The COVID-19 pandemic has tested the maturity of risk management systems. Scenarios of mass quarantines, logistics disruptions, and simultaneous disruptions in supply and demand existed in reports from the WHO, the World Bank, and insurance groups long before 2020. The problem wasn’t a lack of information, but rather a failure to recognize it as an operational risk. Companies planned for localized disruptions but were unprepared for a situation in which multiple crises unfolded simultaneously and mutually reinforced one another.
Why Classic Risk Planning Failed
Before the pandemic, most companies dealt with isolated scenarios: IT failure, financial crisis, personnel risk, and reputational incident. COVID-19 has shown that risks rarely arrive singly. Border closures led to production shutdowns, then to component shortages, followed by rising prices and social unrest.
The automotive industry is a good example. In 2020, plant shutdowns in Asia caused a microchip shortage, which hit European and American manufacturers as early as 2021–2022. This wasn’t a sudden crisis: dependence on a small number of suppliers was known, but it hadn’t been tested in the face of a prolonged global shock.
Companies with distributed supply chains and pre-established remote work scenarios adapted more quickly. For example, large IT companies with global cloud infrastructures were able to transition tens of thousands of employees to remote work within weeks without disrupting key processes.
In contrast, many retailers and manufacturing companies had no plans to address the closure of physical stores or the loss of staff. The lack of digital channels, limited automation, and reliance on manual processes led to months of downtime and losses totaling billions of dollars.
What procedures should companies have in place today?
Preparing for systemic risks begins with regularly testing the reality of scenarios. Companies that have learned from the pandemic are implementing multi-layered stress tests that account for the simultaneous impacts of health, economic, climatic, and political factors. One key lesson is that plans must be dynamic.
“Once-a-year” scenarios are ineffective if the external environment changes quarterly. Risk management is increasingly being integrated into strategic planning, rather than existing as a separate, “check-the-box” function.
Practices that Work
Based on the experience of the 2020–2022 pandemic, we can identify a set of approaches that have proven effective in practice:
- regular multi-scenario stress tests simulating simultaneous disruptions in supply, personnel, and finance;
- supplier diversification not by price, but by geography and political risk;
- pre-established protocols for remote work and distributed management;
- backup financial models that take into account a 30–50% drop in revenue over 6–12 months;
- clear decision-making chains in a crisis without bureaucratic delays.
It is important to note that these measures are not exotic or the preserve of corporations. Many mid-sized companies that have implemented at least some of these practices have weathered the pandemic significantly more resiliently than their competitors.
Why “paper plans” are useless without a risk culture
One of the hidden lessons of the pandemic is that formal plans are useless if employees don’t understand their purpose and how to implement them. In many companies, crisis scenarios were described but not discussed, played out, or tested in real-life conditions. In moments of acute stress, people acted intuitively, bypassing instructions because they had never put them into practice.
Companies in which risk management had become part of the corporate culture exhibited a different dynamic. They regularly conducted crisis simulations: from the sudden loss of a key supplier to the unavailability of offices or IT systems. These exercises revealed not only technical vulnerabilities but also behavioral ones—delays in decision-making, authority conflicts, and management overload.
Another important aspect is information transparency. During the pandemic, organizations with transparent internal communication adapted more quickly because employees understood the real state of affairs and the rationale behind decisions. This reduced panic and resistance to change. Where management tried to “keep face” and conceal the scale of the problems, the crisis was exacerbated by a loss of trust.
Ultimately, resilience proved to be not only a matter of processes and reserves but also of habits. Companies that invest in a culture of risk discussion, regular training, and honest dialogue are better prepared for any systemic shocks—even those that cannot be accurately predicted in advance.
From the Pandemic to Future Crises
The pandemic was only the first large-scale test of the era of systemic risk. Future crises may arise from climate disasters, energy disruptions, or geopolitical conflicts. They all have one thing in common: they are rarely confined to a single area and almost always have cascading effects.
Companies that perceive COVID-19 as a “one-off event” risk repeating the same mistakes. Those who view the pandemic as a training ground are investing not in accurate forecasts but in systemic resilience. This means being prepared for uncertainty rather than attempting to eliminate it entirely.
The most important conclusion of recent years is simple and inconvenient: global risks cannot be completely prevented, but they can be prepared for. Resilience today is not a safety net for a single scenario, but rather the ability to adapt when multiple pillars collapse simultaneously. Companies that have integrated this understanding into their processes already have a competitive advantage—not due to growth speed, but due to their ability to survive and make decisions in conditions of prolonged instability.