What Are People Risks Costing Your Business Without You Knowing?

In today’s rapidly evolving business landscape, people-related risks pose some of the greatest threats to organisational success, yet many companies continue to overlook or underestimate them. Risk Practitioners and businesses must stop viewing people risks as “someone else’s problem.” Too often, these risks are seen as issues for the HR department alone, but they affect the entire organisation. Failure to address these risks holistically can result in severe and lasting consequences for companies.

The Hidden Threat of People Risks

People risks encompass a wide range of issues, from poor physical and mental health leading to staff shortages, to inadequate training exposing firms to cyberattacks. When businesses fail to prioritise talent-related threats, they are left vulnerable to shocks that could severely damage their performance and reputation. The fundamental problem is that many organisations still view human-based risks as an HR issue, and the controls for mitigating them are typically left in HR’s domain. This siloed approach overlooks the broader business implications and results in the ineffective management of people risks.

The insurance industry also plays a part in this fragmentation. Traditional insurance focuses on transferring risk for physical assets or transactions, while human-based risks are often handled reactively through life, health, and disability policies managed by HR. This separation creates a disconnect between risk management functions and the human factors driving those risks. Risk managers often have a structured view of assets and transactions, while HR manages people-related aspects. These silos don’t always deliver the best outcomes for the business.

A Holistic Approach to People Risks

In today’s world of rising healthcare costs, ageing populations, and increasing living expenses, the risks associated with people have never been more pronounced. These factors can create greater, long-lasting impacts on businesses. Companies must take a more comprehensive approach to risk management that includes both the positive and negative effects of people-related risks.

This means moving beyond reactive insurance products and adopting proactive strategies that assess the full spectrum of risks associated with human factors. “In countries where there are obligations around absence, disability, and workers’ compensation, we are seeing a shift toward this proactive approach, but it’s still limited. Companies need to rethink how they assess risk, moving away from traditional asset-based models to include more comprehensive strategies that address the human factors driving business risk.”

Embedding people-related risks within the broader risk management framework is the first step towards building resilience. Bad behaviours, poor workplace culture, and inadequate leadership can critically undermine risk management efforts. A misalignment between organisational culture and risk controls can lead to contract failures, professional indemnity claims, and other costly issues.

The Role of Data in Managing People Risks

Organisations already possess a wealth of data that could be leveraged to manage people risks more effectively, but it’s often siloed and underutilised. By analysing behavioural data and identifying patterns of absenteeism, mental health claims, and toxic leadership, businesses can pinpoint root causes of risk and develop preventative strategies.

For example, in the tech sector, the “growth-at-all-costs” mentality often undermines HR’s efforts to establish strong cultural and behavioural frameworks. This can result in increased cyber risks as employees become less vigilant about phishing and other threats.

Leadership’s Role in Addressing People Risks

A key aspect of managing people risks is building trust and ensuring that leadership behaviour aligns with organisational values. However, Ramsook points out that well-being and culture are often dismissed as “fluffy” concepts, relegated to HR, despite their direct impact on business risk. It is often argued that leadership behaviour sets the tone for the entire organisation, and in sectors like law, negative behaviour can spread quickly, damaging both the firm’s reputation and its ability to attract top talent.

Risk managers should elevate people risks to the board level, ensuring they are viewed as critical components of the organisation’s overall risk profile. “In some of the most effective cases, we involved the CEO and CFO from the outset. This elevated the conversation around risk and led to meaningful changes in organisational behaviour.”

The New Frontier in Risk Management

The traditional risk management model, focused primarily on assets and transactions, is no longer sufficient in today’s complex, people-driven business environment. By adopting a more integrated approach that brings together HR, risk managers, and leadership, companies can mitigate people risks more effectively and build a resilient, high-performing organisation. We’re not going to solve all of this with insurance policies or enterprise risk management alone, but by looking at these issues through an integrated lens, we can create fundamentally different and positive outcomes.

The future of risk management lies in recognizing the critical role of people-related risks and giving them the attention they deserve. Failing to do so could leave businesses vulnerable to costly and avoidable crises.

The Four Pillars of Risk Culture Building provide a structured approach that can help businesses manage people-related risks more effectively and integrate them into the broader risk management framework. These pillars address underlying attitudes, mindsets, and behaviours, making them essential tools for addressing the gaps where people risks are often overlooked or mismanaged. Here’s how each pillar supports the management of people risks and fosters an effective risk culture, with examples and practical advice.

1. Think Differently

This pillar challenges organisations to move away from traditional, siloed approaches to risk management and think holistically about people-related risks. Many organisations still view human-based risks as primarily HR issues, disconnected from broader business operations. To build an effective risk culture, businesses must shift their thinking and recognize that people risk — such as employee behaviour, absenteeism, and workplace culture — are intertwined with overall business performance.

