Companies and countries have always dealt with risks, but new threats such as cyber security are now changing the equation. How do you measure risk, what is the impact of recent events such as the Brexit vote, and what is the difference between risk and uncertainty?
In this episode, joining podcast series host Michael Kitson, University Senior Lecturer in International Macroeconomics at Cambridge Judge Business School, are Dr Jennifer Daffron, Research Associate specialising on cyber risk at the Cambridge Centre for Risk Studies; Daniel Ralph, Academic Director of the Cambridge Centre for Risk Studies and Professor of Operations Research at Cambridge Judge; and Jochen Runde, Professor of Economics & Organisation at Cambridge Judge.
This is the fifth in a series of “Cambridge Judge Business Debate” podcasts featuring faculty and others associated with Cambridge Judge Business School and the broader Cambridge community.
This fifth podcast focuses on the topic of risk, to coincide with the 9th Risk Summit of the Cambridge Centre for Risk Studies, held on 20 June in London with the theme “Risks Beyond Boundaries”. Here are some of the key issues raised in the podcast, along with edited excerpts of remarks made by the panellists:
It’s risky out there, and the risks are changing
Michael Kitson: “Increasingly the world seems to be a volatile and uncertain place, which has implications for us all as well as for businesses and for nation-states. If I were to go back 10 years to 2008, most would identify the risks at being economic – asset price collapses, financial crises, the Chinese economy slowing down. It seems we have major global challenges this year that are different from what they were a decade ago, and different from what they will be in another decade.”
Jochen Runde: “There are many uncertainties that arise from events that were regarded as impossible before they occurred or weren’t even on the radar before they occurred. Some of the unknowns that may be out there we don’t see because we suffer from all kinds of behavioural biases.”
Cyber risk is no longer “emerging”, it’s clearly here – but hard to measure
Jennifer Daffron: “Unlike some of the other risks, cyber crime is international, it doesn’t respect national boundaries or even boundaries within a company. And with cyber risk it’s incredibly difficult to get your hands on data, because data breaches are not something companies want to talk about – they don’t want to say how many files were lost. In the recent WannaCry attack we have no idea how many companies were infected, because companies aren’t releasing that data. If we want to learn from these probabilities we need to have them to begin with, and one thing companies can do to protect themselves is by cooperating and sharing that data so we can learn from it.”
How does risk differ from uncertainty?
Jochen Runde: “The distinction has a very old history in economics. Very often when economists speak about risk they mean situations where people are making decisions and they have numerical probabilities to go on – for example, fair games of chance. Uncertainty on the other hand is often defined as situations where people have to make decisions and they don’t have numerical probabilities to rely on. The very first serious academic work of famous British economist John Maynard Keynes was not in economics but in probability, a book in 1921. Keynes would have argued that in many cases we can make qualitative comparisons of probability, but in most cases we don’t have the numbers to go on.”
Daniel Ralph: “At the Cambridge Centre for Risk Studies we have a broad rule – which is that the biggest sin is not to study something simply because we have neither the theory nor data to try to quantify it. We force ourselves to put it on the table with things that can be quantified – for example, comparing the chances of a large global conflict in a given period of time compared to a major earthquake. We would attempt to talk about frequencies from history, and try to imagine how those frequencies of large and small events may change as society and the world changes around us. Ultimately, we’d like to put a number down to say you’re at risk from wars and conflicts of this much, compared to earthquakes of another number, and that should inform your approach to risk.”
You’re only as safe as your partners are
Jennifer Daffron: “One trend that companies need to be paying attention to as an emerging risk within cyber is supply chain attacks, the third-party risk – securing your vendors and ensuring that not only is your firewall good, but that the people you give your network passwords to also have secure firewalls.”
Trump, Brexit and risk
Daniel Ralph: “The Cambridge Centre for Risk Studies compiles a City Risk Index for 279 cities that looks at 22 different threats – including market crashes and pandemics – in which we think of each threat as a hammer and each city as a bell, and in the analysis we ring each bell with the 22 different hammers. The category that’s seen the largest shift since the index began in 2015 is the measurement for geopolitics and security, up by 35%. We’ve seen unprecedented political shifts – the Trump presidency, the Brexit vote, the rise of populism, retreat from globalism – all these different ways of saying that, at least in developed economies and societies, what we thought we knew about nation states and societies no longer seems to be valid. The fact that a measure goes up is another way of saying that there are more uncertainties in the world attributed to the unknowns about geopolitics and security.”