Humankind has become socially dependant on a personalised, pocket-sized computer which offers us unlimited access to people, products, tools and information, and on an absolute-global scale. But is risk management ready for this brave new world asks Complexus principal, Warren Black.

By now, most people have heard that we are living in an age which is being commonly referred to as the ‘Fourth Industrial Revolution’. More specifically, the Fourth Industrial Revolution is the term introduced by the World Economic Forum to try and explain how rapidly emerging technologies are collectively re-shaping our global consciousness, our social behaviours, our preferred politics, the cities we will live in, our places of work, our management practices and even our future careers.

Consider how, in less than a decade, humankind has become socially dependant on a personalised, pocket-sized computer which offers us unlimited access to people, products, tools and information, and on an absolute-global scale. Yes, the smart phone has become so entwined into our lives that the device is no longer just a phone, it is an extension of our physical being. Our phone is the first thing we check when we wake up in the morning, we carry it everywhere we go, we talk to it and it talks back to us, we listen to it and it listens to us. It tells us what to do, where to go, who to socialise with and what to like.

Many of us now spend more hours a day interacting with our phone than we interact with our individual family members. Our personalised pocket computer (and its many cyber features) has become so fully integrated into our existence, that we humans are now displaying the earliest symptoms of cyborg behaviour. That is, humans have become dependent on both organic and technological parts for their functional survival.

The new reality is that, as more and more technological advancements come online, humankind will inevitably become more obsessed, addicted and dependant on such technology. The Fourth Industrial Revolution thus represents a sustained period of continually emerging technological changes which will forever alter the way we humans behave, socialise, work and exist. In turn, our functional working world should expect an era of advanced complexity and continuous disruption.

The rise of Industry 4.0

As the name suggests the Fourth Industrial Revolution is not the first of its kind. Over the previous 250 years our working world has experienced three other similar transformations, namely; the Steam, Electricity and Computer Revolutions. Each disrupted their respective working world’s so radically, that that they now represent a measurable point in the advancement of humankind - an evolutionary growth spurt if you will.

Just as steam, electricity and computers did before it, the Technology Revolution is expected to create a plethora of new businesses, professions and jobs whilst simultaneously eradicating many others. Some of the more aggressive estimates suggest that as much as 50% of existing professions will no longer exist within 30 years.

For this reason, many forward-looking organisations are starting to conceptualise what the workplace requirements of the future will look like. Considering that it takes 10-20 years to build up a credible working expertise in any new management discipline, it is critical that modern organisations start defining and planning for the industry of the future now. Industry 4.0 (as it has been named) will in turn require a suitably enabled Workforce 4.0 and in both cases; new knowledge, skills, methods and tools will be required.

Of course this in turn then begs the natural follow up question; what will the required knowledge, skills, methods and tools of Risk Management 4.0 look like?

So how about that Risk Management 4.0?

As yet it is not entirely clear where the Fourth Revolution will lead us, so how the risk management discipline should support Industry 4.0 is almost certainly going to be a matter of rigorous debate amongst the invested risk community, for some time to come. At its’ heart though, risk management has always been about helping organisations to manage uncertainty, protect value and avoid disruption - with this in mind, there are a few obvious quick wins that modern organisations should plan for. They include;

#1 - Cyber (enabled) Risk Management

Cyber is defined as the “culture of modern technology” and represents how humankind interacts with and embraces such modern technological enablers as big data, predictive analytics, artificial intelligence, the internet of things, digital systems, cloud based applications, data streaming and altered reality. If anything, the Fourth Industrial Revolution is a Cyber Revolution and so the risk profession is going to have to embrace the threats & opportunities of a greatly enhanced Cyber culture.

The ability to improve risk-related decision making within highly complex and data-saturated environments is going to become a particular requirement of Risk 4.0. In turn, Cyber (enabled) Risk Management has the potential to allow modern organisation’s to significantly improve their risk related data gathering, storage, quality, analytics, visualisation, reporting and the like. For example, the growing number of hand held, live data shaping platforms (e.g. SurveyMonkey, Menti, QuickSurvey etc.) offer modern organisations the ability to evaluate their emerging risks in real time, based on live data sources, on an enterprise-wide scale. Equally, large-expansive organisations might consider adopting a Wikipedia style approach to collaborating, verifying and continually updating their documented critical risk scenarios across their global operations?

Unfortunately, the speed at which the Cyber Culture is growing across Industry 4.0 still appears to be significantly more advanced than the comparable speed at which the global risk management community is upskilling in new tools and methods. There is almost certainly going to come a time (soon?) when many organisations are forced to face up to the realisation that their retained risk capability and enabling tools, no longer suits the needs of the modern age. When that day occurs, shift will certainly happen!

