The Role of Risk Management
in an Economic Crisis

Global crises, volatile markets, and geopolitical tensions always bring uncertainty for businesses. Additionally, the bigger and more international a company is, the more exposed it becomes to risks. In times of economic crisis, professional risk management is more crucial than ever to protect financial stability, build resilience, and secure long-term success. 

Table of Contents

Author
Philipp Strokosch

Why Companies Are Especially at Risk in Times of Crisis

The past few years have clearly shown how vulnerable businesses can be during periods of geopolitical turbulence or upheaval. Political tensions, fragile supply chains, and fluctuating financial markets can shake entire industries. And when a crisis escalates into a full-blown recession, tough steps like restructuring or layoffs often seem unavoidable. The harsh truth: the very survival of a company can suddenly be on the line.

Key Economic Risk Factors Companies Should Watch Out For

  • Political uncertainty: Sanctions, trade wars, or even armed conflicts can suddenly block access to important markets and create new risks such as export bans, market loss, or raw material shortages.
  • High inflation and rising interest rates: When energy, raw materials, and services get more expensive, it hits businesses and consumers alike. This commonly leads to less purchasing power, more expensive loans, and lower sales.
  • Unstable supply chains & insolvencies: Global production networks make companies vulnerable. Natural disasters, political conflicts, or bankrupt suppliers can disrupt operations, causing production stops, delivery delays, and extra costs.
  • Rising cybercrime: The more digital a company is, the more attractive it becomes to cybercriminals. Ransomware, data theft, and system failures can cause huge damage, sometimes threatening the very existence of a business if cybersecurity is neglected.
  • Liquidity and funding gaps: Higher operating costs, uncertain income, and tighter access to capital can quickly lead to financial trouble. Without timely action, companies risk payment defaults and even insolvency.
  • De-globalization and protectionism: The current trend toward protectionism – with new tariffs and export restrictions popping up left and right – is making it harder for businesses to reach global markets. Export-heavy businesses need to develop fresh strategies for sales, production, and procurement.
  • More regulations and reporting duties: Stricter legal requirements (e.g., CSRD, NIS2, DORA) and increasing bureaucracy cost time and resources, while also raising the risk of compliance violations. 
integrated_grc_benefits

Why Strategic Risk Management Is a Must in the Event of a Crisis

When so many economic risks hit at once, it’s obvious: companies need clear, practical, and long-lasting strategies to handle uncertainty. That’s exactly what professional risk management is for. 

However, the opposite often happens. When the economy gets shaky, budgets are usually the first thing to get cut. Sure, saving money can be smart in some areas – but cutting costs blindly, without thinking about the long-term impact, can backfire massively and cause more problems later. Often, short-term savings just lead to higher costs down the road. 

Cutting back on risk management is especially risky. This is the very system that helps businesses get through a crisis in the first place. Companies with solid risk management processes are not just better prepared but can also react faster and more effectively when challenges hit.

integrated_grc_features

Benefits of Structured Risk Management in a Crisis

  • Early warning system for financial bottlenecks: By regularly checking key financial figures such as liquidity, cash flow, debts, or unpaid bills, you can spot critical developments early – helping you avoid insolvency or funding gaps and take targeted action in time.
  • Stronger cyber and information security: A good risk management system reveals critical security gaps such as where you might be vulnerable to ransomware or phishing attacks. This knowledge will help you select and prioritize the right protective measures and develop effective emergency and recovery plans.
  • Stability despite global uncertainties: Solid risk analyses help you assess how geopolitical tensions, sanctions, or new tariffs might affect your business model, supply chains, and markets. Data-driven scenario analyses enable you to respond in good time to price increases, market losses, or trade barriers.
  • Greater operational resilience: Looking at risks across your entire value chain – from suppliers to production to sales and IT – helps you spot weak points and dependencies. This lets you build strong emergency and business continuity plans so you can respond quickly and keep operations running even when things go wrong.
  • Better control of inflation and cost risks: Using quantitative methods like risk simulation, you can analyze in detail how price increases and rising operating costs will impact your business and take smart actions early.
  • Building trust with transparency and compliance: Especially in times of crisis, investors, regulators, and business partners value a proven, transparent risk management system. It builds trust, ensures legal compliance, and supports resilience, competitiveness, and sustainable growth. 

