Risk Management in Strategy

All risk is enterprise risk. Cybersecurity Risk Management (CSRM) must be part of Enterprise Risk Management (ERM). Many companies think managing cyber risks is: ╳ Just an IT problem. ╳ Isolated from other risks. ╳ A low-priority task. But in reality, it is: ☑ A key part of the entire risk strategy. Here are the key steps to integrate cybersecurity risk into enterprise risk management: 1. Unified Risk Management ↳ Integrating CSRM into ERM helps handle all enterprise risks effectively. 2. Top-Level Involvement ↳ Top management must be involved in managing cyber risks along with other risks. 3. Contextual Consideration ↳ Cyber risks should be considered in the context of the enterprise's mission, financial, reputational, and technical risks. 4. Aligned Risk Appetite ↳ Align risk appetite and tolerance between enterprise management levels and cybersecurity systems. 5. Holistic Approach ↳ Adopt a holistic approach to identify, prioritize, and treat risks across the organization. 6. Common Risk Language ↳ Establish a common language around risk that permeates all levels of the organization. 7. Continuous Improvement ↳ Monitor, evaluate, and adjust risk management strategies continuously. 8. Clear Governance ↳ Ensure clear governance structures to support proactive risk management. 9. Digital Dependency ↳ Understand how cybersecurity risks affect business continuity, customer trust, and regulatory compliance. 10. Strategic Enabler ↳ Prioritize risk management as both a strategic business enabler and a protective measure. 11. Risk Register ↳ Use a unified risk register to consolidate and communicate risks effectively. 12. Organizational Culture ↳ Foster a culture that values risk management as important for achieving strategic goals. Integrating cybersecurity risk into enterprise risk management isn't just a technical task. It's a strategic necessity. 💬 Leave a comment — how does your company handle cyber risk? ➕ Follow Andrey Gubarev for more posts like this

Blackrock just pulled out of the Net-Zero investment alliance. ‘Climate Risk is Investment Risk’- famous words by Larry Flink CEO of BlackRock in 2020, when the world's largest asset managers acknowledged the importance of climate change in investment decisions. 5 years later, BlackRock is distancing from climate-related commitments and alliances. What does this mean? Here is my take: 1. American financial institutions are leaving voluntary climate alliances to mitigate political and legal risks. There is pressure from republican lawmakers and an increase in state-level litigation  where republicans have filed lawsuits against asset management firms alleging antitrust violations linked to climate focused investment strategies. In November 2024, the Texas v. BlackRock lawsuit saw 11 state Attorneys General suing BlackRock, State Street, and Vanguard for alleged antitrust violations. They claim these firms cooperated as shareholders in US coal companies to force a reduction in coal production. This case could become the test case for applying US antitrust law to sustainability cooperation and shareholder stewardship over portfolio companies. 2. Climate risk is investment risk, and smart investors know this. While their public positioning will change, we have to watch for what they are really doing: -Banks are adjusting mortgage terms and raising borrowing costs in vulnerable areas. -Major investment firms continue to factor carbon intensity into lending decisions. -Companies with higher environmental risks face higher loan spreads and borrowing costs, a trend accelerating as climate impacts intensify. -Access to capital increasingly depends on climate resilience. 3. Investors will continue to invest in projects that generate returns. Deploying renewables is cheaper, energy storage systems prices have fallen below tariff parity, the energy mix is changing. Investment firms will maintain their renewable energy portfolios because they generate competitive returns, regardless of public climate commitments.  Yes, banks are stepping back from public climate alliances, but the underlying economic realities have not changed. Climate risks are increasing and will continue to shape investment strategies, even if it's no longer at the forefront of corporate messaging. #climatetech #VC #investment #newbook #fundclimatetech #blackrock

