Business risks in 2013

March 2013 Security Services & Risk Management

The mere fact that you are reading this article implies that the last days predicted by modern-day Mayans and other apocalyptical prophesies have not arrived on schedule. “In fact, the risks we all face as we go into 2013 are much more complex, and thus much more difficult to counter,” says Michael Davies, CEO of ContinuitySA, Africa’s leading provider of business continuity services.

Michael Davies
Michael Davies

In what has become an annual exercise, Davies and members of his executive team met late in 2012 to review their predictions for the year and ponder what the coming year might hold for risk managers.

“What became very clear is it has become almost impossible to consider individual risks without taking the overall risk into consideration,” Davies observes. “Globalisation and the profound connectedness between individuals, companies and countries promoted by technology means that risk, too, must be seen broadly.”

Bearing this observation in mind, Davies and the ContinuitySA team have identified the following set of six interrelated risks for 2014.

1. Social malfunction grows

Across the world, it is increasingly clear that established certainties and beliefs about how the world is structured are becoming fluid. From the Arab Spring to Occupy Wall Street and protests against austerity in Greece and elsewhere, there is an overall loss of faith in society’s institutions and their ability to deliver a just world order.

In South Africa, persistent dissatisfaction with service delivery has exploded into widespread and violent protests against the very nature of the system. In that respect, the miners’ revolt in Marikana has been a watershed event, as it bypassed both the settlements negotiated by the miners’ own representatives and the normal processes of democracy. Democratic process, it seems, is either profoundly misunderstood or mistrusted.

This impatience with society’s existing institutions and processes appears to be spreading and there are worrying signs that even the middle class, on whose shoulders society’s prosperity and stability ultimately depend, are also losing faith in basic concepts. The extreme passions roused by the ongoing e-toll saga in Gauteng is an obvious example of this trend. For the middle classes, this type of feeling generally translates into a reluctance to pay tax, an action that can fatally undermine the state itself.

2. Global economic and financial volatility

It appears that the 2008 financial crisis is both more far-reaching and profound than first expected. Markets and economies seem unable to regain an even keel, and many commentators are seeing this volatility as “the new normal'. The flipside is an increasing regulatory burden as governments and other institutions attempt to rein in uncontrolled capitalism and protect investors.

For South African businesses, important associated risks are the volatility of commodity prices, greater competition internally and in export markets, and an unstable currency.

3. Environmental risk

If volatility is the new economic normal, then there is every indication that climatic volatility is also becoming a feature of life. For South Africa, climate fluctuations may be expected to increase the risk of water and even food shortages. Thus far, global and national environmental initiatives are gaining traction too slowly, and seem likely to add to the cost of doing business in the short term – giving rise to a classic case of how to balance short- and long-term risk.

4. Infrastructural risk

A common African business risk is inadequate and poorly maintained infrastructure. Water and power are the two obvious risks that threaten business, but the road and rail networks also present challenges. Government efforts to address these problems are affected by the principle of interconnectedness: opposition to e-tolling, one feels, is more influenced by wider dissatisfactions rather than the principle of 'user pays'.

Many South African businesses are taking extraordinary measures to mitigate infrastructural risks by assuming responsibility for all or some of the infrastructure needed for their projects. Property developers, for example, are often providing roads and sewerage, and factories some of their own energy – and think of corporate involvement in points people to ameliorate the effects of faulty traffic lights and schemes to fill in potholes.

5. Data risk

Data is becoming more important as a way for companies to assess risk and compete more effectively – this is the phenomenon of Big Data. It is probably true to say that most companies are still coming to terms with the concept and, more importantly, how to use data effectively. Nonetheless, data privacy regulations have already sprung up to protect personal data, creating a set of risks relating to data security. One is the growing menace of cybercrime. Another is the whole question of data sovereignty – as companies try to safeguard their data while reducing costs, they may opt for the security of cloud solutions. However, when those data centres are located and/or owned offshore, it becomes difficult to be sure of data security and accountability for lapses.