During Industry 4.0, risk management and complexity management will often be indistinguishable from each other

#2 - Complex Systems Thinking

For most organisations, the ever increasing complexity of Industry 4.0 can already be felt on a daily basis. The sheer volumes of interdependent data, systems, technologies and shifting stakeholder relationships which need to be controlled in order to succeed, is steadily becoming insurmountable.

It is thus only a matter of time before the invested risk management community is forced to start looking at organisational risk management with a complex systems mindset. It is inevitable that at some point in our working world’s complexity growth curve, modern organisations will need to better understand how disruptive phenomena (aka risks) emerge from within highly inter-connected and co-dependant working systems, relationships and interactions. For this reason, it is almost certain that many of the future advancements required by Risk 4.0, lie within the complexity sciences. After all, no organisation can reasonably claim to be controlling the risks of increased complexity, if they have none of the scientific understanding, skilled up resources nor contextualised management tools required to do so.


The complexity sciences offer future risk managers specific insights into how complex systems exist, interact and evolve as well as how complex phenomena (such as risks and disruption) manifest, ebb and flow. This will be of particular relevance to Industry 4.0 as most participating organisation’s are going to be dependant on an advanced number of continually shifting and co-dependent, global relationships. Small changes in one relationship can easily ripple and compound throughout all the other co-dependant relationships to cause momentous, possibly even disruptive outcomes further downstream. Also future risk managers will need to understand that as systemic complexity increases the environmental rationality, stability and predictability decreases. So much so that at the highest escalations of complexity there is wild disorder (aka chaos). In many ways disruption is a form of organisational chaos and so it imperative that future risk managers understand how to recognise the early warning signs of emerging chaos, so that they may proactively prevent any associated workplace disruption.

During Industry 4.0, risk management and complexity management will often be indistinguishable from each other. More specifically, such complexity related disciplines as systems thinking and chaos theory, will play a significant contributing role to the working knowledge and practices of Risk 4.0.

During Industry 4.0, organisations will need to become intelligently responsive to those emerging industry forces which have the potential to cause system-wide disruption.

#3 - Embedding an Organisation-wide Culture of Resilience

Resilience is the ability of an entity to respond intelligently to sudden environmental changes. It is yet another term which is growing increasingly more material in modern day risk management.

Considering how Industry 4.0 is going to be an extended period of mass-scale changes, there is now more than ever a need for organisations to build in an internal resilience to disruption. Resilient organisations are those which can prepare, withstand and recover rapidly from such disruptive phenomena as market swings, consumer shifts, competitor advances, political shocks, accidents, disasters and even deliberate attacks.

Resilience theory has its roots in the study of natural complex systems such as eco-systems, food chains, immune systems, rain-forests and the like. Such natural complex systems have been able to endure billions of years of planet shaping, disruptive phenomena in the form of asteroid strikes, tectonic shifts, global freezing, global warming, floods, droughts, pandemics, natural selection and the like. In the natural systems’ universe, Resilience is all about the ability of an entity to recognise, respond and adjust to the emerging phenomena which surround them.

Building on this, in a working world experiencing ever increasing frequencies of change, it is not going to be possible to predict exactly when, where, how and at what magnitude every potential risk scenario will emerge. For this reason, future organisations will need to establish a certain cultural sense of Resilience to dealing with whatever this way may come. In the natural systems universe this is referred to as a “systemic sense of resilience”. Most natural systems have Resilience woven into their DNA, so much so, that it is an inherent characteristic of their personal identity. Similarly, modern organisations will need to learn how to weave Resilience enablers into their own operational DNA so that it becomes an inherent characteristic of their displayed personality and functional behaviour.


Resilience during Industry 4.0 will have to become more than just securing Business Continuity and Disaster Recovery Plans, it will also have be about enabling an organisation-wide sensitivity, intelligence, awareness, agility and responsiveness to system-wide changes. More to the point, Resilience will need to be about helping an organisation to become intelligently responsive to those emerging forces which have the potential to cause system-wide disruption. This is the truest definition of Resilience and it will need to be one of the primary goals of Risk 4.0.

Many organisations don’t fully understand that during Industry 4.0 the true value of their organisation will shift

#4 - Re-aligning Risk Management to protect an organisation’s most current value drivers

In 2012 Instagram employed 13 full time workers and owned only $250,000 in physical assets, yet the company was bought by Facebook for $1.3 billion. In 2009, bankrupt Telecoms manufacturer Nortel were pleasantly surprised to see their operating patents auctioned off for $4.5 billion - more than twice their liquidated debt. Similarly in 2015, Caesar’s Palace Hotel & Casino discovered during a liquidation evaluation, that their most valuable asset was their accumulated data base of 50 years worth of guest personal details, gambling habits and purchase behaviours (valued at $1 billion more than their property).

