Health Risks Deserve a Harder Look by Risk Managers

The first couple of months of the year are when the annual risk management surveys attempt to lay out a top 10 set of business risks based on analysis and surveys of global risk managers – those people who should know best what should be keeping CEOs awake at night.

What is striking is that neither pandemics nor health risks associated with epidemics make the lists. As I write this on 3rd February there are more than 17,300 coronavirus cases and more than 360 deaths. And the numbers only look set to rise.

This means that in Q4 2019 when many of the surveys took place and the crystal-ball gazing occurred, health risks were not seen as a leading business risk factor by risk managers.

Yet, shouldn’t they have been?

There’s been much comparison of the coronavirus in recent days to SARS (Severe Acute Respiratory Syndrome) and the events of 17 years ago – events I know well as my twin daughters were born in a Singapore hospital in the middle of SARS. But since SARS the world has experienced H1N1 swine flu in 2009-2010, MERS (Middle East Respiratory Syndrome) coronavirus which has been recurring since 2012, and sporadic human infections from bird flu. Topping all of these in mortality rates is the ordinary flu which killed 34,000 people in the US alone in 2018-2019, according to the Centers for Disease Control and Prevention.

If seasonal flu combined with occasional pandemics has encouraged risk managers to shrug and relegate health risks from a top 10 business risk, then the past few weeks will have been a sharp wake-up call.

As a Bloomberg article recently reminded us, SARS killed nearly 800 people and knocked 2% off China’s GDP, but at that time China’s GDP was 4% of the global total, compared to 17% today. The knock-on impact of coronavirus today is being felt globally.

Multinational companies from Apple to Renault are shutting stores in China, reducing manufacturing or, where possible, shifting supply chains. Airlines are suspending flights to and from China. Several governments have banned entry to Chinese passport holders. People who have travelled to China are on 14-day quarantine orders. And in China more than 15 cities and some 50 million people have been effectively quarantined. Service companies and banks in Hong Kong are having staff work from home. And the global retail sector is bracing for the impact of fewer Chinese tourists.

Risk managers and the companies they work for need to be a lot more alert to thinking of risk as a series of interconnected events rather than one large fail. It is easier to mitigate the big failure such as a cyber attack than it is to plan for the grey swans such as pandemics. In setting their risk appetites, companies may find it easier to dismiss these grey swans as too costly or too unlikely to happen.

From the risk surveys it is striking that cyber threats are now at the top place in the Allianz Risk Barometer 2020 and feature prominently in the World Economic Forum Global Risks Report 2020 as a multi-stakeholder issue. In Kroll’s Global Fraud and Risk Report 2019-2020 cyber threats are seen as major issues in the upcoming years, and in Control Risks’ Risk Map 2020 as one of top five global risks for businesses in 2020.

Cyber threats probably deserved this level of attention from risk managers five years or more ago. But it is the current environment of large-scale continuing cyberattacks, and financial impacts combined with what Control Risks calls an ‘activist society passing judgment’ that has helped bring cyber threats into sharp relief.

With so many people impacted by the business decisions having to be made in the current coronavirus pandemic, this may well result in health risks being taken more seriously by risk managers.

It has also placed a strong burden on corporate communication functions to make messaging to stakeholders appropriate and with a tonality that is truly respectful of local situations.

This is the time when companies need to step up and demonstrate how much they care about the health and welfare of their employees over and above a bottom-line imperative. As with any crisis situation that is managed effectively, having a crisis plan in place and having annual crisis simulations is important. Then it is the actions companies take immediately, as much as the actions they take in terms of brand recovery when the immediate crisis has passed, that impact whether they will recover effectively from the crisis.

Global economies and individual companies are undoubtedly going to take a significant hit this year because of the coronavirus.

Assuming there is a bounce back once the coronavirus is under control, should risk managers just shrug this off as a one-off event or something too hard or costly to plan for in the future? I certainly hope not. Companies need to be planning for the worst and rehearsing those plans thoroughly whether the worst comes in the form of a cyber incident or a pandemic.