Australian Businesses’ False Sense of Risk Management Confidence


The lessons learned from the COVID-19 pandemic continue to surface—chief among them is the need to improve risk preparedness as it plays a critical role in ensuring business resiliency.

It’s a lesson that Australian organizations learned early on. Before the pandemic, two in three of those organizations had a continuity plan in place, but only half of the plans included a pandemic scenario. This left them vulnerable to both the effects of COVID-19 and the pandemic’s cascading risks, such as supply chain disruptions, staffing shortages and spikes in cybercrime.

However, even after a pandemic fueled two-plus years, investment in business resiliency remains relatively low among Australian businesses, according to a recent study of more than 300 Australian corporate security decision makers. The study, ANZ Business Risk Resilience Report, surveyed the decision-makers on how their business has managed risk and resilience over the last 18 months—and which risks they expect to continue to face throughout 2022.

The report found, while 75 percent of organizations believe that business risks have dramatically increased, a third are still not confident about their ability to identify risks and events in real time. And, only 19% strongly agree that their organization has the ability to comprehensively and continuously discover risk indicators that may impact their business.

This is concerning given that the importance of identifying and reacting to business risks in as close to real time as possible has grown exponentially—and the types of risks organizations are faced with are increasingly complex. The study also found that over the past two years Australian businesses have mostly built resilience around COVID-19 risks. This created a significant blindspot as attention must also be paid to the plethora of other risks that continue to threaten business operations and continuity.

Here’s how Australian corporate security leaders prioritized risk:

  • COVID-19 related risks, 67%
  • Staff retention, 45%
  • Supply chain disruption, 40%
  • Cyber crime, 40%
  • Climate change, 25%
  • Unknown risk, 20%

Unknown risks are those that have not yet come to light. And while hard to anticipate, Australian corporate security leaders that embed real-time information tools into their workflows can easily spot such risks and determine the potential impact of each. Additionally, sixty-four percent of Australian organizations are confident that they have what they need to effectively manage risk in 2022, yet almost a third have zero investment in risk resilience. This indicates a significant disconnect between what businesses have invested in (or not) and the level of confidence each has compared to the reality of the market. This gap puts Australian businesses at risk of returning to pre-pandemic levels of unpreparedness. It’s not enough to believe the right risk management strategies and capabilities are in place. Significant investment in risk management tools and strategies is a must if organizations are to have the flexibility and preparedness needed to remain resilient in the face of known and unknown risks.

Also key is how responsibility for risk management is distributed throughout an organization. Seventy-two percent of Australian organizations have given existing employees additional risk management roles and responsibilities and 71 percent have created a risk management team.

This is a positive sign as it indicates Australian businesses are relying less on external experts and resources (50% hired external professionals), choosing instead to focus on upskilling employees and spreading responsibility for risk management across multiple functions.

While Australian businesses have made progress in strengthening their resiliency, the study shows us that many still have a fair amount of work to do to be truly resilient.

You can read the full report here.