Dottie Schindlinger

Executive Director

8 critical focus areas for remaining resilient amid global uncertainty

In mid-May 2024, I moderated two pivotal roundtable events in Singapore that brought together global leaders and experts to tackle some of the most pressing challenges facing businesses today: geopolitical turbulence and cybersecurity governance. These discussions, rich in insights and strategic foresight, provided a platform for sharing knowledge and best practices in navigating the complexities of the current risk landscape.

The first event focused on "Navigating Geopolitical Turbulence: Risk and Compliance Strategies for Resilience," where the conversation revolved around the significant impact of geopolitical dynamics on business operations. With insights drawn from the latest research, including the 2024 What Directors Think report, the discussions underscored the necessity for boards to incorporate geopolitical expertise and scenario planning into their strategic frameworks.

The second event, "Cyber Security Governance: Empowering Boards to Navigate Evolving Regulations," highlighted the critical need for robust cybersecurity oversight and the importance of having informed, tech-savvy board members to address emerging digital threats.

Participants in these discussions included:

• Colin Low, Global independent board director and chairman for both public and private corporations and an ex-Fortune 100 executive
• Lee Weilin, Head, Sustainability, Partner, Banking and Finance at Rajah & Tann
• Robert Chew, FSID, Former Council member, SID
• Ivan Ng, MSID, Council member, SID

Where should boards focus their strategy and resources?

Businesses today face a myriad of challenges ranging from geopolitical tensions to advanced technological threats. Understanding these complexities and preparing for potential disruptions is crucial for maintaining stability and achieving sustained growth. Below, are eight critical areas where modern enterprises need to focus their strategies and resources to navigate these challenges effectively and ensure resilience in their operations.

1. Geopolitical risks

• The strategic rivalry between the United States and China has been identified as a major geopolitical concern, with potential flashpoints not only in trade disputes and sanctions but also in military confrontations, particularly in the South China Sea. This competition threatens to disrupt global supply chains and undermine regional stability. Additionally, 52% of directors have observed that such geopolitical tensions have adversely affected their company’s performance, highlighting the critical need for businesses to understand and prepare for these risks.

2. Risk mitigation strategies

• Scenario planning: Directors are increasingly turning to scenario planning, conducting regular tabletop exercises to simulate extreme scenarios, including potential military conflicts. These exercises help identify vulnerabilities and prepare contingency plans.
• Diversification: To shield operations from geopolitical upheavals, companies are diversifying geographically and across different business sectors. This strategy includes relocating operations away from political hotspots and reducing dependence on any single region by diversifying supply chains.
• Legal and stakeholder engagement: Establishing a strong legal framework and actively engaging with stakeholders such as employees, customers, and investors is essential. This approach builds a resilient strategy that accommodates various perspectives and complies with legal standards.

3. Technology and data

• Real-time data: Utilising real-time data and dashboard reports is crucial for leaders to make informed decisions swiftly in response to emerging risks.
• Contextualising data: It is important to go beyond mere data presentation by providing analysis and commentary that explain what the data means for the business’s risk profile, thereby offering actionable insights.

4. Board composition

• Geopolitical expertise: There is a growing recognition of the need for board members with geopolitical expertise to better navigate the complex issues that could impact the company. This expertise is now more sought after than ever, marking a significant shift in the attributes boards consider when filling roles.

5. Cybersecurity and AI

• Interconnected risks: With the rise of AI technologies, new vulnerabilities emerge that need to be managed alongside traditional cybersecurity threats. This interconnectedness makes cybersecurity a persistent priority for boards.

6. Challenges in cyber risk oversight

• Information overload: Boards often deal with an excess of information, which can obscure the full picture necessary for effective decision-making and risk prioritisation.
• Lack of expertise: According to a recent report released by Diligent Institute and Bitsight, only 5% of companies have a cybersecurity expert on their boards.This scarcity of security professionals on boards necessitates a foundational understanding of cybersecurity metrics, highlighting the ongoing need for education and the inclusion of more cybersecurity experts in board roles.

7. Education and frameworks

• Continuous education: Given the dynamic nature of threats, continuous education on cybersecurity management frameworks is vital for boards to stay abreast of the latest threats and best practices.
• Board diversity: Emphasising diverse skill sets, including cybersecurity expertise, enhances a board’s capability to understand and manage complex risks effectively.

8. Incident response planning

• Preparedness: Developing a comprehensive incident response plan and maintaining regular communication with legal teams are essential to prepare for potential breaches. This includes clearly defining roles and responsibilities and ensuring all stakeholders are familiar with the plan.
• Monitor Key Metrics: Ensuring the board is monitoring the KPIs that matter is critical. Depending on the organisation's industry, size and level of cyber risk, the specific KPIs could include regular updates on how well the organisation is meeting its RTO (recovery time objective), RPO (recovery point objective), MTTD (mean time to detect and intrusion) and other key metrics. RTO in particular is a useful metric to monitor as it defines the maximum acceptable downtime a business can tolerate.

As businesses continue to operate in an increasingly interconnected and volatile world, the insights garnered from these events offer a roadmap for resilience and strategic agility. Embracing these principles will not only safeguard companies but also position them to thrive amidst the uncertainties of the global market.