When the Covid-19 pandemic erupted in late 2019 and early 2020, few, if any, risk managers had prioritized widespread illnesses (i.e., a pandemic) as a cause for concern. Risk management has always been challenging. Risks can emerge anywhere in the supply chain and the potential causes of those risks are as myriad as sands on a beach. Trying to “manage” those risks can feel like a Sisyphean task. Risk managers don’t have the luxury of throwing up their hands in despair and ignoring challenges. They aren’t going away. As a result, risk managers are constantly looking for clues to what could cause the next supply chain disruption. Bruce Mehlman (@bpmehlman), founding partner of the consulting firm Mehlman Castagnetti Rosen & Thomas, asserts, “Uncertainty, volatility & disruption are the new normal.” That observation comes as no surprise to supply chain risk managers who have been living with the term “VUCA” for years. VUCA stands for Volatility, Uncertainty, Complexity, and Ambiguity.
Mehlman insists, “2022 will neither be the best of times nor worst of times.” By that, he means, “COVID won’t magically go away nor kill us all. The economy won’t return 1970’s stagflation nor the 1990’s boom. And U.S.-China tension neither ends in WWIII nor in Chimerica 2.0. Reality will prove more nuanced and complicated.” As a result, Mehlman suggests, “Leaders need to reassess approaches to risk analysis and preparation. [They must] understand macro trends driving technology, geopolitics & culture; adapt strategies to survive/benefit from accelerating change; [and] engage stakeholders proactively to maximize intelligence & alliances.” Below are some of the potential risks businesses could face this coming year.
Risk Management Trends
Long-haul COVID. As Mehlman observes, “COVID won’t magically go away.” Supply chains are going to suffer from long-haul COVID and risk managers must adapt to this new reality, including parts shortages, clogged ports, and labor woes.
Cybersecurity. Even as lingering COVID challenges plague the business landscape, cybersecurity remains near the top of most risk managers’ list of concerns. There are three primary concerns in this area: data breaches, malware, and ransomware. Data breaches that expose personal or proprietary data can affect both the bottom line and the reputation of a company. Data breaches are often the result of sloppy cybersecurity practices that allow malware to hack the system. If that were concern enough, ransomware is becoming a growing risk. The staff at BusinessTech notes, “Ransomware attacks grew dramatically, increasing 400% from the first quarter of 2018 to the fourth quarter of 2020, according to Aon’s 2021 Cyber Security Risk Report. The report suggests that business costs associated with ransomware attacks could reach $20 billion [in 2021].”
Business Interruption. Business interruptions come in myriad forms. Over the past few years we’ve seen volcanoes, floods, fires, blocked canals, crowded ports, lockdowns, lockouts, earthquakes, tornadoes, hurricanes, and droughts cause business disruptions. There are no indications things are going to change in this VUCA world. Over a decade ago, supply chain analyst Trevor Miles (@milesahead) wrote, “I almost feel that we should be shouting ‘Vuka’ which in Xhosa (one of the South African languages) means ‘wake up.’ Wake up to the new reality that VUCA is a new norm.”
Talent Management. The so-called “Great Resignation” is likely to continue in 2022, with organizations struggling to find sufficient workers to fill all their job openings. Retaining current employees and capturing tribal knowledge before it exits through the door should be organizational priorities.
Data Privacy. More state and national governments are passing data privacy laws that invoke significant penalties for data breaches during which consumer personal information is exposed. It’s imperative that organizations are aware of the latest changes in various laws and move quickly to ensure they conform to them.
Culture. The United States isn’t the only nation embroiled in a cultural war. Companies can be attacked from both the right and the left for stands they take, causes they promote, and politicians they support. The best advice organizations can follow is to tread carefully in mine-filled business landscape.
Economic and Political Volatility. Inflation is on the rise and setting records. In November 2021, prices rose 6.8% over the previous year. It was the largest inflation rate rise in nearly four decades. There are few signs that inflation will ease over the next few months. On the political front, tensions will rise during this mid-term election year. More restrictive voting regulations and new gerrymandered maps could accomplish the Republicans’ goal of structurally securing their grip on power. Needless to say, there will be extreme political volatility in the U.S. and elsewhere. Economics and politics continue to merge in a growing trend of protectionism and economic nationalism. Mehlman asks, “Is the global community still willing to speak out, impose sanctions, or actively intervene amidst the COVID, energy, and supply chain crises?” His concern is that authoritarian regimes are tightening their grip on both their citizens and the corporations operating within their borders.
Change in Regulatory Environment. According to Mehlman, bureaucracy is on the rise. He sees increased regulatory activity in the areas of climate change, cryptocurrency, antitrust activity, and data privacy. The BusinessTech staff adds, “The global regulatory landscape for businesses grows ever more challenging. With governments around the world looking to increase their authority in such areas as public health, financial markets, climate change, taxation and technology, regulatory complexity will likely grow.”
Mehlman suggests risk managers need to take three steps in order to meet emerging challenges head on: Understand, adapt, and engage. In order to understand what’s happening in the world and how events could affect your business, Mehlman recommends answering two basic questions: “How are you tracking tech, geopolitics, and cultural trends? How are broader changes impacting you, competitors, and your markets?” I would add a third question: How could current trends impact your future operations? This latter question requires a lot of “what if” thinking. Fortunately, today’s cognitive technologies, like the Enterra Global Insights and Decision Superiority System™, can help companies quickly perform what-if analysis.
Once you have a good process in place for understanding what’s going on in the world, Mehlman suggests your organization needs to figure out how it is going to adapt to changing circumstances. He asks two questions: “What are your digital, global, and Environmental, Social, and Governance (ESG) strategies? How do you assess political risk, plan for contingencies, and pressure-test your plans?” Many companies today are leveraging digital twin technologies to help them develop and test ESG strategies.
Once you have a good understanding of the world and have put in place strategies to adapt to the changing landscape, Mehlman believes your organization will be ready to engage with outside parties. Since he is primarily a political consultant, Mehlman asks three questions about outside engagement: “Do you hear from a broad range of sources or an echo chamber? Which stakeholders will have your back when you need allies? Are you at the table with policymakers (or on the menu)?” Most risk managers will find those questions “above their paygrade.” Nevertheless, they need to know what their organization, or related associations, are doing in the engagement arena.
For years, risk management seemed to be an afterthought in the C-suite. Those days are gone forever.
 Bruce P. Mehlman, “Living in Limbo,” Mehlman Castagnetti Rosen & Thomas, 8 December 2021.
 Staff, “Top 10 risks and headaches for businesses right now,” BusinessTech, 28 November 2021.
 Trevor Miles, “VUCA, a useful acronym for today’s supply chain,” Kinaxis Blog, 9 June 2011.