For Many Companies, Risk Management Is a Legal Requirement

Risk management isn’t only about being responsible or thinking ahead. Depending on your industry, company size, location, and what products and services you sell or offer, there are often strict legal rules to comply with. Ignoring these rules can lead to hefty fines, which can easily be avoided with proper preparation. In some cases, company leaders can even be held personally liable, both civilly and criminally, if the rules aren’t followed.

Some Important EU Legal Rules and Regulations Companies Should Know:

Corporate Sustainability Due Diligence Directive (CSDDD)

Companies must systematically identify risks throughout their supply chains and take action to prevent human rights abuses or environmental damage.

Corporate Sustainability Reporting Directive (CSRD)

This CSRD directive requires affected entities to provide comprehensive and standardized reporting on ESG (Environmental, Social, Governance) risks and opportunities.

Network and Information Securty Directive (NIS2)

Businesses operating in critical sectors like energy, transport, healthcare, digital services, and others must establish extensive cyber and IT risk management and follow specific reporting and response steps in case of incidents. (regarding the NIS2 white paper)

Digital Operational Resilience Act (DORA)

From January 2025, banks, insurers, and ICT service providers in the financial sector must demonstrate their operational resilience against IT and cyber risks.

Solvency II

Insurance companies must calculate their capital requirements from a risk-based perspective, including assessing, managing, and monitoring their risk exposure.

EU AI Act

As the world’s first comprehensive legal framework for artificial intelligence, this law requires companies to systematically analyze and monitor their AI systems according to risk levels, especially for high-risk applications and use cases.

How to Use Risk Management to Get Your Company Safely Through an Economic Crisis

In tough economic times, strategic and proactive risk management becomes more important than ever as it helps you stay protected and able to act. Here’s how to tackle it in five practical steps:

 

Understand Your Risk Landscape

  • What specific risks could threaten your business right now – inside or outside your company? Think about your processes, supply chains, finances, and IT.
  • Are there any vulnerabilities or warning signs? For example, lower sales, staff shortages, or delivery problems?
  • What big outside factors could affect your business? Like market trends, new laws, or geopolitical changes?

Tip: Keep this overview complete and up to date as risks change fast!

Strategy Management

Define the Right Measures

  • What practical steps can you take to keep the impact of each risk as low as possible?
  • Are these steps realistic, practical, and affordable?
  • Do you have backup plans, alternative processes/suppliers, or extra funds set aside just in case?

Tip: Test your measures regularly to make sure they actually work when needed.

 

Monitor Risks Continuously

  • Do you have a control system in place to monitor risks and check if your measures are still effective?
  • What warning indicators or key numbers from your risk reviews do you watch to spot problems early?
  • How often do you check and update your risk assessments and measures?

Tip: Plan regular audits (e.g., system, process, product, or compliance audits) to catch negative developments early and find ways to improve.

 

Assign Clear Responsibilities

  • Who’s responsible for which type(s) of risk and acting on it?
  • Is there a dedicated crisis team with clearly defined roles, escalation levels, and decision-making powers?
  • How will communication and reporting work in an emergency?

Tip: Build risk awareness throughout your company and make sure everyone is well trained, so they know what to do and when to do it.

 

Assess Your Risks

  • How likely is each risk to happen? And what damage could it cause – financially, operationally, or to your reputation?
  • What treatment strategy will I choose for each risk (avoidance, reduction, transfer, or acceptance)?
  • How will I prioritize the risks I’ve identified?

