The triple threat: economic, environmental, and cyber
Small and Medium-Sized Enterprises (SMEs) are increasingly finding themselves at the crossroads of various converging risks that threaten their resilience and preparedness.
Economic uncertainties, extreme weather events, rising crime rates, and an increase in cyber threats present a complex risk environment that many SMEs are ill-equipped to handle.
FAnews spoke to Vanessa Thurlwell, Technical Risk Manager at the Institute of Risk Management South Africa (IRMSA), to explore how these interconnected threats impact SMEs, the strategies they can employ for effective risk management, and the critical role that insurance and industry support play in helping businesses navigate this intricate landscape.
Defining SMEs and their role in SA’s economy
Before diving into risk management, it is important to understand the makeup of Small, Medium, and Micro Enterprises (SMMEs) in South Africa. According to the Department of Small Business Development, SMMEs are categorised based on their employee count and annual turnover. Medium-sized businesses employ between 51-250 people with a turnover under R35 million, while small businesses have 11-50 employees and a turnover under R17 million. Micro-enterprises, on the other hand, employ 0-10 people and have a turnover of less than R7 million.
SMMEs are seen as vital to the country’s transformation goals, especially in addressing historical economic disparities and stimulating economic activity across various sectors. Their success, therefore, is crucial not only for the businesses themselves but also for broader economic growth and development.
A critical but overlooked practice for SMEs
Risk management is often not a priority for many SMEs, particularly those that are smaller or in the informal sector. Micro-enterprises, which often operate informally or as family-run businesses, may lack awareness of the risks they face. Small enterprises, although contributing significantly to local economies, might still operate without formal risk management strategies. Medium-sized businesses, which tend to have more formal processes, may be better equipped but still face significant challenges.
Thurlwell emphasises that “Risk management is often sidelined due to capacity, resources, and maturity. Many SMEs simply do not have the personnel or expertise to focus on this crucial aspect.” Despite these challenges, SMEs must recognise that risk management is not just about protecting against threats but also about ensuring sustainable business growth.
The importance of governance
Many SMEs are unaware that they should be aligning their practices with the principles set out in the King IV Report on Corporate Governance. While the principles of King IV are typically applied to larger organisations, a sector supplement specifically designed for SMEs allows for a more simplified application of governance principles that suit their size, resources, and growth stage.
According to Thurlwell, the King IV framework applies to SMEs with adaptations. “Smaller entities may not have dedicated audit and risk committees, but they can assign these responsibilities to their governing bodies. The aim is to achieve strategic objectives and positive outcomes while maintaining good governance practices.”
Currently, King V is in draft form and aims to make corporate governance more accessible for SMEs. With a reduced number of principles, it is easier for smaller businesses to implement governance practices without being overwhelmed by compliance requirements.
The converging risks SMEs face today
In today’s volatile environment, SMEs must be aware of converging risks - those that are interconnected and amplify one another’s impact. These risks span economic, environmental, technological, and social factors that overlap and create complex challenges. The COVID-19 pandemic, the 2008 financial crisis, climate change, and cyber threats are all prime examples of events that intersect and create multi-layered risks for businesses, especially those lacking formal risk management processes.
Thurlwell explains that converging risks, such as economic instability, extreme weather events, and cyberattacks, create a significant threat to SMEs’ stability. “SMEs face multiple risks that are not isolated,” she notes. “When these risks converge, their impact is often more severe and harder to mitigate.”
Key risks that SMEs should be most concerned about include:
- Financial risks: SMEs often have limited financial resources, making them vulnerable to economic fluctuations, cash flow issues, and challenges in securing funding. External factors such as inflation, supply chain disruptions, and global economic volatility further exacerbate these challenges.
- Environmental risks: From natural disasters like floods and fires to long-term climate change risks, SMEs must prepare for both immediate disruptions and future sustainability challenges. For example, changing regulations regarding resource usage or sustainability targets are increasingly relevant for SMEs striving to remain compliant while managing costs.
- Cyber risks: Cyber threats, including ransomware and phishing attacks, are a growing concern. SMEs often lack the resources for robust cybersecurity measures, making them easy targets for cybercriminals. The blending of digital and physical infrastructures further exposes SMEs to new vulnerabilities, especially as many transition to online systems.
- Operational risks: Inefficient processes, poor systems, and human errors can all lead to operational disruptions. For SMEs, even small mistakes - such as errors in payroll or invoicing - can cause significant operational damage.
- Compliance risks: Adherence to regulations is essential for all businesses, regardless of size. Non-compliance can lead to fines, legal consequences, and reputational damage. However, many informal enterprises are not fully aware of the legal frameworks they must operate within, which increases their risk exposure.
- Market risks: Changing market conditions, shifting consumer preferences, or increased competition can threaten an SME’s ability to maintain its market share and profitability.
- Reputational risks: In the digital age, a poor review or negative publicity can cause significant damage to a business’s reputation. SMEs must be prepared for the fallout from dissatisfied customers or public relations crises.
Addressing converging risks: practical steps
To better prepare for and mitigate the impact of these converging risks, SMEs need to take proactive steps to identify, assess, and manage potential threats. Thurlwell suggests starting with a risk assessment. “SMEs should begin by identifying the risks they face - financial, operational, strategic, and compliance-related. They should then assess these risks’ potential impact and likelihood, which doesn’t have to be a complicated process.”
Once risks are identified, businesses should establish controls to mitigate them. These controls can often be based on existing practices or procedures already in place. Additionally, employees should be made aware of these risks and trained in how to respond effectively. One critical aspect of this is ensuring that businesses have a robust Business Continuity Plan in place, which will allow them to continue operations in the event of unexpected disruptions.
Moving forward with risk management
In conclusion, SMEs must keep risk management fit for purpose and aligned with their strategic goals, capacity, and appetite. The complexity of converging risks should not deter SMEs from implementing effective risk management strategies. Thurlwell emphasises that, “Risk management must add value and should not be overcomplicated. It should be integrated into the business’s daily operations and aligned with its strategic objectives.”
SMEs must stay adaptable and prepared to respond to changing circumstances. By building a proactive risk management culture, SMEs can better navigate uncertainty, protect their businesses, and thrive in a dynamic environment. Whether small or medium-sized, these enterprises play an integral role in South Africa’s economy and must equip themselves with the tools to weather the storms of today’s interconnected risks.
Writer’s Thoughts
SMEs may not control the risks they face, but they can control how prepared they are. In an era of convergence and complexity, resilience begins with recognising that risk management is not a luxury; it’s a necessity for survival and sustainable growth. Do you agree? Please comment below, interact with us on Twitter at @fanews_online or email me your thoughts at [email protected]