What the above examples highlight is that during Industry 4.0 there will have to be a significant paradigm shift in defining and protecting Net Business Value as the true value of many modern organisations is now in such intangible assets as data, retained information and potential for growth. Case in Point: Facebook, Google and Apple are all worth multiple Billions of dollars yet their balance sheets do not reflect physical assets anywhere near such value. Why? Because their true market value lies in their operating data, innovation and the ability to create highly profitable, future revenue streams.

Now considering much of risk management is about protecting organisational value, Risk 4.0 will, in turn, need to include methods which protect not just the organisation’s physical assets (people, machinery, property etc.) but also its’ intangible assets as well. Such intangibles may include; reputation, brand, operational data, client details, patents, licenses, prototypes, digital prints, audio files, graphics, videos, electronic signatures, service agreements, digital contracts and so on.

Admittedly, existing risk methods do not totally ignore such assets, but they do tend to focus more on protecting the operating integrity of the asset (eg Cyber Security), rather than protecting its actual market value. As demonstrated in the earlier examples, the nature of many businesses will change during Industry 4.0 and so their value drivers will shift from one asset class to another. Risk 4.0 will need to be hyper alert to this possibility and re-align its’ focus accordingly. Consider the example of Instagram, if a cooler more popular app. were to come along, the company could lose a Billion dollars in value overnight. Hence Instagram’s primary risk management focus should be about spotting emerging competitors, protecting their popularity and keeping their service offering current - not implementing a Disaster Recovery Plan for their 13 person workforce, nor taking out better insurance for their $250,000 in physical assets.

Needless to say, organisations wishing to succeed during Industry 4.0 are going to have to place a particular emphasis on better understanding, evaluating and protecting their most current, value drivers & assets. This will include rethinking and redesigning the manner in which an organisation’s enterprise risk management and auditing disciplines support Investment Decisions, Asset Management, Equity, Liquidity, Debt, Loans and Insurance.

Many forward looking organisations are starting to conceptualise what the workplace requirements of the future will look like. Which of course begs the natural question, what will Risk Management 4.0 need to look like?

Industry 4.0 is here… but is the global risk management community ready?

Now although Cyber, Systems Thinking, Resilience and Intangible Assets are not particularly new nor unique to the risk management profession, it’s their criticality and contextual relevance which will escalate during Industry 4.0. A greater focus, maturity and intensity will need to be afforded to each, if risk management is to add value to future organisations. This includes maximising the benefits of the Cyber age to develop better working methods and tools.

We all know our working world is changing, and rapidly so. Much of what we have traditionally accepted as leading practice or business as usual will need to evolve in order to keep up with our changing world’s most current needs… risk management is no exception to this rule.

Risk 4.0 represents the functional state of risk management which will be required during a future Industry 4.0 (aka the Fourth Industrial Revolution). Undoubtedly, existing risk thinking, methods and tools are going to have to evolve to meet the needs of a working world which is significantly more dynamic, complex and disruptive than any other time before. For those organisations that wish to assess their “risk readiness” for Industry 4.0, they might start by assessing themselves against these four metric questions;

1. Does our organisation’s risk management capability fully embrace the advantages of the modern Cyber Culture? (are our risk management efforts keeping up?)

2. Does our organisation’s risk management capability retain sufficient knowledge, capability and validity to control the risks associated with increased complexity? (are our appointed risk officer’s trained in the actual science of complexity?)

3. Does our existing risk management efforts enable an ingrained, organisation-wide Culture of Resilience? (aka a Systemic Sense of Resilience?)

4. Are our organisation’s risk management efforts protecting our most current value drivers? (do we know where our most current value and risks lie?)

These questions are by no means an absolute indicator of whether or not an organisation’s invested risk management capability is ready to meet the needs of Industry 4.0, but they are a credible start. In turn, it is implied that those organisations which can not confidently answer “Yes” to all four of these questions are potentially ripe to being disrupted by the emerging forces of the Fourth Industrial Revolution.


Follow us

This submission is part of a series of thought pieces which have been developed whilst engaged in a Higher Degree in Research on how complexity influences risk. The content was developed during an intense 6 month research road show of global risk conferences, webinars, panel discussions, executive interviews and ongoing literature research.

This piece is authored by Warren Black (2019) a PHD in Research Candidate at the Queensland University of Technology