Preparing for the Unexpected and Risk Management

Risk ManagementHow Much is Enough? (COVID-19)

Our economy has been devastated by the COVID-19 Pandemic. What could businesses and individuals have done differently to be more prepared?

The risk management process typically includes:

  • Identifying threats
  • Classifying risk based on threats
  • Determine the likelihood of a threat occurrence
  • Determine impact of the threat

Two approaches can then be taken for managing risk: low water mark or high watermark. The low watermark model states that if any part of the classification is low, then very limited resources should be spent to protect against the risk. An example, the likelihood is low, but the impact is high, the overall risk rating should be treated as a low.

The high watermark model states that if any part of the classification is high, then appropriate resources should be spent to protect against the risk. Based on the low and high watermark models, companies also add an amount of subjective input into the equation.

The biggest challenge with risk management is limited budgets. With limited budgets, companies spend most of their resources and incident planning based on scenarios that are likely to occur. Examples of this include recovering from ransomware, recovering from and management of breaches, etc. It is easy to second guess any organization once an incident occurs. Sad examples of second guessing include:

  • How many ventilators are reasonable for a hospital or the government to stockpile?
  • How much personal protection equipment (PPE) is reasonable to stockpile?
  • When borders should be shut down and travel restricted?

What about personal responsibility? How much should individuals be responsible for? Is it reasonable to expect individuals to always have:

  • A 60-day supply of toilet paper?
  • A 60-day supply of hand sanitizer?
  • Protective masks?
  • How much savings is reasonable for every family?

From a personal perspective, three months ago some of this might have sounded silly, but not now. When it comes to risk management, businesses make decisions like individuals do. Decisions are based on the likelihood and impact of potential events and limited resources, budget and money.

To exacerbate things, our memories are short. It will be interesting to see what really changes over the next five years, if there are no further outbreaks.

Stay Safe!

Quanexus IT Support Services for Dayton and Cincinnati

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Jack Gerbs