Resilience Practices: One-Year Follow-Up Analysis Of Global Risks 2012 Cases
Resilience Practices: One-Year Follow-Up Analysis Of Global Risks 2012 Cases
Building resilience against highly uncertain and unpredictable external risks can complement traditional risk management, especially in today’s interdependent and interconnected world.
As noted in the Special Report in this year’s Global Risks 2013 report, a working definition of resilience for a country (or an organization) is its capability to adapt to changing contexts, withstand shocks and recover to a desired equilibrium while preserving the continuity of its operations. Resilience implies the capacity for both speedy recovery after a shock (such as a market crash or natural disaster) and timely adaptation in response to a changing environment (such as a demographic transition or climate change).
Resilience must be achieved in balance with other objectives, such as efficiency – for example, investing in operational redundancy may enhance resilience but constrain short-term efficiency. To further the debate on the importance of resilience and the best ways to build it, the World Economic Forum has collaborated with PwC to develop a one-year follow-up analysis of the three risk cases presented in the Global Risks 2012 report: The Seeds of Dystopia, How Safe are our Safeguards?, and The Dark Side of Connectivity, focusing on what resilience practices might be relevant in each case. The examples are drawn from practices that have already proved their efficacy as well as practices that are currently being tried and, though unproven, seem promising.
Case No.1: Seeds of Dystopia
Description of the Case
Mismanagement of population ageing and sustained high levels of youth unemployment remain pressing challenges across developed and emerging markets. The Seeds of Dystopia case highlighted the potential for fiscal and demographic trends to prompt the emergence of a new class of fragile states with widespread social instability and discontent.
The case asserts that dystopia will ensue if the social contract is no longer believed in by wide segments of the population. As youth see a lack of opportunities and the aged are concerned about smaller or non-existent benefits after a lifetime of work, social pressures increase. These phenomena are closely linked to each other as well as to political and policy reform, productivity, education, and other macro trends. To address them, innovative and sustainable solutions are needed.
Resilience Practices
These practices for understanding, measuring and ultimately improving resilience are drawn from research of numerous case studies from around the world. While most relate directly to governments as the primary enabler of the social contract and, therefore, societal and economic stability, the cases also reflect the critical role stakeholders from across society will necessarily play.
Resilience Practice 1: Seek holistic insights and involve a range of stakeholders
Any approach to building resilience must draw upon holistic insights related to ageing, youth unemployment, inequality, fiscal imbalances and the social contract.1 Collaboration among the private sector, civil society, local and national governments, and multilateral organizations in creating a modern and sustainable social contract is crucial.
For example, SELCO is a social enterprise in India that makes solar panels and lights.2 Through multi-stakeholder partnerships with international institutions and rural state-owned banks, SELCO provides loans to rural Indian households and institutions such as schools to purchase solar lighting systems, which enables them to obtain energy and Internet connectivity. These in turn provide improved working environment for young entrepreneurs and offer greater opportunities to earn income and educate children. Social resilience could be enhanced through such efforts that create educational and employment opportunities, addressing the growing resentment about inequality between rural and urban areas in India.
Because it is based on a holistic understanding of the socioeconomic context, this multi-stakeholder collaboration allows for competing interests to be appropriately represented and managed, minimising the risk that solutions will prove unfavourable to any group of stakeholders.
Resilience Practice 2: Monitor trends and revisit assumptions
Monitoring and analysis – including forecasting and scenario planning – of trends in ageing, technology, labour and youth engagement enables stakeholders to regularly reassess assumptions and risks and correct strategies as needed.3 These processes improve responsiveness of policies and strategies to changing environments and to potential crises.
The UN Millennium Development Goals demonstrate the use of highly successful adaptive strategies based on continuous monitoring and analysis. The economists who manage the UN Millennium Development Goals constantly gather data to enable them to identify best practices and negative trends which need to be rectified. For example, UNICEF and UNESCO Institute of Statistics established a global initiative to gather data and analyses about out-of-school children. The initiative, which involves 26 countries from seven regions, aims to develop “context-appropriate policies and strategies for increasing enrolment and attendance of excluded and marginalized children.”45 More data-driven, targeted education policies could improve countries’ prospects of achieving the millennium development goal of universal primary education. Such initiatives are essential to fostering socioeconomic resilience because education boosts citizen engagement and the skill level of the labour force.
