Apart from the cost factor, cyber related risks are giving CEOs a lot to think. Image Credit: Shutterstock

The findings come from a six-month roundtable follow-up to the World Economic Forum’s Global Risks Report 2023. The discussions showed prior concerns from C-suite executives in Bahrain, Oman, Qatar, and the UAE about inflation, climate change mitigation and commodity price shocks, no longer feature on the Top 5 short-term risk rankings.

While the issue of cybercrime was not ranked as a Top 5 risk by any of the four countries in January 2023, it now factors as a significant short-term risk for executives. The cost-of-living crisis was ranked as the greatest short-term risk by Bahrain, Qatar, and the UAE in the January GRR. Executives in Oman have now also ranked the issue as their primary risk factor.

Participants from Oman were the only group to rank failure to mitigate climate change in the top five, while Oman also group did not place natural resources crisis in the Top 5.

read more

Stakeholder engagement strategies

To tackle the cost-of-living crisis, corporations have cited dialogue with national governments as their primary stakeholder, followed by local government, multi-country, and regional cooperation across public and private sector spaces. There were, however, mixed views on how to manage climate-related risks such as natural disasters and extreme weather.

Among UAE and Oman participants, closer to half said the national government is the most effective entity to manage climate change mitigation. In Oman, international cooperation placed second (27 per cent) followed by a multi-country approach (12 per cent). Qatar participants said the national government (29 per cent) and public-private cooperation (27 per cent) would be most effective at managing climate risk.

Using a sliding scale (with 1 being low and 5 being high), executives were asked to judge how much of a role insurers should play in mitigating climate risk. Bahrain participants were most likely to see a strong role for the insurance industry, followed by Oman and Qatar, then the UAE.

Cybercrime and cybersecurity

Participants across the region were more likely to see an insurance role in mitigating cyber risk than they did for insurers having a role in climate risk mitigation. Of all GCC participants, Oman executives were the most likely to see an insurance role.

Other key stakeholders cited by C-suite representatives for cybercrime resilience were national governments and other businesses, with UAE participants leaning heavily to saying businesses are the most effective stakeholder to manage cyber risks (47 per cent).

Qatari respondents split fairly equally among businesses (31 per cent) and public-private cooperation (27 per cent). Bahrain participants followed a similar pattern, with businesses (39 per cent) and public-private cooperation (31 per cent) topping the list.

Building a resilient risk management culture

There is an ever-present threat that multiple crises could emerge simultaneously. The 2023 GRR report focused in part on the interconnectivity of crisis events occurring at the same time or in the same place, what the WEF called a ‘poly-crisis’. Globally, the spectre of a poly-crisis is causing many organizations to make comprehensive assessments of the risks they face.

This approach makes it possible for firms to measure the potential impacts of events, which reduces uncertainty to a feasible degree, leading to better decisions about where to invest.

A robust resilience strategy

Having a robust resilience strategy can lead to a number of potential benefits — including higher levels of trust in the organization and its leadership, improved financial performance, and readiness for any crisis. What we now see is a scenario where multiple risks are appearing, changing, and morphing in rapid succession: a dynamic caused by a historically rare convergence of global economic, geopolitical, and natural-world events.

Perceptions of risk are changing - dramatically - over short timeframes. To provide themselves with the strongest defence, organizations must recognize that resilience is more than a compliance exercise. It cannot be left only to in-house risk professionals.

It must also be strategically and operationally connected to corporate strategy – and must always be measured. With these tools in place, c-suite and risk managers will equip themselves with the most powerful and robust defence systems against today’s ever-changing risk landscape.