Systems Thinking (& Strategic Thinking) Toolkit 7 Approaches to Consider (among many others) Have you ever solved a problem—only to have it resurface later in a slightly different form? If this sounds familiar, you might be dealing with symptoms rather than root causes. The solution? Combine Systems Thinking with Strategic Foresight. Here's how to use these powerful approaches together to drive sustainable business success: 1. Zooming In and Out Great strategic thinkers master the art of perspective. Zooming in helps you address immediate details and urgent tasks, but zooming out allows you to see the larger system at play, ensuring your short-term actions align with long-term goals. 2. Consider Different Perspectives Every stakeholder sees the business differently. By intentionally shifting perspectives—from customers to employees, from suppliers to competitors—you’ll uncover blind spots and identify innovative solutions. Effective strategy demands seeing your organization through multiple lenses. 3. Look for Patterns Systems thinkers excel at pattern recognition. Patterns reveal deep-seated systemic issues rather than isolated events. Identifying patterns gives you insight into underlying forces that repeatedly impact your business, enabling proactive solutions instead of reactive fixes. 4. Use Foresight, Not Forecasting Forecasting assumes a linear future—predictable and consistent. But the world today demands adaptability. Foresight equips leaders with the capability to envision multiple possible futures, preparing businesses for various scenarios and increasing resilience in the face of uncertainty. 5. Move Forward with Small, Iterative Actions Grand plans are attractive but often fail when the unexpected happens. Adopting iterative, agile actions lets you test solutions, learn, adjust quickly, and evolve your strategy based on real-time feedback and emerging trends. 6. Causal Loop Diagrams (CLDs) Use visual diagrams to map how different parts of your system interact, highlighting feedback loops and root causes. This clarity allows you to strategically identify where small shifts can lead to large, sustainable impacts. 7. Backcasting Define your ideal future clearly (your North Star), then systematically work backward to determine necessary actions. Backcasting ensures every decision you make today aligns with—and brings you closer to—your desired future outcomes. Bringing it All Together By combining systems thinking with strategic foresight, businesses gain clarity, agility, and resilience. Instead of repeatedly tackling symptoms, leaders address root causes, anticipate shifts, and adapt proactively. What’s one recurring challenge in your business—and how might a systems and foresight perspective transform your approach? #systemsthinking #strategicthinking #leadingwithstrategy #strategy

Many mergers and acquisitions overlook a crucial detail. Insurance. It's not just a line item. It's a potential risk to your entire deal. When you merge or acquire, you may inherit all existing policies, good or bad. Often, these policies are outdated. Or worse, they're insufficient. Or your current insurance may not cover the new risk properly. Imagine closing a deal only to discover hidden liabilities. Or unexpected coverage gaps. That's a nightmare for the economics of the deal. And your reputation. So, what's the solution? Involve your insurance advisor early. Much earlier than you think is necessary. Conduct a thorough audit of all existing policies. Assess their adequacy. And their alignment with your new business goals. This proactive approach isn't just smart. It's essential. It saves you from unexpected costs. And ensures a smoother integration. Don't let insurance be your blind spot. Make it a strategic priority in every merger and acquisition.

Success boils down to high performance, building relationships, and risk-taking. Hard work alone is not sufficient. As a VP, I constantly see risk-takers surpass “reliable” workers. Here’s why: Everyone is educated, and everyone works hard. As an executive, I can always find another person with a great education, good skills, and the drive to work long hours. Those things alone do not set you apart! What sets you apart is the mix I mention above: Taking risks, high performance, and building relationships. This combination isn't linear, but the pieces lead into one another. Here is how it works: You take risks because: → Risks create opportunities for high performance → Risks carry the potential for remarkable results → Risks get noticed High performance fits in like this: → High performance is what you do to earn the right to take a risk → High performance is what you do to try to make that big bet pay off → High performance is how you re-earn your credibility if something goes wrong. Along the way, you build relationships because: → Leaders take chances on those they trust → Leaders give second chances to those they know → Leaders promote those who deliver remarkable results You can also think of it like this: Good, effective, hard work is the base of your pyramid → Relationships are built on top of competence → Strong relationships support disruptive innovation. Merely being "reliable" is like the career version of the "friend zone”. You'll be respected, valued, and kept around, but you will never stand out enough to be chosen. Build the base to take a big risk and then TAKE IT. That’s how you will move up. Readers - Share when you have bet big to inspire others, whether the bet worked out or not.

