Governance, Risk & Compliance: GRC
4 Risk Areas to Watch in the Final Months of 2020
What you need to know to keep your business safe from cybersecurity threats, social and political unrest, and a global spike in Coronavirus cases.
2020 has been a lesson in risk. Who among us was familiar in early February with the nuances of business-interruption insurance coverage, employee health attestations or perpetual business continuity planning? As we approach the end of this disruptive year, expect weeks (if not longer) of heightened risk.
Economic instability and the coronavirus pandemic have rattled global markets for months and as we close out 2020, investors are bracing for more volatility on the eve of the U.S. presidential election based on historic precedent. The U.S. stock market already saw its biggest one-day drop in a month as coronavirus cases surged to a record seven-day total. The increasing Autumn wave of coronavirus cases across the Northern Hemisphere is certain to impact business as some countries, including Italy, Germany and France, and the UK return to lockdowns.
At the same time, business leaders are recognizing that their operations are being disrupted by social unrest and an increase in cyberattacks. Phishing schemes and ransomware attacks impact highly stressed, distributed employees and threaten voting systems, business and hospital systems. The long-term effects of climate change and the intensity and frequency of storms, fires and floods and how they impact infrastructure has not gone away.
This confluence of events could undoubtedly shape the global business landscape for the foreseeable future. SAI Global has identified four risk areas all business leaders should be watching in the coming weeks and months. Here they are, along with ways to mitigate your company’s exposure to them.
The pandemic fast-tracked digital transformation at many companies, ushering in a one-two punch of new risks – and adding layers of complexity such as a remote workforce. This confluence of events has opened the door for cybercriminals to take advantage of instability and misinformation resulting in cybersecurity attacks, from VPN attacks to phishing to ransomware where threat actors pose as business leaders to break through the defenses of a remote worker. Last year’s phishing emails from a “rich uncle in Nigeria” have turned into fraudulent WhatsApp requests by a CEO purportedly looking to authorize a money transfer. Why wouldn’t you respond to the request of your company leader to react quickly?
This basic question of who can you trust in an era of stolen or faked digital identities has far-reaching implications: State governments are fending off cyberattacks on electoral systems, and both hospital systems and corporations are making serious investments to defend against ransomware and phishing attacks that come amid a global spike in Coronavirus cases.
Global spending on digital transformation projects is forecast to grow 10.4% this year despite challenges presented by the pandemic. What does this mean for companies that increasingly rely on technology-centric operations?
As digital transformations accelerate and emerging technologies proliferate, companies must address rapidly evolving cybersecurity threats. A comprehensive and real-time approach to identifying and assessing all risks, including those posed by third parties, is crucial.
Threat actors use timely and topical items in the news to get attention and pose as authentic brands and people to accomplish their goals. Their victims are distracted by a media barrage of both true and false communications, and if that information is coming from a known, trusted source they are more likely to be believed.
Prepare your staff for a wave of phishing emails and malware attacks related to the election, its outcome or how it impacts your organization.
Not only is two-factor authentication important for access to password-protected systems, but businesses are now asking employees to find additional ways to verify the identity of their professional contacts when hearing from them on unexpected channels, in a time where personal and professional lives are increasingly interwoven across multiple social media and communication platforms and devices.
The effectiveness of ransomware defense is also rapidly changing. What’s your strategy? Would you pay to regain access? Refuse to pay? Hire a third party to negotiate? Hire a third-party to try to defuse the situation? How do you even make those choices? These should all be discussed before an attack happens. Once you’ve been hit, the clock already is ticking.
Civil unrest risks
Global financial systems prepared for the possibility that the U.S. election won’t be called on election night, setting the stage for weeks or even months of volatility in the markets. But there’s a chance of disruption in the streets as well, as a reaction to political instability, social issues and pandemic response reaches a fever pitch. Major European cities saw a new wave of protests and arrests in reaction to a new round of public health restrictions.
