So there's "pandemic" - what other risks to my business?
December 17, 2020 8:34 AM   Subscribe

I run a medium-size business. We are familiar with risk management and risk mitigation planning but in our 'future scenarios' we didn’t seriously consider something like a global pandemic lasting 12-months. We could’ve done a few things to mitigate the impacts if we thought about it properly. What other hugely impactful systemic risks have we not thought about? War - check; asteroid impact - check; alien invasion - check, ... And some deep-thinkers, or even governments, must have already thought of all the good ones - where are those listed?
posted by Xhris to Work & Money (12 answers total) 8 users marked this as a favorite
Trade war? Cutting off import/export of product required for production
posted by raccoon409 at 8:37 AM on December 17, 2020 [2 favorites]

The UK's National Risk Register is here.
posted by damsel with a dulcimer at 8:43 AM on December 17, 2020

Water shortages, potable or otherwise.
posted by mhoye at 8:54 AM on December 17, 2020 [2 favorites]

Planning for far-out scenarios has a cost. Planning for a huge number of scenarios that are unlikely to happen may have a net negative benefit. A business that plans for every eventuality will generally have excessive costs, and hence, will lose out in the market to another business that is willing to take (educated) risks. For instance, I, as a person, do not have asteroid insurance.

That said... I can think of the following areas I've seen plans for at companies I've worked for:
  • Government seizure of equipment. Say a server is seized for evidence in case xyz - how does the company make sure the server is replaced without impact to service, and how does the company make sure that all unrelated data on the server is inaccessible by the government?
  • Key supplier nationalization. What happens if a manufacturer that supplies both government and industry is nationalized? This is different than the supplier going under. In the case of the supplier going under, there's a market gap for both the government and the industry. In the case of nationalization, the market gap is only for industry, which may be insufficient for a replacement company to exist.
  • Plane collision with key personnel. I've seen people have to stay an extra day or two at a far away destination so that groups of people can be ferried to a business meeting over multiple plane flights.
  • Government infiltration of company security personnel. If a company is sufficiently large and has sufficiently important work, the assumption is generally that at least one employee is a government agent. Such a company does not need to be "hacked" to get information. What is the company's exposure to internal employees?
  • Keyloggers. Why bother "hacking" a company or working to install a spy in a company when you can just covertly attach a USB keylogger to a keyboard when you're on an innocuous tour of the company? What is the company's exposure if an adversary has access to every keystroke an employe makes?
  • Fiber connection breakage. Many companies plan for data centers to lose power or be inoperable. Fewer companies plan for the eventuality of a construction team digging in the wrong area and severing a fiber bundle that carries terabits/second of information to/from the data center. Data centers are massive, but the amount of fiber going into/out of them can be surprisingly small, and routed through surprisingly weird parts of the country.

posted by saeculorum at 8:55 AM on December 17, 2020 [5 favorites]

From mhoye's comment in the Cory Doctorow email vacation thread:
I've been unsuccessfully campaigning for an HR Chaos Monkey at my job for years. Surprise, your chief engineer now has two weeks of involuntary time off. No email, no LDAP, nothing. They're Capital-G Gone, just like they might have been if they'd been hit by a car, poached by a competitor or just quit. If your project is not robust in the face of that kind of failure, then your project is exposed to a risk you haven't planned for, and that's a failure of management.
posted by heatherlogan at 9:10 AM on December 17, 2020 [6 favorites]

I once wrote elsewhere about the Resilience in a Box program, a collaborative partnership between The UPS Foundation, the U.S. Chamber of Commerce Foundation, the World Economic Forum, and the Disaster Resistant Business Toolkit Workgroup. I won't pretend to have used the program nor to be a fan of the Chamber of Commerce. But it might be worth checking out. It is a program for small (and maybe medium) businesses that is free, includes additional resources for disaster preparedness, and is supposedly available (in addition to English) in Spanish, Arabic, French, and Turkish. Good luck!
posted by Bella Donna at 10:04 AM on December 17, 2020 [1 favorite]

The most common risk to any business is a severe recession which reduces your supply of work, customers and revenue. You need to have resources to survive a downturn, either savings or loans, and a plan to reduce operating costs.
posted by JackFlash at 10:08 AM on December 17, 2020 [3 favorites]

I know that cities have to do 50 year plans that include environmental impact; definitely think about what happens in the year of 100 superstorms, the year of drought, coastline changes as sea levels rise, wildfires.
posted by gideonfrog at 10:49 AM on December 17, 2020 [1 favorite]

One tricky thing about modern supply chains is how long/deep they can be, to the point where you may not be able to even identify which countries or regions of the world your supply chain depends on. We had one instance where there was some disaster that could have affected our suppliers. We checked with each of our suppliers and they all said they were ok and weren't affected by the disaster. Then, we followed up and asked them to check with their suppliers to see if they were also ok, and they all confirmed that they were also all good. However, a few months later, we started noticing weird gaps in our suppliers' inventory. When we asked about it, it turns out that these items all depended on some tiny little part that was being produced by some company two or three links upstream of our suppliers that had to stop production because of the disaster.
posted by mhum at 11:02 AM on December 17, 2020 [1 favorite]

A digital version of 9-11 is, unfortunately, likely.

A large scale cyber-attack on a country's internet infrastructure is likely to bring a modern country to its knees for a couple of days at least.

On a more macro-level, you or one of your employees could open up an email attachment or link tomorrow and subject your company to a ransomware attack.

(A ransomware attack has the ability to cripple all your office or factory floor computers in under 60-seconds)
posted by jacobean at 1:46 PM on December 17, 2020 [1 favorite]

This interview with the author of The Black Swan might be a good thing to read for more insight on this, rather than merely having a list.
posted by yohko at 2:39 PM on December 17, 2020

Exchange rate risk. Are your earnings in the same currency as your debts? This is what brought down Laker Airlines.
posted by SemiSalt at 3:27 PM on December 17, 2020 [2 favorites]

« Older help me fantasize/plan my tea & cake business   |   looking for an old clips from COPS Newer »

You are not logged in, either login or create an account to post comments