One of the most important applications of GenAI is in foresight. A new report from Paulo Carvalho at IF Insight & Foresight on "How Generative AI Will Transform Strategic Foresight" provides wide-ranging perspectives on the possibilities. Here are some of the most interesting action-oriented frames I found in the report. 🔍 Real-Time Environmental Scanning: Use GenAI to conduct continuous scanning of emerging trends, weak signals, and disruptions across diverse sources. This real-time, dynamic approach allows organizations to stay agile, proactively adjusting strategies as new insights unfold. 🌐 Immersive Scenario Simulations: Utilize GenAI to create interactive VR/AR scenarios that bring potential futures to life. These simulations engage stakeholders deeply, helping them visualize and emotionally connect with complex strategic choices, fostering stronger alignment with future goals. 🔄 Adaptive Scenario Planning: Move from static to adaptive planning by integrating live data into foresight models. Continuous updates based on geopolitical, economic, and technological shifts ensure that scenarios remain relevant and actionable over time. 💬 Enhanced Strategic Conversations: Use GenAI-powered virtual agents to facilitate dynamic "what-if" conversations, helping stakeholders explore a range of possible outcomes. This deepens strategic insights and encourages a proactive approach to complex decision-making. ⚙️ Modeling Complexity and Emergent Behaviors: Use GenAI to simulate complex systems and emergent behaviors, enabling organizations to anticipate interconnected, cascading effects. This prepares them for resilience in the face of unpredictable challenges and non-linear changes. 📊 Multimodal Data Integration for Richer Insights: Leverage GenAI’s capacity to analyze diverse data types (e.g., text, images, audio, video) to gain a nuanced, comprehensive view of trends and risks. This multimodal approach captures intricate patterns that single-source analysis might miss. 🌍 Embrace Multiple Perspectives and Plurality: Design foresight processes that incorporate a wide array of perspectives, blending cross-disciplinary and cultural insights. This inclusive approach creates more robust, innovative scenarios that account for diverse worldviews and challenges assumptions. 🤝 Facilitate Participatory and Co-Creative Approaches: Use GenAI to build interactive platforms that invite diverse stakeholders to co-create and refine scenarios. Real-time collaboration enhances the relevance and inclusivity of strategic models, making them more reflective of shared goals and values. I'll be sharing some of my thoughts on this very important topic in the next little while.

This is the harsh truth of cybersecurity in 2023: You can’t prevent attacks. They are inevitable. If you haven’t accepted this premise yet, you’re still buying a bunch of tools and hoping for the best. But hope is never a strategy. It’s time to redefine what success looks like in cybersecurity. It’s not trying to avoid the pain of attacks, because they are going to happen. It’s the minimizing of consequences. Focus on building an organization that is resilient, can withstand attacks, and endure beyond them. Aiming for prevention is avoidant and impossible. Aiming to minimize impact is confident, forward-looking, and very possible.