Example: In the construction industry, health and safety compliance may be mandated by legislation, but if leadership doesn’t foster a culture of safety, accidents and professional indemnity claims can increase. By thinking differently and integrating safety as a shared organisational value rather than just an HR task, companies can mitigate these risks more effectively.

Advice:

  • Encourage cross-department collaboration between HR, risk management, and leadership to assess people risks as part of the broader business strategy.
  • Train leadership teams to recognize the impact of people-related risks on company performance and actively engage them in risk mitigation efforts.

2. Get the Whole Picture

This pillar focuses on developing a comprehensive view of the organisation’s risk landscape, including human factors. Traditional risk assessments often focus on physical assets and transactional risks, missing the critical impact of people risks. To build an effective risk culture, businesses need to gather data on employee behaviour, health, well-being, and leadership effectiveness to identify emerging threats.

Example: In the tech sector, companies driven by a “growth-at-all-costs” mentality may neglect the behavioural risks that come with rapid expansion. Employees under stress may not follow cybersecurity protocols, increasing the risk of data breaches. By using data from employee engagement surveys and absenteeism trends, companies can pinpoint areas where people risks may be on the rise and intervene proactively.

Advice:

  • Utilize behavioural analytics, employee engagement surveys, and absence data to gain insights into potential people risks.
  • Integrate HR data with risk management processes to ensure that issues such as poor mental health, toxic leadership, or absenteeism are factored into overall risk assessments.

3. Build a Risk Nervous System

This pillar emphasises the importance of establishing communication channels and feedback loops throughout the organisation to monitor and address risk in real time. A risk nervous system allows organisations to continuously gauge the health of their risk culture and respond promptly to any emerging people risks. This is particularly important in environments where leadership may be unaware of negative behaviours or poor workplace culture that could undermine risk management efforts.

Example: A law firm that notices increased absenteeism and mental health claims correlating with higher professional indemnity claims could use this data to alert leadership and implement well-being programs before the situation worsens. Without a system in place to monitor these trends, the firm might miss critical opportunities for early intervention.

Advice:

  • Establish regular communication channels between employees, HR, and risk managers to identify and address people-related risks early.
  • Use technology to create a feedback loop where employees can report concerns anonymously, allowing leadership to take quick corrective actions before risks escalate.

4. Make Every Employee a Risk Manager

The final pillar focuses on embedding a risk-conscious mindset across the entire organisation, ensuring that all employees, regardless of role, understand their role in managing risk. People risk often arise from behaviours or cultural issues that go unchecked because employees don’t feel responsible for managing risk. By empowering every employee to see themselves as a risk manager, businesses can create a culture of accountability and vigilance.

Example: In sectors like finance or tech, employees who receive regular training on cybersecurity threats are more likely to report suspicious emails or follow security protocols. This simple yet effective cultural shift can reduce the risk of costly cyberattacks.

Advice:

  • Provide ongoing risk awareness training for employees at all levels, ensuring they understand the risks relevant to their roles.
  • Foster a culture where employees feel empowered to speak up about risks and are recognized for their contributions to risk management.

Building an Effective Risk Culture with the Four Pillars

To build an effective risk culture that integrates people-related risks into the broader enterprise risk management framework, organisations should follow these steps:

  1. Change the Conversation Around Risk: Leadership should broaden the scope of risk management discussions to include people risks, ensuring that they are seen as business-critical issues rather than just HR concerns. This can be achieved by involving the CEO, CFO, and other senior leaders in risk conversations.
  2. Leverage Data and Analytics: Data is critical for identifying and managing people risks. By breaking down silos and integrating HR data with risk management efforts, organisations can gain valuable insights into employee behaviour and workplace culture, allowing for proactive risk management.
  3. Align Leadership and Culture: Leadership behaviour sets the tone for the entire organisation. Companies should ensure that leaders are not only aware of people-related risks but are also actively involved in mitigating them. Toxic leadership or poor workplace culture can have devastating effects on business performance, as seen in the correlations between toxic leaders and higher professional indemnity claims.
  4. Empower Employees to Manage Risk: Finally, building an effective risk culture requires empowering employees to take ownership of risk. Training and clear communication about the role every employee plays in managing risk can help organisations mitigate threats more effectively and foster a culture of accountability.

By applying these pillars, organisations can ensure that people risks — from poor workplace culture to inadequate training and leadership — are addressed as integral parts of their overall risk management strategy. This holistic approach will not only reduce costly risks but also enhance business resilience and long-term success.

Leave a Comment

Your email address will not be published. Required fields are marked *