Risk resilience-navigating the storm

"Risk is not a reason not to do something, it’s a reason to do something properly"

Burness Paull’s Disputes Group recently hosted a conference exploring the topic of risk resilience. Our expert panel of business leaders was joined by attendees from across a range of sectors to discuss developing resilience to business risk. Attendees identified a wide range of developing risks – cyber, financial, geopolitical, compliance, AI – that continue to grow and challenge organisational stability. With the range of potential risks so wide and fast changing, it is ever more important that organisations can build risk resilience. 

Risk means different things to different people; it must be viewed holistically and in context. Risk management can feel like a complex and rather opaque topic. So, we wanted to bring it to life with some real examples of how senior executives deal with this in their own organisations.  

Defining risk

Often, those who best understand the practical risk are not necessarily around the boardroom table. The identification of a risk should be relatable and understandable – cyber is often an example which can feel remote in practice. Once a potential exposure is identified, there is an exercise in visualising the risk for the board and identifying how to cascade it down.  

A first step as a business leader is to understand the full scope of the organisation’s activities and make sure all departments share in owning the risk identification process. Leaders are challenged with understanding the vulnerabilities each department is exposed to; knowing the business needs, and questioning the assumptions relied on. It is only through careful leadership that an organisation can achieve a comprehensive understanding of the risk landscape.

Importance of taking risks

Why do businesses need to take on more risks, rather than fewer? Risk brings opportunity. Businesses only incur risk by taking positive steps: risk and opportunity are two sides of the same coin. Organisations tend to focus on opportunity when doing financial forecasts, but it is equally important to plan for risk too. It is an integral part of the planning process – quantifying the risk associated with the opportunity. Sharing experiences, drawing on appropriate expertise, and having a developed risk register can all contribute to the assessment of a risk, and its opportunity. 

"Pessimists only get good surprises, but optimists get to enjoy them."
 

People and risk

Businesses grow by protecting and nurturing customers, and people. Businesses need customers, and customers interact with people: it is people who make the business. Often risk can come from people too, and their actions or inactions. 

One of the biggest areas of vulnerability is human error – whether that leads to an accident, falling for phishing from a fraudster, or failures to anticipate a vulnerability in the supply chain. 

A risk identified during the discussion was pressure on people, which can lead to risk – stress, wellbeing, and lack of succession planning. That’s why there is safety in numbers – teams working together catch and manage risks better. Listening to colleagues, and getting their perspectives brings opportunities. 

But in the end, it comes back to culture; building resilience from the bottom up, and not just top down, is the goal. Even the most obscure risk can be dealt with, with the right culture. A culture of risk resilience relies on staff engagement. Risk champions can be a tool to keep bringing policies to life. Risk pervades the entire business – it is a cultural issue.

Reflecting in this theme: investment in people, retention strategies, and attraction of talent can be a strong defence to risk. 

Reacting to an incident

During the conference, attendees shared their experiences of handling the aftermath of an adverse event. 

A common theme was to take time to evaluate the problem before rushing in – don’t go just with instinct. Begin with information gathering and involve professional advisors straightaway. Having the right advisors on hand begins before an incident. The goal should be to have a relationship with advisors and insurers that is not just transactional – the better an advisor understands the business, the better placed they are to help.  

This is reflected in the insurance market; insurers increasingly want to be bonded with the business – to properly understand the opportunities and risks. 

Confidence helps organisations pivot quickly when things are going wrong; and that is when a culture of risk resilience really pays dividends. A strong people-orientated culture is central to this.  

After an event, it is important to reflect and think about lessons learned – both from near misses and not just what went wrong. Building that culture means engaging colleagues at all levels, with open lines of communication and an environment which invites honest dialogue as to risks, errors and accidents. It can be too easy to move on quickly and forget, which risks losing all the important learnings that go to creating a more resilient business for the future.
 

 
Achieving longer term risk resilience

Being perennially focussed on fire fighting immediate problems forces businesses to focus on short-term actions. 

But belief in the business and seeking to achieve longer-term resilience means identifying the opportunities that will sustain the business over the long term and mapping out the associated risks of those growth opportunities. Leaders need to address the ability of their organisation to withstand and adapt to the challenges posed by uncertainties and disruptions. This moves beyond traditional risk management, which focuses primarily on risk identification and avoidance or mitigation. Risk resilience is about building capacity to navigate through risks (including those that cannot be foreseen) effectively. This requires a mindset that views risk as an integral part of business operations, rather than an obstacle to success. A resilient business will strive to be equipped to deal with the consequence of an unforeseen adverse event, as well as minimising the potential causes.

The biggest risks are always those that we don’t foresee. For a resilient business the definition of risk might be: “the dangers that are left once we think we have thought of everything”. Resilience comes from challenging yourself to step back, reflect on the path and look at the bigger picture. 

 
"A ship is safe in harbour. But that’s not what a ship is built for."
 

As the risk landscape develops, we are here to offer our clients early insight and support.

At our risk conferences over the last two years, we have discussed what the role of lawyers is in risk. Lawyers often have the unique role of seeing risk from multiple angles and sectors, becoming data rich in what they have seen go wrong before and how risks and outcomes could be avoided or minimised. 

Risk is inbuilt to the advice we give at all stages, across all areas of expertise. Collectively across Burness Paull, whether it’s a transaction, a dispute, or regulatory support, we work to mitigate or resolve risk for our clients every day. Increasingly, we are providing input to clients at an earlier stage in order to help identify and manage future or unfolding risks. Early identification, analysis and intervention, and the development of a resilience strategy, are key parts of allowing a business to navigate the storm and to seize the opportunities that come with risk. 

We work with clients at all levels in an organisation to understand their business culture, and how risk and opportunity presents for them. 

As well as the direct advice and support we give on this topic, we share updates and information on a daily basis to our clients and contact database on present and emerging risks.  

We will be hosting another conference in the Spring covering a range of specific topics to make your organisation more risk resilient. Sign up here to ensure you hear about further conference dates as soon as they are announced.

Our market-leading Disputes Group brings together experts in contentious matters from the firm’s commercial litigation, health and safety, corporate crime, employment and immigration, construction and projects, public law & regulatory, planning and environment, and family law teams.

Related News, Insights & Events