Assessing, forecasting and mitigating risk has always been part of running an organisation. But as global levels of social and political unrest rise, quickly and accurately modelling organisational risk becomes even more critical to maintain safety and competitiveness. Cvete Koneska, head of advisory, explores what goes into building advanced, comprehensive, bespoke risk models.
Managing risk is a particularly pressing concern for one of our clients, a global insurer providing political violence and terrorism cover in around 180 countries.
The company needs to accurately model geopolitical risk across all these different countries so that it can set and maintain competitive premiums on an ongoing basis.
But how can it model real-time risk in such a large number of different geographical and geopolitical environments, some of which are highly volatile and subject to rapid change?
Fresh approaches to modelling offer new opportunities to tackle risk
Our client is not alone in this dilemma. No matter what sector you operate in, you’re almost certainly using some kind of risk assessment process to evaluate the many types of risk that might affect your organisation’s operations, revenue, safety and reputation.
And perhaps you are also creating models, as they allow you to plan for and mitigate the impact of these threats. They also help your organisation avoid missing out on potential opportunities by overreacting to risk.
The problem is that many of the risk models used by corporate security teams are underpowered, compared to what’s achievable today. Many use limited data sets and are updated manually and infrequently, limiting their usefulness and making it harder than necessary to evaluate risk levels. Nowadays, it is possible to build much more sophisticated, comprehensive risk models than before, making it easier to respond quickly to unfolding issues and to make much better decisions about where to invest limited time and resources.
To be most effective, these risk models need to be tailored to your organisation’s unique needs and concerns.
For example, perhaps your organisation is concerned about threats to critical infrastructure that might disrupt supply chains. Another organisation might find that growing tension between the United States and China has implications for its reputation and future revenue. These will lead to particular risk models, with distinct inputs and seeking to answer different questions.
So what are the three things that are required to build an effective, bespoke risk model that’s comprehensive, accurate and up-to-date?
- Harnessing large data sets to feed risk models
Traditionally, risk models were manually updated by human analysts. This meant there were limits on the quantities of data that could be used to develop these models, and how often they could be updated.
However, it’s now far easier to leverage the enormous quantities of usable, structured data that’s available to us today – from where protests are happening on a hyper-local level to economic statistics, regulatory updates, historical data sets and much more. Human labour has now largely been replaced with highly effective automation and powerful data analytics.
Harnessing big data allows for much more comprehensive, relevant and accurate risk forecasting, letting you understand and manage risk more effectively.
This helps you and your organisation to make better-informed decisions and retain a competitive market position, even as operating environments become more unpredictable. And now that organisational decision-making is more data-led, senior decision-makers increasingly expect this kind of high-quality, evidence-driven input from their security teams.
Yet accessing good-quality data is not always straightforward. Finding appropriate data can be time-consuming and expensive at times. And you must ensure that the data is from a reliable source, or else your entire risk model is compromised.
- The technical expertise to build effective models
Building bespoke models to assess risk requires specific technical expertise and know-how that many organisations don’t have in-house.
To begin with, the relevant indicators for each risk need to be identified.
These indicators must be evaluated and weighted appropriately before they become part of the formulae that calculate your organisation’s specific risks.
This process depends on a wide range of factors such as your organisation’s industry, the markets you operate in, and your profile, vulnerabilities and exposure level. For example, one company that produces lithium batteries might be badly affected by a rise in lithium prices caused by global geopolitical tensions, while another that has diversified into sodium-ion batteries may experience less of an impact. This risk needs to be weighted differently for these two organisations.
You also need to be able to ingest the ever-increasing amounts of data available, and filter and structure it in a way that helps you to uncover the right insights for your organisation. Turning the data into an understandable, helpful model and risk dashboard requires advanced coding skills (and increasingly, AI skills); a data scientist is often involved. For many teams, sourcing these skills in-house can be challenging.
Similarly, the best models nowadays involve extensive automation. This makes it possible to update risk models almost in real-time, instead of waiting for updates on a monthly, quarterly or annual basis – by which time unfolding threats may already have had a significant impact on your organisation. The more you can build an immediate and realistic picture of the risks you face, the easier it is to respond quickly and mitigate them early.
But team members with the technical skills to automate your models are not always readily available, either.
- Geopolitical and security expertise
You’re operating in an increasingly interconnected and interdependent world where geopolitical events can trigger cascading impacts that aren’t easy to predict.
That’s why specialist knowledge of global trends and regional and sector-specific risk environments is needed to create effective models. It demands an expert understanding of how to identify risks, how they materialise, how they can be measured, and what the wider ramifications might be. While technology is hugely important to creating effective risk models, the input of experts who can add qualitative assessments is critical as well.
Once the models are created, you again need to draw on the expertise of geopolitical analysts again, to assess the implications for your organisation.
While many in-house corporate security teams have extensive geopolitical knowledge, there are often gaps in specific regions, countries or sectors. You may simply not have the people on the ground to provide the data and insights necessary for complex risk models. And often, on-the-ground expertise requires external benchmarking and validation.
How Dragonfly helps you model the risks that most concern you
Since there are a range of skills and capabilities needed to effectively and accurately model risk, producing these models in-house can be challenging.
That’s where Dragonfly’s advisory service can help.
As the risks you face are unique, our team of experts works with you to develop an in-depth understanding of your organisation, where and how you operate, and your strategies, markets and vulnerabilities.
That allows us to develop a risk model that’s fully tailored to your needs and concerns.
We draw on years of expertise in building highly accurate risk models for clients across many different sectors and regions. We exploit large data sets from a range of dependable sources, from our Security Intelligence and Analysis Service (SIAS) platform to data collected by our sister companies, government data, multilateral data, private research data and much more. Our technical capabilities allow us to effectively clean, prepare and automate the data that feeds your risk model.
Along with the extensive geopolitical and regional expertise of our specialists, these skills allow us to build virtually real-time risk models that rapidly answer the questions that are most pressing for you.
We present risk models in the format that’s most useful for you and your organisation. This could be a simple spreadsheet, or a live risk dashboard, or a heat map.
Case study: Modelling risk across 180 countries in an increasingly volatile environment
Take, for example, the client referenced at the beginning of this article.
Insurance providers are generally experienced with risk modelling. However, creating an accurate picture of risk in more than 200 countries requires a high level of subject matter expertise, a deep knowledge of each region and an ability to collect data from a wide range of sources.
That’s why our client turned to Dragonfly for bespoke risk modelling.
Based on their profile and the risk factors that might affect the insurance policies they provide, we selected a range of relevant indicators to inform the model, such as protests and regime instability.
These indicators are weighted according to the client’s exposure to them, and according to their own internal definitions of terrorism and political violence perils.
We monitor and exploit a comprehensive range of relevant data sources to feed the risk model we’ve developed for the insurer. And Dragonfly’s regional and country experts provide the supporting analysis behind risk rating changes for countries witnessing significant changes in terrorism and political violence risks.
This model generates a composite score measuring the risk of political violence and terrorism in each country, providing an independent, objective benchmark that can be used to price premiums appropriately in each location.
This avoids the risk that the insurer might be excessively cautious and raise premiums too high, and allows the client to calculate the likelihood of claims and potential payouts.
Automated data processing means the model can reflect changes in risk on a day-to-day basis, creating the foundation for dynamic policy pricing, improving pricing accuracy and reducing the insurer’s potential losses.
The risk model also helps the insurer to add value by offering advice to customers on the level of risk they face in each particular country, and how to mitigate it.
Image: A police officer stands guard at the El Blanqueado Community Police Unit (UPC) in southern Quito, Ecuador, on 11 January 2024. Photo by AFP via Getty Images.