In recent months and years, extraordinary attention has been paid to the risks of diversity, equity, and inclusion, such as lawsuits by anti-DEI activist groups, executive orders, and social media campaigns. But what about the risks on the other side? Earlier this year, in the immediate aftermath of Donald Trump's anti-DEI executive orders, the Meltzer Center for Diversity, Inclusion, and Belonging at NYU School of Law and Catalyst Inc. fielded a survey of 2,500 U.S. employees and leaders (c-suite and legal) in medium and large organizations with active DEI programs. We wanted to get behind the headlines and understand how people on the ground were actually navigating the current legal and political environment. When we reviewed the data, one big theme immediately emerged: the risks of *retreat*. Whether you look at it from a talent perspective, a financial perspective, a legal perspective, or a reputational perspective, we found ample data to suggest that retreating from initiatives that promote fairness and equal opportunity in the workplace creates its own significant risks. These risks need to be factored into an organization's DEI strategy. Take these examples: ⏺️ 68% of c-suite leaders and 65% of legal leaders said moving away from DEI would create more legal risk for their organization. ⏺️ 64% of the c-suite and 62% of legal leaders said there was greater risk of litigation alleging discrimination from traditional plaintiffs (e.g., people of color, women, LGBTQ+ people) than non-traditional plaintiffs (i.e., members of dominant or majority groups). This new report, which I coauthored with Alix Pollack, Tara Van Bommel, PhD., Christina Joseph, and Kenji Yoshino, helps leaders benchmark their DEI strategy against that of organizational peers, and serves as a playbook to help them navigate this tricky terrain. Please read it at the link below and let me know what you think! https://lnkd.in/gefJahjN

So what are the risks of moving your Vendor Central account over to 3P? The answer depends on your location: 𝗨.𝗦. 𝘃𝗲𝗻𝗱𝗼𝗿𝘀 are subject to Amazon's Standards for Brands (SBSAS) policy: It's a core part of Vendor Central's terms and conditions, allowing Amazon to force manufacturers to offer products exclusively through Amazon 1P. This leaves brands with suppressed 3P Buy Box offers and the closure of their 3P account when trying to exit the 1P model. 𝗘𝘂𝗿𝗼𝗽𝗲𝗮𝗻 𝘃𝗲𝗻𝗱𝗼𝗿𝘀 enjoy more protection. While Amazon has a similar policy (Product Availability Policy for Manufacturers), I have rarely seen it being enforced. But before you get all excited: Moving products from Vendor Central to Seller Central won't solve your margin and distribution problems: 🙅 Amazon suppresses uncompetitive 3P offers. 🥷 Competition for the Buy Box will continue. 💸 The lack of a 1P offer may encourage more 3P Sellers to sell your brand on Amazon, accelerating a negative price spiral. The better way? ✅ Control your distribution ✅ Delist unprofitable products ✅ Differentiate your 1P assortment Yes, you can use a 3P account as a defensive strategy during vendor negotiations. Just know that Amazon may not be playing along. --- What's your experience when moving selection from 1P to 3P? Let me know in the comments! #amazonvendor #amazonstrategy

Reflections from Longewala: Strategic Risk Management I recently had the privilege of visiting Longewala in the Thar Desert of Rajasthan, the site of the iconic 1971 battle between India and Pakistan. The Battle of Longewala is a powerful example of courage, strategy, and resilience, where just 120 Indian soldiers secured a decisive victory over 2,000-3,000 Pakistani troops . Upon reflection, India's success over adversary might and firepower was generated from their meticulous preparation, agility, and strategic thinking. This battle offers valuable lessons for risk management in banking. Much like soldiers preparing for an unpredictable battlefield, banks must anticipate potential risks, establish clear defensive lines against both traditional and emerging threats, and respond swiftly in the face of adversity. Here are four key takeaways for building a robust, proactive risk function: 1. Preparation is Everything – Banks must continuously assess and prepare for both traditional (credit, operational) and emerging risks (cybersecurity, fraud, climate change, etc.) to stay ahead of potential threats. 2. Know Your Adversary – A strong response begins with strong awareness. Banks must invest in upskilling their teams and leveraging digital tools and analytics to gain actionable insights and stay ahead of evolving risks. 3. Strategic Decision-Making – Risk professionals must be able to analyze, prioritize, and execute decisions with precision to protect the business, support customers, and safeguard the brand’s reputation. 4. Staying Resilient Under Pressure – Having both an “A” and “B” plan is essential for managing unforeseen events. Banks must ensure they have contingency plans in place to respond to unexpected risks and minimize disruption. History has much to teach us. As risk practitioners, it’s our responsibility to build a world-class risk function that helps banks navigate the increasingly complex risk landscape.