I was recently going through some folders and found a graph from 2018 that showed a prioritized list of risks and corresponding probabilities that U.S. based CEOs felt could negatively affect their businesses that year. To my shock and amazement, a Global Pandemic was placed at the same level of risk as a Cyber Security intrusion event. I must admit, I would have lost a great deal of money if someone bet me that is what CEOs thought two years ago. While the potential of a global pandemic had been discussed based on previous global breakouts with Bird Flu, Ebola and the like, it would not have seemed likely that anyone would put it at the same level of probability as a cyber security threat. Yet here we are in 2020.
During the 2014 Ebola scare, I served on a hospital board and I remember the discussions about the time, effort, and money that was spent preparing many facilities for what turned out to be a non-event. The nationwide result: two died – a Liberian visiting the United States and a doctor who had treated Ebola patients in Sierra Leone. Two American nurses contracted the disease while treating the Liberian patient, but both recovered. In other words, only two people have ever been infected with Ebola while on American soil and neither died. Yet millions of dollars were spent, and protocols were implemented which were not needed at the time but should have proven useful in 2020.
There is a stark lesson here about pondering your response to risks that seem remote at the time but may have a larger near-term impact than expected. How can you address these situations in a meaningful manner?
Planning and Preparedness
During the height of the cold war, companies and individuals-built bomb shelters stocked their facilities with canned goods including canned water. At the time, the probability of a nuclear attack received heightened awareness among everyone including school age children who became proficient at “duck and cover” under their desks. While thankfully none of these efforts proved necessary, they at least make the point about being prepared. At your company, how are you prepared for your highest risk category. It might be LEADERSHIP TALENT. Are you giving those individuals the attention that they deserve? Increasing opportunities to develop in new areas, independent activities to increase self-awareness, advanced training and individual coaching are all ways to mitigate the risk of key people leaving the organization
Governments and the military have been doing tabletop exercises or “war games” for decades as a means of both testing their knowledge and systems but also the people in decision making positions. They are looking for those who would discount any possibility as “unlikely”, and how they would react in a similar situation. This is “coaching without consequences” in a risk-free environment. No one will die and money will not be lost based on the outcomes, but valuable information can be gathered about your people, processes and procedures that will prove invaluable if you have little time to react to a challenging situation. Have you tested your supply chain or distribution systems against disruption or stress? Have you used an independent contractor to try “intrusion testing” on your IT systems?
Now is the time to discuss with your leadership team and board how you have handled the COVID-19 pandemic, and what might be your next highest probability risk to be addressed. Getting ahead of risk issues is a significant responsibility that will be easier to confront, and address with some forethought.