“Our approach is to use a hybrid public and private cloud model for our clients for just these reasons,” comments Davies. “This approach allows clients to retain tight control over sensitive data, as is increasingly mandated by law, and to take full advantage of the cost and flexibility of public services where appropriate.”

An associated risk is the peaking trend of IT consumerisation, so-called BYOD (bring your own device – the use of private mobile devices to access corporate data). BYOD offers both advantages and disadvantages: boards and their CIOs need to think carefully about how to protect their data against potential threats – and how to use the available technology wisely to obtain a competitive advantage.

6. Business continuity remains misunderstood

Risk management has definitely become integrated into the corporate agenda, and is maturing. This may be seen by the replacement of the existing BS25999 standard by ISO22301. The BS25999 standard set the standard for business continuity management, but the new ISO223301 standard is much more detailed in its requirements, and requires much more documentation of the processes followed. It also requires committed board-level leadership, thus effectively putting risk management into the spotlight.

However, in practical terms, the broader concept of business continuity management is becoming absorbed into the IT budget, with a concurrent diminishing of focus on operational matters. At the same time, budgets in general are under pressure.

“Ironically, then, the biggest overall risk has become corporate myopia about the true nature of risk – and this at a time when risk has become much more integrated into corporate strategy. Boards must resist seeing risk in terms of technology alone. Business continuity is a much more useful concept, one that takes into account the interconnectedness of risk today. When considering risk, business leaders need to take a broad view of organisational resilience before honing in on their particular company’s situation,” Davies concludes. “Risk is now systemic, and so the approach to risk must also be systemic and have operational relevance to the organisation.”

For more information contact ContinuitySA, +27 (0)11 554 8050, cindy.bodenstein@continuitysa.co.za, www.continuitysa.co.za



Credit(s)




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Stolen credentials on the Dark Web
October 2019 , Cyber Security, Security Services & Risk Management
Over 21 million credentials belonging to Fortune 500 companies, 16 million of which were compromised during the last 12 months, are up for sale.

Read more...
Stolen credentials on the Dark Web
October 2019 , Cyber Security, Security Services & Risk Management
Over 21 million credentials belonging to Fortune 500 companies, 16 million of which were compromised during the last 12 months, are up for sale.

Read more...
Vodacom and SAPS launch MySAPS mobile app
October 2019 , Security Services & Risk Management
Vodacom, in partnership with the South African Police Service, will empower citizens to contribute to their own safety as well as the safety of their communities through the newly launched MySAPS app.

Read more...
Enterprise security must change
October 2019 , Cyber Security, Security Services & Risk Management
The recent wave of cyberattacks against local banks has highlighted the importance of protecting data against malicious users.

Read more...
Drones improve risk management
October 2019 , Security Services & Risk Management
Indwe embraces drone technology to help improve risk management and optimise insurance.

Read more...
Body-worn cameras transforming security
October 2019 , CCTV, Surveillance & Remote Monitoring, Security Services & Risk Management
Police Service Northern Ireland now has over 7 000 officers using 2 500 cameras covering approximately 173 000 incidents each year.

Read more...
Protecting your customers’ data
October 2019 , Training & Education, Security Services & Risk Management
Simon Murrell, head of development and executive director at BrandQuantum says companies need to protect their customers from identity theft and data breaches.

Read more...
Edwards Public Address & Voice Alarm System
October 2019 , Security Services & Risk Management, Products
Carrier has added the Public Address & Voice Alarm (PAVA) range to its fire product offerings.

Read more...
ContinuitySA offers ISO 22301 Lead Implementer course
October 2019, ContinuitySA , Training & Education, Security Services & Risk Management
ContinuitySA is once again offer its five-day Certified ISO 22301 Lead Implementer course on 18-22 November 2019 at the company's Midrand facility.

Read more...
Preparing your data for PoPI
September 2019 , IT infrastructure, Security Services & Risk Management
When it comes to protecting any information, the way data is secured across the value chain needs to be addressed.

Read more...