With COVID-19 vaccinations programs in full swing around the world, organizations are looking forward to doing business in a post-pandemic world. Nearly a year-and-a-half after the coronavirus crisis broke across the globe, risk managers are synthesizing the various lessons in order to better address pandemics, which experts have warned are bound to occur again.
Melissa Steger, president of the Public Risk Management Association (PRIMA), caught up with Corporate Risk and Insurance on how the pandemic has affected the field of public risk management and what have organizations learned.
“COVID-19 seemed to grow tentacles stretching into every aspect of an organization, emphasizing the importance of cross-departmental communication that hopefully outlasts the pandemic,” Steger said. “The need for strong business continuity and emergency preparedness plans was accentuated. Be planned, prepared, and practiced before an unknown event of this magnitude occurs, but be ready to adapt when warranted. Overall, the COVID-19 pandemic spotlighted the importance of risk management.”
While COVID-19 greatly affected both, there were differences in impact between the private sector and the public sector.
According to Steger, there is no doubt that the pandemic heavily impacted the private sector, and left business owners with some extremely difficult decisions.
However, the private sector can better control their outcome through opportunity for direct decision-making; and primarily, their customers are more targeted and specified, potentially making the basis of their decision more informed.
“In contrast, the public sector has responsibility to a vast and varied population,” Steger said. “From teachers, professors, facility workers, correctional officers, police, fire, doctors, nurses, researchers, coupled with service to and protection of their citizens and students. The list feels endless with a directive, not an option to serve.
“In the face of COVID-19, the continuation of services was mandated while the resources and protective equipment declined. The saying of ‘doing more with less’ rang loudly clear and exhaustion occurred. I heard one person simulate the exhaustion to continuously filling sandbags with no end in sight.”
The pandemic, Steger said, really put the five steps of risk management – identify, analyze, evaluate, control, and monitor – to the test.
“If the risk was not identified, the pandemic seemed to discover it, stressing the urgency of the other four steps,” she said. “Comprehensive actionable steps addressing identified risks had to be developed and documented. What will we do? Who will do it? Are the resources in place? Is the plan enough? What if this does not work? The idea is very elementary in risk management, but the importance was highlighted through the pandemic.”
Public risk management in a post-pandemic society
After the threat of COVID-19 has largely faded, Steger believes that public risk management will have a strong focus on business continuity and emergency preparedness.
“Public entities who have not yet shifted to an enterprise risk management direction, may consider the model,” she said. “The pandemic elevated the importance of cross-organizational communication. Many entities learned that shifting a simple process in one section of the organization could have a butterfly effect on others making communication a must for successful resiliency. The strategy of enterprise risk management will help public entities identify and plan for threats in an organization-wide manner.”
Another risk highlighted by the pandemic was cyber, with cybercrime seeking a spike almost worldwide, due to the rushed shift to remote work and increased reliance on digital technology for society to function.
“Cybercriminals took advantage of the chaos that came with the pandemic, particularly in the public sector,” Steger said. “As the level of work increased for public entities and the infrastructure to sustain was diminishing, the time was ripe for cybercriminals to attack. The post-pandemic society will see chief information security officers and chief information officers more operationally involved to prepare for potentially impactful cyber threats to organizations.”