Here are the note of a talk I gave recently on the risks facing businesses in the 21st Century.
It often seems that most managers either ignore certain risks or fail to take them as seriously as would be advisable, for three quite understandable reasons.
· Awareness. Most people manage most effectively the risks they are most aware of. These usually relate to things which happen fairly often or which are drawn to their attention by the insurance industry, the media or by the relevant regulator. These factors are generally not related to the likely seriousness of the event in question, and not always to its probability either. So minor thefts and vandalism tend to be overrated.
· Probability. Most people greatly underestimate the probability of relatively unlikely events. I was surprised to learn how many people are actually struck by lightning each year and have recently met someone who has been struck twice!
· Severity. Most people underestimate the potential severity of their most serious risks. Thus, loss of data and loss of reputation are very often underestimated, resulting in inadequate control measures being in place.
So do not be surprised if you are one of the majority, but have a look at this list and ask yourself how each risk might apply to your business and whether you are putting your efforts into controlling the most or least important ones.
There are at least 12 major categories of risk and I will be writing about them in the near future.