Global risk ratings are a familiar tool for helping corporate security teams prepare for eventualities they otherwise could only guess at. Yet the quality of such tools can be as varied as the threats they track. To protect your people, assets and reputation, start by knowing what makes a risk rating stand far above the rest.
Do the risk ratings you rely on stand up to scrutiny?
For corporate security teams, it’s a tough question to answer. There are many excellent ratings in the market and just as many weak ones. These ratings are used as the basis for travel policies, insurance premiums, site security budgets, supply chain contingencies, and to benchmark how the risks in one region or category stack up against those of another. It’s often during a crisis that you’ll learn, perhaps the hard way, whether a rating is worth your trust.
But even among the excellent ratings, huge variations exist in the way they are determined. You might look at a risk rating and think, “I can see it’s derived from credible intelligence and the methodology tells me what I need to know to understand the risk, so it must be good” — and you could be right. But have you ever paused to consider:
- What are the risk weightings actually based on?
- Do they suit the way you do business — or are they tailored to the needs of others?
- Do they reflect current operations or an outdated model of how others think you work?
- Are they specific enough to enable meaningful mitigation steps?
- Is there sufficient coverage of the risks you actually need to protect?
- Are they transparent enough to trust?
At Dragonfly, we believe that high-calibre risk ratings form a trinity: three features acting as one to yield the most actionable and reliable intelligence. The features are separate in the sense that adding any one of them to the mix will make the risk rating incrementally better. But it takes a combination of the three, each working to reinforce the other, to fully enhance your business performance due to effective risk mitigation.
Three features of superior risk ratings
1. They look beyond insurability towards operationally relevant risks
If your employees travel for business, it’s up to you to do everything you reasonably can to ensure their safety while they’re away. However, duty of care is not just about emergencies or the risk of getting caught up in political unrest, terrorism and other major incident types that are covered by the typical travel policy. It’s also about ensuring the overall welfare of your people where standing out from the local population is a risk in itself. For example, LGBT+ discrimination, while often uninsurable, can be a real concern for staff travelling in certain countries.
Travel is only one example. For any risk rating to have a dividend, it must look beyond insurable risks towards a broader spectrum of high-impact-potential, operationally relevant risks that can have significant consequences beyond the bottom line.
How Dragonfly’s Risk Ratings help: Our approach monitors 25 different risk typologies covering everything from cyber threats and civil conflict to disease outbreaks and infrastructure risk. Ratings are available for 200+ countries and 700 cities. This level of granularity is valuable since risks can often be wildly different at the sub-national level, even between adjacent cities.
Tracking the broadest range of risks, outside the usual insurance buckets, closes the gaps between the risks your business faces and the ones you cover. It can help you develop targeted mitigation strategies rather than spreading your resources thin with generalised efforts over threats that are less relevant to your operations.
2. They apply a differentiated methodology to each risk category
The factors that define the level of threat in one category can be wholly different from those relevant to another — cyber risks will have little in common with those of natural hazards, for example. Due to the context-dependency of each particular risk situation, you cannot just wrap a single methodology around everything and expect it to work well.
That’s why a high-calibre model will use a different methodology for each risk category.
How Dragonfly’s Risk Ratings help: Take, as an example, the risk of coups — intense, surprise disruptions to government systems. The Regime Instability risk ratings combine political science, identifying the presence of the most powerful and tested predictors of various forms of extra-constitutional power transitions, with current intelligence assessments. Each risk level describes the characteristics, indicative factors and observable events that would push the threat of regime instability from a level 3 (moderate on Dragonfly’s six-point scale) to a level 4 (high) in a country like Zimbabwe, or anywhere else in the world.
These precise definitions of every level of this risk category are available to all subscribers to our Security Intelligence and Analysis Service (SIAS) platform, to provide full transparency to support decision-making.
If you cannot access the definitions, risk indicators and probabilities that are being used to calculate each individual risk rating, it’s difficult to see how the risk might fit into your response plans and thus justify your corporate security decisions to business leaders.
3. They operate as a dynamic and continuously learning system
Given that the risks you face are ever-evolving, the best risk ratings should evolve just as quickly. COVID made this clear when, overnight, travel risk transformed.
But it isn’t just threat levels that need to ratchet up and down in response to changing conditions. The diversity of your portfolios, the nature of your jobs and the systems you use to communicate with suppliers and customers are all fundamentally different compared to a decade ago, and will forever be different as your business moves into the future. Wherever possible, you need risk ratings to be updated frequently and even automated, in order to keep up-to-date with the new disruptors that could come knocking at your door.
How Dragonfly’s Risk Ratings help: For example, one of our most powerful risk ratings focuses on climatic risks. We track the likelihood of events such as floods, droughts, heat waves, cyclones, blizzards, wildfires and poor air quality. The system is updated hourly, through a combination of automated real-time natural disaster alerts and human analysis, so clients can see the likelihood of acute, high-impact climatic events happening in the coming month. You can also look forward to key dates in your business calendar — what is the risk for Mumbai in August? — and plan accordingly.
Climate change is making weather variability more common and will require companies to estimate and mitigate the risks they face. A “living” climatic risk rating can help you be proactive in your preparations. It equips you to install flood defences, relocate operations, plan for energy disruptions or move staff out of harm’s way; whatever is needed to mitigate the very real possibility of weather-related distress.
Putting predictive power in the hands of users
Risk ratings like Dragonfly’s, which meet the standard laid out above, are trusted because they’re accurate, accurate because they’re current, and current because they’re dynamically adaptive to changing conditions. The combination puts predictive power in the hands of overstretched security teams, helping you make confident decisions around how resources should be allocated to response and management plans — not just insights, but action.
Besides the obvious benefits of risk mitigation, the intelligence that sits behind a high-end rating system can be a valuable source of data across several areas within a business. Understanding the weather risks in your supply lines, for example, opens opportunities for revenue assurance as you can better negotiate contracts and contingencies and, critically important, sustain your competitive advantage.
Loss prevention isn’t always enough to raise the profile of the corporate security team. But operational continuity and revenue assurance certainly are. With Dragonfly’s differentiated risk ratings putting predictive power in the hands of users at every level across an organisation, you can prove your value to the enterprise and help drive top-line growth while protecting against bottom-line risks. If you’re in the business of corporate security, you won’t get a more complete system than this.
Would you like to look at Dragonfly’s risk ratings in more detail? We would be delighted to show you how they work in more detail, in a one-to-one demonstration with our specialists. We’ll also show you how they integrate into our Security Intelligence and Analysis Service (SIAS) platform.
