Skip to main content


Building a resilient organization in the face of emerging risks

Risk professionals from across the Middle East generally agree about the key risks facing their organizations in the coming two years, with the cost of living crisis at the top of the list. Marsh surveyed leading risk managers and C-suite executives during recent roundtables related to the World Economic Forum (WEF) Global Risks Report 2023 (GRR), which was released in January.

Midway through the year, the short-term risks outlined in the GRR remained top of mind among those surveyed (see Figure 1). However, no matter the specific order in which participants ranked various emerging risks, managing them requires a strong risk culture built on measures including proactive mitigation, a robust organizational resilience framework, strong communication planning, and alignment of responsibilities. 

Further insights on how the cost of living crisis is impacting organizations and their people can be read on Mercer's 2023 Cost of Living Survey, one of the world’s most comprehensive studies of its kind.

Participants agreed across the board that the cost-of-living crisis is the top risk facing their organizations in the short term, which was also the top risk cited in the GRR.

Regional risk professionals generally agreed on the overall makeup of the top five risks, if not the specific ranking. For example, participants from Bahrain and UAE ranked geo-economic confrontation as their number two short-term risk, while Qatar placed it at number four and Oman at number five.

Participants from Oman were the only ones to rank failure to mitigate climate change in the top five, placing it at number three. Oman was also the only group in which natural resources crisis did not place in the top five.

Some highlights from the Marsh panel results

Which stakeholders should manage climate change risk?

Bahrain participants cited a range of stakeholders as being the most likely to best manage climate change risks, with local and national governments, regional bodies, international organizations, and public-private cooperation seen as equally important.

Among UAE and Oman participants, on the other hand, closer to half (44% and 42% respectively) said the national government is the most effective entity to manage climate change mitigation. Public-private cooperation was second in UAE results (23%) with other potential stakeholders under 10% each. In Oman, international cooperation placed second (27%) followed by a multi-country approach (12%).

Qatar participants said the national government (29%) and public-private cooperation (27%) would be most effective at managing climate risk.

What role does the insurance industry have to play in mitigating climate risk?

We asked participants to use a sliding scale (with 1 being low and 5 being high) to tell us how much of a role insurers have to play in mitigating climate risk. Bahrain participants were most likely to see a strong role for the insurance industry, followed by Oman and Qatar and then UAE.

Which stakeholders should manage risks related to cybercrime and cybersecurity?

UAE participants leaned heavily to saying businesses are the most effective stakeholder to manage cyber risks (47%), followed by the national government (21%) and public-private cooperation (13%).

Omani participants were the most likely to see the national government as the most effective manager of cyber risk (48%), followed by local government and businesses (both at 24%).

Qatari respondents split fairly equally among businesses (31%) and public-private cooperation (27%), followed by national government (22%). Bahrain participants followed a similar pattern, with businesses (39%) and public-private cooperation (31%) topping the list, followed by national government (14%).

What role does the insurance industry have to play in mitigating cyber risk?

Across the region, participants were more likely to see an insurance role in mitigating cyber risk than they did for insurers having a role in climate risk mitigation. In this case Omani participants were the most likely to see an insurance role.

Building a resilient risk management culture

While it is both interesting and insightful to have a view of how organizations across the region view specific emerging risks, many of the steps to mitigating them are linked to building a resilient organizational risk management strategy.

The 2023 GRR report focused in part on the interconnectivity of crisis events occurring at the same time or in the same place, what the WEF called “polycrises.” Globally, these polycrises — from the cost of living to climate change to cybersecurity and more — are causing many organizations to make ever more comprehensive assessments of the risks they face. 

At Marsh we believe that characteristics of a sound resilience approach can be built around the following principles:

  • Resilience is more than a compliance exercise. It involves dynamic assessments of risk that entails a continual, proactive reappraisal of whether the actions being taken to address them are enough in an environment marked by constant change and polycrises.
  • Resilience is not a task to be left only to risk professionals. It requires an organizational framework that fosters engagement across the enterprise and that is united around a common view of the risks and crisis scenarios that could cause the most damage to — or represent the biggest opportunities for — the organization.
  • Risk resilience should be connected to strategy, including incorporating risk finance and transfer strategies into a coherent system designed to maximize all investments made to build resilience.
  • Resilience should be measured and monitored so as to provide an ongoing assurance that the organization is able to respond to events, recover from them, and, importantly, thrive in the world’s ever-changing external risk environment.

Resilience isn’t about predicting the future with certainty or reaching some specified destination. Instead, resilience aims to help identify uncertainty in dynamic systems and environments through scenario planning, risk modelling and data analysis, stress testing, and more.

It seeks to measure the potential impacts of events, and in doings so reduce uncertainty to a feasible degree, which in turn enables better decisions about where to invest.

Having a robust resilience strategy can lead to a number of potential benefits — including higher levels of trust in the organization and its leadership, improved financial performance, and improved readiness for any crisis.