In the U.S., a surge in postal voting, legal battles and continuing social justice protests could result in an extended period of unrest, leading to more business disruption. The race between former president George W. Bush and Al Gore in 2000 sparked 47 lawsuits and 36 days of chaos over a ballot recount in Florida before the final results were certified.
Is your real estate near a government building or city center? If they’re working remotely, do your employees live near these locations? They all could be targets for protesters. Are you prepared if essential employees can’t get into the office for an extended period of time? Are you able to transition to remote work for those groups as needed and continue operations? What if remote employees can’t access systems or perform tasks? Business disruption could come from protests and marches – or simply concern and distracted attention.
If your business is physically close to such areas, give your company the peace of mind that comes with planning contingencies for worst-case scenarios. If your business is operating with a largely remote workforce, consider the mental and emotional effects of significant political or societal change on your employees.
Public health risks
Rhetoric and response to the global handling of the Coronavirus pandemic have escalated in recent weeks alongside the number of cases. And while the magnitude and duration of the disease’s next wave aren’t yet clear, government responses to the recent spike will almost certainly affect the business landscape.
According to the World Health Organization, countries globally reported more than 2 million new cases of Covid-19 in a seven-day period ending Oct. 25, with Europe accounting for 1.3 million cases, 46% of the total number worldwide. In the U.S., numbers are raising alarms with the country reporting more than 100,000 new cases per day in mid-November. It’s incumbent upon all companies to prepare for the likelihood that the pandemic will escalate and impact employees, business operations and supply chains again before it ebbs.
By early October, nearly 1,300 business-interruption lawsuits against insurers had been filed in the U.S. since the pandemic began, according to the Covid Coverage Litigation Tracker. The tracker, created by a University of Pennsylvania law professor to parse data on insurance-coverage cases related to the Covid-19 pandemic, found nearly 75% of cases have resulted in dismissals of the policyholder’s claims.
The typical major hurricane leads to 100 or fewer business-interruption cases being filed within the first year thereafter. Even Superstorm Sandy, in 2012, yielded about 150 such filings. According to the National Law Review, based on the amount of litigation Covid-19 is creating “it is the equivalent of a major hurricane making landfall every month.”
How prepared is your company?
How are you mitigating the risk to your employees and supply chains if a local, state or federal government clears the path for a return to normal despite epidemiologic data calling for tighter restrictions? What if officials order an increase in restrictions, stepping back to a shut-down except for essential work? Is your business prepared for a second lockdown? Are your vendors and partners?
Cash-strapped companies are facing a perfect storm of market instability and pandemic unknowns. This will put increased pressure on companies to manage cash-on-hand effectively. It’s imperative in this environment, where we can be certain that a liquidity risk event is going to happen, that the highest levels of management take an active role in assessing their company’s cash and liquidity position and develop contingency plans for funding.
Unlike the economic crisis of 2008, access to credit doesn’t yet seem to be as big a problem during the pandemic.
But where is your cash flow trending this quarter? What about next quarter? Find steps you can take to improve cash flow if needed. Renegotiate your accounts payable. Consider delaying executive bonuses. Get creative.
Awareness and preparedness are keys to being risk ready
Surviving and thriving in this uncertain environment requires a flexible and adaptive risk management plan. Unexpected challenges are part of business. If 2020 has taught us anything, it is to prepare for every scenario. Adaptable companies are better able to manage change as they’ve done the work to assess risks holistically across their organizations and thoughtfully plan mitigation strategies. You know what to expect for the next several months. How are you planning to adapt and prepare? Your adaptability is key to your company’s resiliency.
Visit our pandemic information center, which includes reading materials, podcasts, videos and best-practice guidance around managing business continuity, compliance, workforce safety and health, and risk management amid the coronavirus pandemic.
Learn more about our Business Continuity Management solutions.
Or, contact us to see how SAI Global has helped organizations like yours.