Skip to main content

Enterprise Risk Management: What to Watch in the Next Decade

Events in the past year have underscored the growing volatility of the economic, social and political landscape. Companies must be increasingly prepared to manage a wide range of complex and evolving risks.

As the world grows more interconnected, so does corporate risk. In the past year we’ve seen how the global COVID-19 pandemic led to major disruptions of global supply chains in addition to taking a severe toll on humanity. We’ve also seen ransomware attacks bring businesses to a halt and greatly damage company reputations.

Now is the time to elevate risk to the C-suite to more effectively address risk at the enterprise level. Risk managers can invest in a growing set of capabilities that will help companies monitor, forecast and manage enterprise risk — and move beyond heat maps and risk registers in an effort to truly quantify their risk and exposures.

Organizations that take a holistic and data-backed approach to risk management will be better prepared to handle the complex challenges of tomorrow. Still, it can be difficult to know where to begin. Though that choice is unique to every organization, it can be informed by six major risks that will emerge or continue to grow through the next decade.



Cyber risk

Cyber risk is a rapidly growing threat that will continue to evolve over the next decade. The COVID-19 pandemic and the shift to a digital work environment have increased our reliance on technology — and with it, our risk exposure to cyberthreats. The total number of global ransomware reports increased by a staggering 715.8% from 2019 to 2020, while predicted damages from ransomware are expected to reach $20 billion this year alone.[1]

Though ransomware is the predominant concern today, cyber risk may take on new forms as hackers become more sophisticated in their approach. We have yet to experience a widespread catastrophic cyber event — for example, a shutdown of a critical energy infrastructure — but the growing scale and scope of recent cyber risk events (such as the Colonial Pipeline attack) hint at the destructive potential of such a threat.

One of the most effective ways to protect your company against cyber risk is a cyclical strategy that includes a combination of assessment, quantification, insurance and incident-response readiness.[2]


Supply chain and vendor risk

The COVID-19 pandemic exposed the fragility and potential disruption inherent in our global supply chains. Since last year, companies (and consumers) continue to face persistent supply shortages, delays and rising commodity costs. In addition to the market disruptions caused by the pandemic, supply chains are susceptible to emerging risks such as extreme weather events, cyberthreats, supplier insolvency and the shifting winds of geopolitics. In response, companies are looking toward onshoring and new models to replace the just-in-time inventory strategies that dominated the past couple of decades.

In this environment, it will become even more important for companies to conduct vendor-resiliency analyses that will allow them to understand their supply chain dependencies and mitigate supply disruptions.[3] The unpredictability of commodity shortages and costs will also require a more flexible and long-term approach to capital investment projects, with a particular emphasis on contingency planning and scenario analyses to assess and quantify risk.[4]


Pandemic risk

North American companies continue to grapple with the long tail of the COVID-19 pandemic — including a patchwork of mask mandates and vaccination policies, ongoing school and facility constraints, and renewed uncertainty around a return to the office for employees as the pandemic continues to linger.

While the crisis has affected aspects of many organizations, its impact on employees may have the most lasting effects in the next decade. For example, more than 40% of respondents to a recent global survey said their mental health has declined since the COVID-19 outbreak.[5] Organizations have increasingly recognized their role in supporting mental and physical health and safety in the workplace, but many still have a long way to go.

As the pandemic continues to shift how, where and when work gets done, it will be critical for organizations to understand the evolving human capital risks and build a resilient workforce to protect their single largest asset — their people.


Climate risk

Climate risk will continue to worsen in the next decade and beyond — at least through 2050, according to the latest U.N. climate report.[6] One recent study found that climate change and extreme weather events such as drought, heat waves, flooding and hurricanes have a direct impact on 70% of all economic sectors worldwide.[7] A warming planet brings a wide range of risks — from operational risks to regulatory uncertainty and tighter underwriting in the risk transfer markets. The threat of climate change may also affect consumer preferences as shoppers increasingly adopt sustainable behaviors (such as reducing meat consumption), seek out eco-friendly products, and evaluate brands and companies on their environmental impact.

Organizations must develop long-term climate resilience and mitigation strategies to manage these wide-ranging risks. Some will need to adjust their entire business model to adapt to the effect of climate change, and others may find new sources of value in a changing climate world. Most companies will benefit from leveraging data and scenario modeling to assess their specific climate footprint, quantify their exposure and protect their assets from growing climate risk.


Intellectual property risk

It has become more urgent than ever for companies to protect their intellectual property — patents, copyrights, trademarks and trade secrets that collectively make up an immense and growing asset class. In 2020, intangible assets accounted for 90% of the market value of the S&P 500, compared with just 17% in 1975.[8] In the United States alone, the annual cost of IP theft ranges from $225 billion to $600 billion a year.[9]

Organizations can take a number of steps to help manage IP risk, increase IP value and leverage IP assets. By leveraging advanced natural language processing, or machine learning AIs, companies can now value their IP similar to any other asset class. The ability to value IP has increased the demand for financial service solutions for the IP asset class. Such solutions include buying, selling, hedging, insuring or lending against the IP assets, akin to solutions available for traditional assets. For example, advance analytics allow a company to develop the likelihood and potential impact of third-party IP infringement claims, allowing companies to make a fact-based decision about what risks to retain vs. insure.  This information can position companies to help protect the revenue streams being generated by this IP. Additionally, IP can be wrapped with a residual value policy, allowing lenders to lend against the IP. Once IP has been valued, it can turn into a powerful source of untapped capital


Reputational risk

Reputational risk has been near the top of the register for many years, ranking as the number one or number two risk in Aon’s Global Risk Management Survey since 2015.[10] The pervasiveness of social media, a 24/7 news cycle and a near-constant stream of high-profile incidents have only reinforced the importance — and potential damage — of reputational risk in the decade to come.

In many ways, reputational risk may be an outcome or consequence of mismanaging other types of risk — from cyber events to environmental hazards. The fundamentals of managing reputation and D&O risk remain the same: a crisis-management strategy with robust response and contingency plans, strong public relations and government-relations arms where relevant, media training for executives, and consistent messaging to influence the narrative. In fact, companies that successfully navigate a reputational risk event not only protect their brand and assets but often see a positive gain in value after the event.


[1] “The Ransomware Epidemic,” Aon

[2] “Help Achieve Cyber Resilience Through Continuous Cyclical Strategy,” Aon

[3] “Successful Business Continuity Management Starts with Defining Essential Services,” Aon

[4] “Evaluating Supply Chains in Light of Emerging Risks,” Aon

[5] “The other COVID-19 crisis: Mental health,” Qualtrics

[6] “5 takeaways from the major new U.N. climate report,” New York Times

[7] “Organizations Are Feeling the Pain of Climate Change: Here Are Five Ways It’s Affecting Their Business,” Forbes

[8] “Intangible Asset Market Value Study,” Ocean Tomo

[9- 10] “2019 Global Risk Management Survey,” Aon