This example illustrates that continuous monitoring of trends and revisiting assumptions allow for routine evaluation of what truly enhances resilience over the short-, mid- and long-term. It also enables stakeholders to challenge assumptions that may no longer be valid.
Resilience Practice 3: Promote inclusive and open attitudes toward immigrants
Countries with flexible immigration policies often have more resilient labour markets, as migrants are more able to fill the gaps left by retiring workers. The strong growth of the Canadian economy in recent years (particularly in the natural resources sector in the western provinces), coupled with the increasing retirement rate of its ageing workforce has led to a shortage of skilled workers in the country. The government has taken advantage of its society’s openness to immigrants through the Federal Skilled Workers Program, which in 2011 admitted more than 57,000 skilled immigrants to Canada.6 These immigrants helped meet the Canadian economy’s growing demand for labour.
Over the course of 2011, full-time employment increased by 190,000 jobs while the unemployment rate fell slightly from 7.6% to 7.5%7 – outperforming the OECD average of 8.2%.8 Based on data from the Gallup World Poll, the OECD calculates an index of its members’ community tolerance of minority groups and migrants. Canada topped this index.9
The Canadian example illustrates that the efficacy of immigration policies is influenced by social norms, as more tolerant and accepting societies make it easier for migrants to be economically active and civically engaged. These norms also foster greater social resilience.
Resilience Practice 4: Diversify risk through innovative financing
Innovative financing can increase resilience by providing additional resources from alternative sources such as the private sector and individual donors, to foster vital projects and initiatives despite economic shocks which may reduce or redirect limited state resources. Impact investing, an example of an innovative financing tool, marries state funding with private investment. These initiatives to diversify sources of financial support allow governments to leverage private capital to meet social needs and ensure continuity of services by diversifying sources of finance.
For example, the US Government has committed US$ 1 billion over five years to the Small Business Association (SBA) Impact Investment Initiative10, which will provide capital to invest with the private sector in companies in underserved and vulnerable communities.11 The first SBA initiative was the InvestMichigan! Mezzanine Fund, launched in 2011 in partnership with the State of Michigan Retirement Systems and Dow Chemical Company, which contributed US$ 35 million and US$ 15 million respectively.12 The InvestMichigan! Mezzanine Fund aims to provide stable funding, which has historically been hard to find for job-creating start-up and early-stage companies in Michigan. Stability comes from a diversity of funding sources, combining the private sector funding and Michigan’s pension fund. The fund targets high-growth enterprises that can accelerate job creation,13 which is vital as Michigan’s economy suffers from a relatively high unemployment rate of 9.1%.14 In partnering with the private sector, impact investing also seeks to leverage efficient management, provide social benefits and promote knowledge sharing. The InvestMichgan! Mezzanine Fund, for instance, connects local private-sector leaders with businesses that benefit from the fund’s investments to enable individuals to share knowledge.15
The investor diversity enabled by initiatives such as InvestMichigan! Mezzanine Fund can provide funding stability during crises. Additionally, impact investing typically provides for outcome-dependent returns, so it is in investors’ interest to ensure that projects are successfully designed to meet social needs and are sustainable and efficient. Overall, such successful programs can strengthen a country’s socioeconomic resilience.
(This Seeds of Dystopia One-Year Follow-Up analysis has been produced in collaboration with PwC and Eurasia Group.)
Case No.2: How Safe are our Safeguards?
Description of the Case
Societal safeguards need to be reinvented on an ongoing basis, given the ever-changing nature of global risks. With rapid global change, safeguards can become imbalanced where they do not provide adequate protection, or otherwise stifle innovation.
The case How Safe are our Safeguards? explored whether current processes for developing societal safeguards can effectively build resilience against cross-border risks in a complex and interdependent world marked by uncertainty, innovation and rapidly changing conditions.
