Furthermore, the impact of just one attack on an economic target — the September 11, 2001, assault in New York — shows that the financial, transportation, and tourism sectors, and possibly the telecommunications sector, are more vulnerable than was previously thought. With the resulting uncertainty continuing to affect the economy, companies are being forced to take on additional costs for security. All in all, according to Fortune magazine, the private sector will spend more than $150 billion on homeland security–related expenses such as insurance, workplace security, logistics, and information technology — approximately four times the U.S. federal government’s announced homeland security budget.
A Risk/Response Framework
In light of the systemic nature of risk — along supply chains, across geographies, and within transaction networks — a new approach for comprehensively understanding and addressing risk is needed. Such a framework must evaluate exposure at seven sites of risk and develop corresponding strategies. These risk sites are:
- Presence in Emerging and Unstable Markets. These are traditional political risk sites, encompassing the threat of war, terrorism, organized crime, and expropriation.
- Distribution of Personnel. Corporate expansion and activity in emerging markets requires staff travel and necessitates having offices in potentially unstable locations.
- Headquarters. The physical exposure of the corporate “brain” is the material risk inherent in centralized headquarters.
- Supply Chain and Partnerships. Risk is posed by the potential for breakdown within insecure cross-border operational relationships.
- Market Volatility. Industries and subsectors such as tourism and energy are vulnerable to geopolitical conflicts.
- Capital Hazard. Political shocks can cause the sudden loss of investment flow into an industry.
- Information Vulnerability. Intellectual capital can be compromised by risks associated with false information, miscommunication, poor cybersecurity, and blockage of information flows.
The persistence of such risks should persuade companies that not purchasing terrorism insurance constitutes a moral hazard. Still, many firms in high-risk environments continue to avoid it. Congress has moved to adopt a European-style federal terrorism reinsurance plan, which covers 90 percent of claims over the first $10 billion.
However, insurance is not a solution to the existential risks posed by this expanded understanding of risk sites. Although reinsurance schemes are a major mechanism for mitigating the actual costs of risk, the broader nature of risk requires that companies acquire a better sense of the big picture of geopolitical risk in order to secure their operations and markets.
First and foremost, companies must adopt a more comprehensive view of the relationships between various types of risk and the company’s mission, strategy, and operations, and develop integrated plans for managing their exposure to those risks. Booz Allen Hamilton has termed the state resulting from such activity enterprise resilience, which the consulting firm defines as “the ability and capacity to withstand systemic discontinuities and adapt to new risk environments.” Though corporations’ risk environments differ, each company that wants to achieve enterprise resilience must relate risks to strategies by creating frameworks in advance for evaluating threats. Each risk requires a corresponding strategy that plots short- and long-term responses and solutions. This collection of strategies to guard against future unavoidable risks is the essence of enterprise resilience.
But integrating political variables into strategic planning is easier said than done; we do not have the modeling capabilities to predict the cycles of an interdependent economy, much less a global economy overshadowed by geopolitical risk. Nonetheless, risk analysis can begin with an understanding of systemic dynamics and trends, evaluated at different levels of analysis.
Systemic risks arise from the complexity that emerges as technology enables actors across disparate geographies to influence one another. Whereas traditional risk analysis focuses on geography, risk today evades geographic constraints. The functional risks associated with the diffusion of powerful and potentially lethal technologies are the origin of many business risks today. Thus, the transnational nature of both business and risk means that geopolitical analysis must include local, national, regional, and international dimensions. Firms have increasingly utilized scenario-planning techniques and services to augment their strategic planning in order to develop — in advance — responses to unpredictable events and circumstances. But geopolitical risk calls for a modified scenario process. Typically, scenarios are devised, probabilities assessed, and strategies developed for the most likely outcome. In an era of high uncertainty, scenario planning must be capabilities-based, which means that firms must be prepared for all possible outcomes and ensure that flexible strategies can be implemented across the spectrum of risks and futures.