Organisations are becoming more exposed to risks that no longer unfold in isolation. Climate events, geopolitical tensions, infrastructure failures and supply chain disruption are increasingly interacting in ways that challenge traditional approaches to assessment and preparedness.
For Hélène Galy, Willis Research Network Director at Willis Towers Watson, the underlying risks themselves are not necessarily new. What has changed is the speed and scale at which disruption now spreads across global systems.
“What’s changed is that we’ve got a very interconnected world, very interconnected supply chains,” she said. “Things happen so quickly, impacts transmit really quickly, and you’ve got that contagion effect really quickly.”
That complexity is making it harder for organisations to anticipate where disruption will emerge and how losses will accumulate across operations, suppliers and infrastructure.
Current catastrophe and risk models remain largely built around individual perils and siloed exposures. While analytical sophistication has improved significantly, both Galy and Ester Calavia, Managing Director, Head of Natural Catastrophe and Risk Financing, Climate Practice at Willis Towers Watson, argued that major gaps remain when events begin to cascade across multiple systems.
“The models don’t take into account the correlation,” Calavia said. “Where I think the biggest gap is on the business interruption modelling and this could lead to mispricing of risk.”
That challenge becomes particularly visible where climate exposure and geopolitical concentration overlap. Calavia pointed to ports and data centres as examples in which critical equipment and suppliers are highly concentrated in regions exposed to different political, climate and supply chain risks, risks that are difficult to quantify jointly within traditional risk frameworks and therefore require bespoke solutions. For example, port cranes are predominantly manufactured and supplied from China, while semiconductor chips for data centres may be manufactured in Vietnam or South Korea and shipped to Texas, exposing assets simultaneously to climate, geopolitical, and supply‑chain disruptions. Therefore it is important to consider these interconnected risks in the business interruption loss model and business continuity plan.
“We’ve changed from modelling or assessing an isolated view of risk to a systemic, holistic view of risk,” she said.
Even within established catastrophe frameworks, limitations remain. Galy noted that many approaches still struggle to capture how one event evolves into another or how losses spread across multiple lines of business.
“You model hurricane risk and you don’t model other cascading events that would be coming out of this,” she said.
The discussion around interconnected risk is also exposing a broader issue around organisational preparedness. Both speakers suggested many firms still frame risk around what appears plausible rather than what could prove genuinely destabilising.
“Most organizations do not consider truly extreme scenarios,” Galy said. “They consider what they think is realistic.”
That tendency can leave organisations underprepared for low-frequency but high-impact events that fall outside standard planning assumptions.
Calavia, who is a civil engineer by background, argued that understanding true exposure requires more bespoke and engineering based scenario analysis that reflects physical and operational vulnerabilities, supply chain dependencies and sector-specific risks rather than relying on broad vulnerability assumptions or full replacement values alone.
“You need a very bespoke and realistic modelling approach that reflects the true vulnerabilities,” she said.
The issue is not simply understanding how a site itself could be affected, but recognising how disruption elsewhere can quickly create operational and financial consequences.
“For me, it’s looking outside the fence of the site boundaries and looking at the wider supply chain and a systemic view of risk across all possible risks, for example looking at whether the site and the utility providers could be impacted by the same event simultaneously to inform your back-up plan and manage your business continuity ” Calavia said.
While modelling gaps remain significant, both speakers argued that preparedness ultimately depends on whether organisations actively test how disruption would unfold in practice.
That means testing scenarios operationally and identifying hidden dependencies before disruption occurs.
“I think there’s an untapped potential in companies where they could just do a survey of their employees and say, ‘What do you think could go wrong with our company?’” Galy said.
She also pointed to the importance of resilience measures that may appear small or even accidental but become critical during major disruption, citing the example of Maersk recovering from the NotPetya cyberattack through an isolated backup system that remained unaffected.
For Calavia, preparedness increasingly means designing resilience into operations before a crisis occurs, particularly as Nat Cat and Climate risks continue to evolve.
“If you embed resilience by design, then you will prevent the losses and at the same time you will design for insurability,” she said. “It is important to reflect this resilient design into you loss estimates to provide credible, realistic scenarios that will increase stakeholder confidence.”
As disruption becomes harder to isolate into single causes or single events, organisations are facing growing pressure to understand how vulnerabilities interact across systems, suppliers and infrastructure before those weaknesses are exposed in real time.