Resilience Practices
Comparable practices that may foster resilience in the face of cross-border risks in a complex and interdependent world can be found in two very different areas: financial system stability and the prevention of pandemic influenza. Safeguards in both areas have been challenged and continue to evolve in ways that are expected to foster more effective responses to future crises.
Resilience Practice 1: Question the validity of assumptions underlying safeguards
In an ever-changing world, it is likely that key assumptions underlying a safeguard will ultimately become invalid, and responses to crises based on flawed assumptions will compromise rapid recovery and adaptation. Therefore, processes must exist to monitor and challenge the validity of the assumptions underlying safeguards.
Financial System Stability
The financial crisis of 2007-2009 demonstrated that the assumption that a “microprudential” approach, one focused on the health of individual financial institutions, would safeguard financial stability was no longer valid.16 In response, regulators adopted a “macroprudential” approach, which addresses the whole financial system, and regulators enhanced their ability to question the validity of assumptions underlying this new approach. For example, the United States established the Financial Stability Oversight Council (FSOC), which identifies “risks that could arise outside the financial services marketplace.”17 The FSOC monitors risks to the stability of the US financial system that may arise outside of the existing regulatory structure.
Pandemic Influenza Preparedness
Questioning the underlying assumptions behind pandemic influenza vaccine manufacturing is a continuing part of World Health Organization (WHO) strategies. For example, the 2009 H1N1 pandemic led the WHO to challenge the assumption that large multinational pharmaceutical companies could ramp up production fast enough for all affected populations. The pandemic demonstrated that low-income nations would be supplied only after the wealthy nations had ensured adequate coverage for their own populations. As a result of challenging the assumption, a new vaccine manufacturing schema was created to enable developing nations to establish domestic vaccine manufacturing capabilities and ultimately to reduce their dependence on wealthier nations.18
The output of the microprudential approach and the potential speed of flu vaccine production are both examples of assumptions which needed to be questioned in order to make financial and health systems more resilient to future crises.
Resilience Practice 2: Build forward-looking elements into safeguards
For a safeguard to strengthen resilience in the face of a dynamic and evolving risk, regulators must look over the horizon to be able to recognize issues early and mobilize quickly to recover from crises.
Financial System Stability
The financial crisis of 2007-2009 arose in part because traditional regulatory safeguards such as capital ratios did not capture evolving risks of systemic impacts.19 In response, regulators incorporated forward-looking elements20 into their regulatory frameworks. For example, both the European Banking Authority21 and the US Federal Reserve conduct stress tests using scenario methodologies,22 to better understand the variety of possible future developments in order to prevent future crises and mitigate the impacts of crises, by enabling early detection and intervention.23
Pandemic Influenza Preparedness
Safeguards against pandemic influenza also employ forward-looking elements, consistent with the dynamic nature of the risk. Because new strains of the flu virus evolve quickly, the WHO’s Global Influenza Surveillance Network24 meets twice each year to analyse monitoring data and to project which influenza strains are most likely to infect populations in 6 to 12 months. Based on those projections, the Network recommends suitable strains to be included in the influenza vaccines for each new flu season.25
Forward-looking safeguard elements, from stress testing in finance to projections in vaccine planning, help to identify areas of emerging risk in the respective systems, and enhance resilience by enabling early response to emerging risks.
Resilience Practice 3: Leverage market and other incentives
To foster resilience, safeguards should strike a balance between protecting society from risk, such as by enhancing the ability to recover from crises, and enabling society to benefit from risk-taking. This can often best be achieved by using incentives when feasible rather than restricting or directing activities.
Financial System Stability
The financial crisis of 2007-2009 highlighted systemic risks posed by creditors’ assumptions that large financial institutions are “too big to fail” and will always be rescued by government – given that government rescues are an inefficient way of facilitating crisis recovery.26 To enhance market discipline on risk-taking, the US Federal Deposit Insurance Corporation now has the authority to liquidate large non-bank financial institutions and impose losses on investors, including shareholders and creditors. Larger banking institutions must submit plans for orderly liquidation2728 and make enhanced public disclosures of risk information.2930 These measures provide the information and incentives for investors to demand management action to shore up the stability of financial institutions.
