Our fear of sharks is part psychology, part Hollywood
I am an ocean swimmer and 3-4 times each week swimming somewhere off Sydney beaches. My wife and kids often say to me “you’re going to be bitten by a shark!”.
The reality is there is greater statistical risk driving my car to the beach for the ocean swim than being bitten by a shark.
Here’s the evidence – in 2018 in Australia, there was 1 shark death and 20 injuries . Whereas during the same year, there were 1,137 Australian road deaths across 36,000 car accidents .
Moreover, statistically, the biggest animal killer of humans is the mosquito carrying malaria and other diseases, with 725,000 deaths per year. The number of shark deaths is insignificant with only 10 deaths per year (see infographic below).
There is a huge disconnect between perceived and actual risk
We find our clients often struggle with perceived and actual risk and this impacts their risk mitigation approaches including insurance.
I will not go into the risk research here other than to say actual and perceived risk are usually negatively correlated – but this is a discussion for another time.
When we run risk workshops, we see the two extremes – “Chicken Little” where every risk is high impact and high probability. And “She’ll be ‘right” – where every risk is low impact and low probability.
Insurance as a risk mitigant may not be the best solution and comes in after the incident occurred. As an example, two of our clients have had social engineering attacks resulting in $160k in losses. Both clients are successful SME businesses and careful with what they do – but despite this, both were conned by sophisticated crooks.
To prevent this from happening, staff training, controls and clear governance is far more effective for prevention than a cyber liability or crime policy. However, you need to have your team on board and be forever vigilant.
What’s the benefit of understanding perceived and actual risk?
In business, it is often easy to see the upside – but harder to see the risks. However, as we all know, the risks can hold us back or even cause the business collapse.
By understanding the actual risks, your will be able to mitigate these more cost effectively, be prepared for incidents and reduce the chance of business collapse.
What can you do next?
1.Ensure that risk is everyone’s responsibility – not just the CRO or CFO
2. Focus on the risks that matter – from an impact and probability perspective. This also provides the framework for the insurance program.
3. Have an in encompassing risk mitigation program – this may include staff training, controls, governance as well as insurance.
So before you jump in the water, you may want to consider the perceived and actual risks.