Organisations are operating in an era of exponential risk, when threats are often interconnected, and individual events can cause cascading problems.

A cyberattack on one company may have devastating effects on many others. A natural disaster in one corner of the globe may affect supply chains and economies worldwide. These examples of interconnected risks can be difficult to spot in the early stages.

Geopolitics, globalisation, digitization, regulatory developments and other trends are increasingly colliding to create larger challenges both locally and internationally.

The Russia/Ukraine war illustrates how these threats can grow and multiply:

1. Energy security risk with shrinking market access to Russian hydrocarbons
2. Commodity price increases — especially food due to reduction of Ukrainian grain
3. Refugee outflows from Ukraine into Europe
4. Credit risk for multinationals with high direct exposure to Russian market
5. Production and manufacturing hit by energy price shocks
6. Compliance risk in response to state sanctions
7. Geopolitical reconfiguration
8. Inflation risk, and corresponding political risk

The good news for organisations is that we have never been better placed to identify, understand, and mitigate risks. The right processes and technologies may also reveal competitive advantages and opportunities as risks evolve and change.

This new frontier in risk management requires the combination of large and varied datasets to make advances. It involves integrating various data sources that may include financial data, ownership data, and social media data. These datasets can then be analysed using advanced predictive analytics to identify patterns and predict outcomes.

In this way, organisations can better assess the potential impact of various risks, identify vulnerabilities, and proactively take steps to counteract them. This approach to risk management can create a significant competitive advantage compared with companies that are less prepared.

Historically, organisations studied and managed risks in silos that were defined by the risk area in question or the expertise it required. The supply chain team managed risks within the supply chain, the office of the chief information officer (CIO) managed cyber risk, and so on. As new risks emerged, companies might have assessed the data and pored over the analysis to understand the threats, then added in-house expertise to manage them. But the approach to dealing with each risk remained siloed, excluding other teams and departments that may also have benefitted from understanding the risk.

Increasingly, as company leaders see the potential for, and impacts of exponential risk, they are choosing to break down internal silos. Cross-risk threat analysis and mitigation are becoming best practices. They are adopting a unified approach to risk management to help deal with potential combinations of risks, rather than individual threats.

The complexity of exponential risk requires an unprecedented level of intelligence and insight. Effective, integrated risk analysis is now possible thanks to massive third-party datasets built around complex relationships and supply chains, powerful analytical tools and deep insights, often drawn from real-life examples.

Such systems help organisations model how risks may interact and compound over time — and how they may affect financial performance.

To meet the challenge, it is important to assess which established and emerging risks may be most financially relevant to an organisation, and how those risks may change over time. To reach the right conclusions, organisations need to ask themselves the right questions about their tools and processes.

• The value chain: How can organisations know who they are working with—directly or indirectly—when developing and delivering their products and services? Can they map their entire supply and value chains out to the furthest tiers? What are the risk profiles of other organisations they are serving or partnering with? Can they map their entire customer base?

• Data: What data reporting systems do organisations have to help them make integrated risk assessments and evaluate long-term plans? Do they have trusted and verifiable data sources on their risk exposure? Do they have an effective system to combine multiple risk data inputs, and to interpret the potential upsides and downsides?

• Dashboards: What is their early warning system for new outside threats that could create “contagion” effects, including public health risk, armed conflict, and social unrest? What mechanisms do they have to flag and escalate potential flashpoints?

• Decision-making: Are they learning from experience and making real-time decisions based on reliable data? What processes do they have in place to model and predict potential risks and opportunities with a strong degree of accuracy?

Early warning signs of changes in exponential risk may include a sudden increase in the number of individual threats identified and mitigated; ongoing market or industry expansion; a surge in online activity; or new developments in mergers and acquisitions.

The risk environment is constantly evolving, and the speed of change is rapid. It is therefore essential to build more agile and resilient organizations, economies, and communities capable of anticipating and withstanding interconnected risks.

Smart leaders at growing organizations are now taking a unified approach to risk management with the data estate, intelligence, and analytical tools needed to meet this challenge – and potentially gain a competitive edge.