Risk news

Many companies are lagging behind with their risk management strategies, failing to meet the increasing threats thrown up by major events like terrorist attacks, tsunamis and major oil spills, according to a paper by PricewaterhouseCoopers (PwC).

The firm said such major impact, 'black swan' events mean businesses need to adapt and innovate their practices if they are to combat them effectively.

"The risk landscape is changing, and established risk management approaches need to be updated to keep pace," said Richard Sykes, PwC governance, risk and compliance leader.

PwC's report, Black swans turn grey: the transformation of risk, said the use of enterprise risk management (ERM) – the practice it claimed is mostly used by many major corporations – can lead to a  box-ticking, process-led approach to managing and understanding risk.

It said the impact of ERM could mean front-line staff see risk as 'separate' from their own business decisions.

"Large organisations now have blind spots from which high-impact risks can emerge to damage or even destroy their business," PwC said.

But "properly embedded", comprehensive risk management helps make companies distinctive, more appealing to prospective clients and gives competitive edge, it claimed.

"Many organisations currently have the wrong focus," Mr Sykes said.

"They major on financial and operational risks and crucially regard risk and strategy as separate, rather than seeing risk-taking as a key source of value creation. But the world where risk events could be predicted – and their impacts controlled – is fast disappearing."

"By their nature, black swan events should only occur at unpredictable intervals. Yet recent experience suggests events that fit this definition are happening more frequently. Rather than being infrequent outlier events, it seems they are now part of a faster-changing and more uncertain world, which makes it hard for businesses to understand where new risks are going to come from."

Last year, the Financial Services Authority ran a trial to test London's financial sector's response to a cyber attack.

It was part of an initiative to see how banks and other organisations would react if major technological disruption hit their defences during the London 2012 Olympics.