Pandemic Influenza Preparedness
Separate funding from the US government increased economic incentives for the pharmaceutical firm Novartis31 to make additional long-term investments in seasonal influenza vaccine programs. Without this government support, the private sector alone lacks clear incentives to make such long-term investments. This funding initiative provided a cost-effective means to ensure domestic vaccine production capacity in the event of a pandemic flu outbreak, and it provided mutual benefits to both the US Government and Novartis.32
In both cases, action to adjust incentives – by requiring information disclosure in finance and providing economic incentives to invest in vaccine production – increased the resilience of systems without the need for restricting or directing activities.
Resilience Practice 4: Coordinate actions across borders and organizations
Safeguards to protect global systems are beyond the capability of any one country to put into place; therefore, governance structures must coordinate action across borders to identify, prevent and respond to crises.
Financial System Stability
Recognising the interconnectedness of global financial markets and institutions, G20 countries established the Financial Stability Board (FSB) to coordinate financial-services regulators and international standard-setting bodies.33 In November 2011, the FSB collaborated with financial regulators from numerous countries to develop Key Attributes of Effective Resolution Regimes for Financial Institutions, which provides guidelines for recovery and resolution planning for banks and financial institutions.34 As a result of that international coordination, these leading practice guidelines are being implemented globally with the aim of better equipping the global financial system to respond to future disturbances.35
Pandemic Influenza Preparedness
Influenza and other infectious diseases are inherently cross-border challenges in today’s globalized world. Accordingly, stakeholders leverage the WHO, which works closely with other multilateral organizations, government agencies and key laboratories to coordinate and manage the surveillance of and response to global public health threats. For example, the WHO plays an integral role in coordinating activities under the Global Action Plan for Influenza Vaccines, a comprehensive strategy to promote the production of influenza vaccines.36 A coordinated global response to a pandemic would be difficult without this level of organization.
Having cross-border organizations such as the Financial Stability Board and WHO in place prior to the onset of a crisis can improve responses and enable stakeholders to adapt more nimbly and effectively to future cross-border crises.
Case No.3: The Dark Side of Connectivity
Description of the Case
The Dark Side of Connectivity case explored the online security risks associated with the critical infrastructure that underpins our daily lives and depends increasingly on hyperconnected online systems. The case highlighted the need for public-private cooperation to secure a healthy cyberspace.
Over 2 billion people worldwide37 now have direct access to the Internet. Consumer devices, social media and networked connections could drive change faster than businesses and governments can keep up. In addition, criminal abusers of cyber networks have been quick to exploit the growing opportunities presented by society’s reliance on these technologies, with ever-growing sophistication.
Resilience Practices
Resilience in cyberspace means more than preventing future cyber attacks: it means reducing recovery times following such attacks. The resilience of our cyberspace depends on strong leadership, capable of keeping up with the pace of change. This leadership must come from the top of government and business, not just technology management. Improving resilience also requires investing in infrastructure that builds and sustains trust among systems and users.
Resilience Practice 1: Assign top-level responsibility for cyber resilience
Resilient cyber strategies should be developed at no lower than the board level within each organization to enable effective identification of trends, adaptation to changing business contexts, efficient response to systemic shocks and continuity of business operations.
Many large banks have transferred responsibility for cybersecurity from IT divisions to group security, along with crisis management, and have provided board-level oversight. Fortune 500 corporations have created Chief Information Security Officer positions, not only in their chief information office, but in their general counsel offices, reflecting the need for top-level accountability and the consideration of a variety of key corporate functions: contract review, enterprise risk management, assurance and compliance, human resources and workforce management, and regulatory reporting. These shifts reflect the degree to which cybersecurity decisions involve much more than technology management – they also include risk and liability management.
These trends highlight the importance of strategic perspectives and cross-functional collaboration at the most senior levels. Such collaborative decision-making can guide corporate-wide investments and capabilities – not just technology investments – to anticipate and adapt to emerging trends, respond to shocks and decrease recovery time. These strategies improve corporations’ abilities to respond to crisis by marshalling enterprise-wide resources and strengthening collaborative, cross-functional processes.