Tip: If possible, use quantitative assessment methods such as stochastic simulations, and align the results with your company’s risk appetite and capacity. This makes decisions easier to compare and justify.

Crises are the ultimate stress test for any business - those who implement structured risk management now won't just weather the storm, they'll build the foundation for long-term resilience.

Philipp Strokosch Head of Product Line GRC & Managing Director GBTEC Austria

How Do I Implement an Effective Risk Management System?

Risk management is still partly handled today using manual spreadsheets like Excel. But given the complex and dynamic threats organizations face, this approach is not only inefficient but also extremely negligent. To manage risks professionally, you need a reliable, integrated system that grows with your business and adapts to your needs.

Here’s a simple step-by-step guide to help you implement an effective risk management system:

search icon

Identify your needs and set clear goals
Think about which types of risks you need to manage (e.g., general business risks, ESG risks, IT risks, process risks, business continuity risks, or data protection risks). Define what you want to achieve by managing these risks and keep any relevant legal or regulatory requirements in mind from the start.

analysis icon

Analyze your current situation
Take a close look at where your risk management stands today. Which processes, structures, and responsibilities are already in place? What is the current level of protection? Where are the gaps, and what needs to be improved or added?

Build risk awareness across your company
A good system is only as strong as the people behind it. Create a shared risk culture by making sure everyone understands potential risks, knows how to report them, and sees how they can help minimize them – even if they don’t work directly in risk management.

inhouse training

Choose the right tool – carefully
Do your homework and compare the GRC software options on the market. Pick a solution that covers all your key requirements regarding use cases and functionality (e.g., automated workflows and notifications, risk simulation, role-based access rights, clear dashboards, interfaces to other systems, audit and reporting capabilities, etc.).

regulation icon

Test it out with a Proof of Concept (PoC)
Run a test phase with real-life scenarios to see if the software really works for your organization in practice and spot any issues before full implementation.

Roll it out – and keep it improving
Plan your rollout carefully and involve all relevant teams from day one. Most providers offer good, comprehensive implementation support to help you get started quickly. And remember: risk management is not a one-time task. Set up processes early to regularly review and continuously improve your system.

Stay Strong Through Any Economic Crisis with BIC GRC

With the BIC GRC  risk management platform, you’re not just prepared to get through a crisis – you’re set up to come out even stronger. Its modular design lets you manageall your risk areas – from enterprise risk and IT security to ESG  and compliance – in one central system. This means you can protect your finances, secure your supply chains, and keep your business processes resilient and ready for the future.

Why BIC GRC is the right choice:

  • Centralized control of all risks and measures, so you retain the full picture, even when things change quickly
  • Audit-proof documentation for maximum transparency and traceability
  • Real-time dashboards for quick, informed decisions when the unexpected happens
  • High scalability and adaptability as new risks and requirements come up
  • Risk management according to ISO standards to stay compliant and secure at all times

Whether you’re a growing mid-sized company or a large enterprise, BIC GRC helps you build strong, stable processes – so you can stay on course with confidence, no matter how tough things get.

About the Expert

Philipp Strokosch

Head of Product Line GRC & Managing Director GBTEC Austria

Since July 2024, Philipp Strokosch has been the Head of Product Line GRC and Managing Director at GBTEC. Before that, he led the development of innovative Governance, Risk, and Compliance (GRC) solutions as Head of Sales, helping businesses prepare for the future through digital transformation. With over a decade of experience, including serving as Country Manager for a Fortune 500 risk management company listed on the New York Stock Exchange, Philipp is a recognized expert in sustainable risk management. Together with his team, he creates customized solutions that drive long-term success and ensure regulatory compliance.

LinkedIn

Do you have any questions?

Do you have any questions about our products or services?
Our experts will gladly assist you and look forward to your request.

Contact form+43 1 3670876 -0

Expand your knowledge with our e-learnings on BPM & GRC.

To the GBTEC Learning Hub