.
What are the implications of such risk on corporate and risk management decision making?
The Russo-Ukraine conflict has exacerbated the impetus for organizations to ensure their business continuity and enterprise resiliency programs are in place and working well to sustain critical business activities while adapting to emerging threats.
Threats such as malicious actors, continued digitization, reliance on existing infrastructure, and supply chain disruption can cause severe business interruption if programs are not up-to-date and nimble enough to be responsive.
|Malicious actors||Ongoing volume and sophistication of Russian state-sponsored or other criminal threats to global organizations, industries, and infrastructure||Damage to companies and industries such as manufacturing, supply chain, and infrastructure
Challenging for organizations to stay current and recover from threats/events
|Continued digitization||Technological advances and uses (including adoption of automation and big data) leave organizations exposed to recovering from physical or digital attacks||Disruption to technological inputs, critical and sensitive data such as personally identifiable information (PII), and its use in producing, delivering, or maintaining products|
|Reliance on existing infrastructure||Lack of strategy, product, or delivery channels due to current and potential expansion of the conflict zone||Inability for organizations to produce, transport, or receive critical material inputs|
|Supply chain disruption||Cyber, physical, availability of materials, and organizations effected through the war zone and/or its ancillary effects||Ability to scale; and the availability of critical inputs (e.g., commodities, materials) to produce products in an efficient and cost-effective manner|
To combat these threats, organizations should take a holistic approach to integrating their enterprise resiliency and business continuity activities. Considerations include:
- Governance. Ensure that there is clear accountability for management if a risk occurs and that there is an appropriate understanding of the potential threat and its implications on the business, operations, and all stakeholders. Review and amend risk appetite and tolerance levels to align to the changing risk profile. Develop and implement appropriate metrics to evaluate risk and the need for, or ongoing, action. Ensure that business continuity plans are current and reflect the potential likelihood and severity of a risk. Plans should be tested with greater frequency.
- Organizational Implications. Understand the value chain and where risk events may impact any part of the end-to-end creation and delivery of products and services. Know what parts of the organization are involved, what their role needs to be and how to plan for contingencies. Codify the organizational impact of a risk event, not just its potential effects on one area.
- Integrate. Know the touch points of critical business and product assets including dependencies and relationships (such as systems, data, third parties, processes, people, and key inputs). Bring the strategy and philosophy of resilience into strategic planning, budgeting, product development, and M&As/divestitures.
- Measure. Develop metrics and measures to understand critical service delivery inputs and outputs. Create quantitative and qualitative measures to comprehend how your risk profile may be changing, the triggers necessary to act, and the reporting process necessary to inform key stakeholders. Develop tolerances for specifically created scenarios.