Resilience Practice 2: Share cyber knowledge in trusted public-private forums
Trusted knowledge sharing between public and private stakeholders improves understanding of and response to cyber threats that can affect critical infrastructure.
For instance, the Australian Government has established the Trusted Information Sharing Network (TISN),38 a network of government representatives, business stakeholders and cyber experts, to address the risks of cyber threats to critical infrastructure that could severely damage Australia’s economy, social systems or national security. It aims to use the network to increase awareness of cyber risks to critical infrastructure, share strategies to reduce cyber risk, and provide a feedback mechanism to highlight private sector cyber issues to the government. It allows for resilience practices to be shared across the supply chain so that there is mutual benefit in avoiding the failure of a key link in the chain. The TISN enables critical infrastructure organizations to improve understanding of risks and provides a platform for responding quickly when cyber threats do materialize.
Due to the rapidly changing nature of cyber threats, governments and the private sector need to have mechanisms to share knowledge in trusted networks, so that critical organizations have the latest information to respond quickly and effectively to cyber attacks. Such responsiveness to shocks is at the heart of cyber resilience.
Resilience Practice 3: Coordinate among governments during crises
Formalized bilateral procedures between governments, which could be utilized in the event of a cyber crisis, are important to facilitating fast, decisive action and limiting damage from cyber attacks.
In light of this recognition, the United Kingdom held formative talks with China and Russia in 2012 to establish cyber crisis communication channels.39 The proposed communication channels could help identify the sources of cyber attacks and limit misunderstanding that may lead to escalation. Such channels are becoming ever more important with the increased ability of cyber attackers to use proxy servers to mask their identities online as “agents of the state.”40
Similarly, South Korea has also entered into bilateral cyber cooperation agreements with other nations, including China, Japan and the United States.414243 These bilateral agreements include procedures that provide for formal cyber crisis coordination, realistic bilateral cyber-attack testing and the ability to share technical information between government agencies in the event of a cyber attack. Such elements allow for advanced preparation and the ability to share crucial information to identify attack sources and coordinate responses quickly across national borders.
Documented success stories of these strategies are scarce, due in part to the confidentiality surrounding both testing exercises and real cyber attacks. Nonetheless, established formal communication channels between governments in a crisis are crucial to enable quick and clear collaboration to avoid damage and prevent escalation through miscommunication.
Resilience Practice 4: Design resilient electronic devices and online systems
Encryption is a crucial element of resilient information sharing. Design and use of properly encrypted devices and online systems will improve the resilience of information sharing against malicious attacks or simple human error when systems protection fails.
BlackBerry® devices, for example, provide secure, encrypted communication, and Apple’s latest products include similar security technology. Half of businesses that have outsourced processes over the Internet ensure that their data is encrypted. Furthermore, Trusted Platform Modules (TPMs) provide both device encryption and device authentication, embedded in the hardware of the device. This assures data protection as well as device authentication even when software-based digital certificates are compromised or forged. TPM chips are used by nearly all personal computer and notebook manufacturers, yet relatively few corporations take advantage of these chips to authenticate devices on corporate networks throughout the enterprise, for example.
Tools such as encrypted communication and enterprise-wide TPM strengthen resilience by protecting data as it moves across systems, irrespective of uneven system security. Such trust infrastructure, crucial for information-sharing resilience, enables corporate enterprises to adapt over successive generations to emerging consumer technology, which can change as rapidly as the next trend in smart phones. It also fosters resilience by ensuring a general level of reliability by minimizing disruptions if one link in the chain fails.
The project team would like to thank the PwC and Eurasia teams in their efforts and contributions in completion of the Resilience Practices. (In alphabetical order.)
- Dave Burg, PwC
- Martin Caddick, PwC
- Mena Cammett, PwC
- Dennis Chesley, PwC
- Mary Cline, Eurasia Group
- Bill Helming, PwC
- Anthony Ho, PwC
- Courtney Rickert McCaffrey, Eurasia Group
- Christopher Michaelson, PwC
- Marissa O. Michel, PwC
- Bruce Oliver, PwC
- Neal Pollard, PwC
- Alexandra Rogan, Eurasia Group