From cyber threats to toxic tech debt, four business leaders share the risk management approaches they rely on.
What’s happening: Cyber threats, supply chain exposure, ageing technology and cash flow uncertainty are now converging in ways that demand a more deliberate, structured response. Four experts share the strategies they believe matter most.
Darren Reid, Senior Director of the Security Business Unit at VMware, says the problem with how most organisations approach cyber risk is that it stays inside the IT team. To be managed effectively, he argues, it needs to reach the boardroom and be framed in the same language used to discuss every other business risk.
“Cyber risk management is essential for modern business operations,” Reid said. “And like other business risks, it should receive top-level attention and oversight, particularly as company directors face increasing personal accountability for demonstrating that their organisations are taking the steps to protect the business from disruptions and data breaches.”
The questions Reid says leadership should be asking are operational, not technical. “Am I appropriately managing risk and how is that process formalised?” and “What do our tech teams need to be able to perform optimally?” are his starting points.
His own approach focuses on visibility. “We maintain a strong culture of community and support in conjunction with sophisticated, customisable tools across the tech stack, giving our teams 100% visibility and context 100% of the time,” he said.
Supply chains are bigger than you think
Selina Gerner, Partner at McGrathNicol Advisory, says the most commonly overlooked area of risk management is the supply chain, and that most businesses are underestimating how far it extends.
“Modern supply chains extend far beyond physical warehouses and shipping lanes,” Gerner said. “With expert guidance, organisations of all sizes can better understand and effectively plan to mitigate current and future supply chain risks to preserve the value of the organisation.”
The evidence supporting that concern is significant. Citing McGrathNicol and YouGov research, Gerner noted that 75% of executives say their organisation has faced barriers when trying to address supply chain risks. The barriers reported include a lack of awareness, limited data, unstructured planning, and an assumption that someone else in the organisation is responsible for managing them.
Her advice is to treat supply chain mapping as a starting point for broader strategic risk work. “Executives can then prioritise risk management actions that are both urgent and crucial for everyday operations and long-term survival,” she said.
The four actions that reduce risk
Michael Fingland, CEO of Vantage Performance, approaches risk management from a turnaround and recovery perspective, which gives his advice a particular practicality. In his experience, the businesses that navigate pressure best share four common practices.
“Businesses are under pressure from interest rates to inflation, from ESG demands to the threats and opportunities of generative AI. Minimising risk is crucial to navigating this environment,” Fingland said.
The first is strategy. Fingland says businesses need to review their plan regularly to ensure they have adequate funding and the right people to execute it. Without that foundation, every other risk management effort is built on uncertain ground.
The second is scenario planning. Fingland recommends detailed financial modelling and what-if testing to understand how various market conditions might affect the business, followed by workshopping the initiatives available to respond. Knowing what could go wrong and having a prepared response is a very different position to discovering a problem in real time.
The third is having the right financial tools in place. “This includes financial and operational dashboards, a rolling 13-week cashflow forecast and a three-way financial forecast projecting profit and loss, cash flow, and balance sheet,” he said. For many small and medium businesses, this level of financial visibility is the difference between spotting a problem early and discovering it too late to act.
The fourth, and perhaps the most underrated, is communication. “Keep communicating well, whether it’s with staff, clients or suppliers. Good communication will help you quickly spot any potential problems,” Fingland said. “Communication builds solid relationships, and this is what will help you through risky business situations.”
Taken together, the four perspectives point to a consistent theme: risk management is not a one-time exercise or a single department’s responsibility. It is an ongoing operational practice that requires visibility, honest assessment, and the willingness to act on what the evidence shows, before a problem compounds into a crisis.
This article draws on contributions originally published as part of Dynamic Business’s Let’s Talk feature series.
Keep up to date with our stories on LinkedIn, Twitter, Facebook and Instagram.