Noted international economist Klaus Schwab said, “One new reality is global interconnectivity. The most crucial factor in accepting the new reality and confronting its opportunities and risks is our willingness to develop shared norms on all levels.”
So when President Jack Zahran considered how to continue the development of the Pinkerton Risk Index, a global Index that measures holistic business risk, which Pinkerton first launched in 2016, interconnectivity was high on his mind. “There has been a huge convergence and interdependence of how businesses interact regionally, nationally and locally. Seemingly, everything impacts everything else. So we knew the Risk Index had to be a dynamic, ever-changing resource that took this new reality into consideration.”
Zahran and Chief Intelligence Officer Brian McNary explain how the interconnectivity of risk has impacted global business operations and security.
There are numerous examples from the recent past of how interconnectivity affects elements of international business; perhaps one of the largest was the collapse of U.S. financial services firm Lehman Brothers in 2008.
The company, founded in 1850, at its peak had holdings of more than $60 billion and had risen to become the fourth largest investment bank in the United States. However, capitalizing on the housing boom, the firm had become over-leveraged in mortgage origination and, as a result of the subprime mortgage crisis, the company suffered unprecedented losses. The company filed for Chapter 11 bankruptcy on September 15, 2008, the largest bankruptcy filing in U.S. history, causing a 500-point drop in the Dow Jones Industrial Average.
“When Lehman filed for bankruptcy, the ripple effects were felt far and wide,” says Zahran. “The home mortgage industry, commercial loans, money market funds, the stock market, so much was affected by this one action. It really demonstrated how connected everything is today.”
Further, international markets were impacted, placing an even sharper focus on the interconnectivity of the global economy. Japanese banks and insurers were hit with nearly $2.5 billion in losses flowing directly from the the Lehman bankruptcy. The Bank of Scotland was exposed to more than $1 billion in claims against Lehman. More than 43,000 individual investors in Hong Kong lost massive amounts of personal wealth, when “mini-bonds” backed by Lehman became nearly worthless . The event is widely considered ground zero for the global financial crisis of 2008-09.
Understanding that global events can affect your business in large and small ways is critical to creating a risk mitigation plan. “You can’t manage risk effectively if you don’t respect interconnectivity” stated Zahran.
Instability Can’t Be Insured Against
What the Lehman example highlights is that seemingly unconnected local events can create widespread global instability and uncertainty. “A company can obtain insurance against natural disasters” say Zarhan, “but not against the impacts of market or industry instability. This non-insurable risk area is what the Risk Index addresses. In that type of atmosphere, the threat of financial impacts, and eventual losses, can occur if you are not prepared to mitigate the risks.”
A company with operations on the Gulf Coast of the United States, for example, is likely to have coverage that includes losses incurred when facilities are hit by a hurricane or other major storms. However, a company based in China that relies on those companies for mission-critical parts may not have considered their own needs to be protected from these storm impacts. Another company may invest mission critical operations in facilities located in a politically volatile area of the world. Should a conflict or war break out that shuts down the operations, there needs to be a plan in place to ensure business continuity. If you have haven’t calculated these risks effectively, and proactively, it could have a widespread impact on your company.
Risk Measurement Must Include Probability and Impact
McNary says that there has always been an inherent problem with how companies look at risk. “They tend to look at what’s happening now and in the very recent past,” he explains. “Companies would react to every fluctuation as if it was going to be the new norm. The reality is that a longer-term view could provide insight into what kind of impact the fluctuations would really have.”
Determining the probability of threats leading to business impacts is at the center of why Pinkerton uses different formula for calculating risk than the traditional one. The old model was:
Threat x Vulnerability x Consequence = Risk
But in Pinkerton’s latest white paper, “Building a Superior Model for Calculating Risk,” we introduce a more effective formula:
Threat x Probability x Business Impact = Risk
In the new formula, Vulnerability is now included in Threat since being vulnerable is a threat. The Probability of something occurring related to the threat is given a lot of weight. In our example above, a company that has operations in areas often hit by hurricanes would give this natural disaster threat a high rate of probability. And the last element, business impact, is where McNary’s insight about historical perspective comes into play.
“While a company may have a high probability that a natural disaster will impact the business, if they analyze data from the past 20 years they may see that past occurrences didn’t result in stifling losses, just temporary disruptions. This information will then help them create a mitigation investment plan that is in line with the potential bottom-line impact.”
Using the Risk Index
While the Risk Index’s online, interactive map gives companies a global overview of risks, as defined above, the real benefit comes when creating a risk profile. “Our company has transformed how it looks at security by creating a holistic approach that has been adopted by the industry,” say Zahran. “The Risk Index allows us to provide even more analysis using a multi-level approach that goes deeper into risk categories.”
“Many factors go into creating a company’s risk profile,” says McNary. “The Risk Index looks at 60 sub-nodes in which threats could exist and examines them based on historic business impacts.”
Working with a client recently, McNary and his team used Risk Index 2017 to determine where the company should invest its security resources if a potential acquisition was to occur. “The company they were acquiring had multiple operations throughout the world. Each one had to be examined using the Risk Index, which pulls information from a variety of sources, including our own boots-on-the-ground intelligence. The key was determining how any risks would impact the company, its brand and its overall fiscal health.”
In another example, Pinkerton used the Risk Index to help a company standardize how it expressed risks throughout its global operation. “The company had disparate business units that, from a security standpoint, weren’t communicating risks consistently. The Index gave them a structure through which it could collect, analyze and report risk data, giving the C-Suite a full perspective on its exposure internationally. Armed with this information, it could plan security risk management budgets based on real data and forecasting.”
As Zahran explains, the evolution of the Risk Index 2017 is not focused on geo-political rankings like other tools in the industry; it is focused on holistic assessment. “We aren’t telling companies what countries are the safest. While that’s interesting, it’s not always relevant for the business decision. What is important is using the data, which is constantly updated, to provide a comprehensive risk analysis so that they can make an informed decision on resource investment.”
Click here for the full Risk Index 2017 report.