On 20-21 June, the Centre for Risk Studies hosted its annual Risk Summit, our flagship conference event bringing together experts from industry and academic to discuss risk from new perspectives. This year was a particularly special Summit, our tenth in as many years which also celebrated the tenth anniversary of the Centre’s founding in 2009. It was fitting, then, that the theme of this year’s summit was ‘The Next Decade in Risk’, discussed in six parallel sessions, each dedicated to the changing risk in a different threat category:
- Financial and Economic Risks
- Geopolitical and Security Risks
- Technology Risks
- Environmental and Natural Hazard Risks
- Societal and Sustainability Risks
- Governance and Regulatory Risks
There is plenty of cross-over between these categories; risks are never so homogeneous as to occur in a vacuum. Throughout the day, the discussion future of risk in each category invariably brought up similar themes time and again: the relationship between war and technology, the impact of a future financial crisis on politics and resource allocation, the unavoidable effect that the changing climate will have on risk as we understand it.
The effects of climate change were emphasised from several different angles: the impact on supply chains, geopolitical conflicts, mass migration movements, exacerbating natural disasters, and growing corporate financial disclosure requirements for climate-related risks. Similarly, the issues of increased digital connectivity were flagged as a growing risk factor. Increased digitisation will bring in stunning opportunities for new business models, products, services, and initiatives. The establishment of the 5G network will contribute to the growth of the Internet of Things to the great benefit of system efficiency. This hyper-connectivity will also create fragility in the overall digital ecosystem, and bring about a new risk landscape that is still difficult to anticipate. Homogeneity of systems and services (such as the domination of certain software, cloud service providers, etc.) will also amplify this effect. Downtime of cloud services alone can be extremely costly — the AWS outage on Prime Day 2018, for example, cost an estimated $1 million per minute of downtime.
Throughout the conference, there was constant reference to the dangers of catering for long-term risks in the short-term. Governments, so often a partner in effective risk management and assessment, are typically motivated to act in a way to create the most meaningful change in the passage of a political term, but some plans that seek to limit risk over the course of a decade can prepare the ground for new, underestimated risks in fifty years time. This adds to the tension between risk entities in which major steps in management and resilience all too often come about after catastrophes have already occurred. We have already seen this process in the establishment of global terrorism funds following 9/11, the social effects of climate change that have already eroded coastlines and communities, and in the creation of initiatives and groups like the Centre itself ten years ago, when attentions worldwide shifted sharply to identifying ingrained risks in the wake of the Great Financial Crisis.
The next ten years of risk will test all the resilience measures put in place as a result of the last ten years experience and research. We enter the next decade with clearer warnings and better preparation than we approached the 2010s, and with a greater awareness of how sudden changes in the risk landscape can continue to take us all by surprise.