There are always uncertainties in life – the same goes for business. Things happen, things change, and some are out of our control. But risk management can give you back control of your business by planning for the unknown, making informed decisions on responding to potential risks in your business, and developing the appropriate response based on an impact and probability assessment.
What are the risks in online business?
This article explores the need for adopting a risk management approach for your online business.
Your Website and that Sinking Feeling
We launched our first online store in 2005. This doesn’t seem like that long ago, but it is lifetimes ago in digital years. Since then, our stores have come and gone – we’ve jumped on and fallen off every marketplace that lured us with promises of success, and we continued to move forward.
I always viewed the ebb and flow of our ventures as a learning experience. As long as we were learning, we were growing. Continuous improvement, “fail fast,” and all that crap. Sometimes you have to hang on to whatever gets you through the day. And while there were challenges along the way, I never felt like giving up.
Your Website and that Sinking Feeling
Around 2015 or so, I got a nasty letter from a law firm. We had used a licensed image on our site, and they wanted compensation. BIG Compensation. I was confused. We used our own images and were careful about attributed content when applicable. A guest blogger uploaded the image in question, never used it, but nonetheless resided on our server. That was enough to show up in a Google search if you were looking for that specific image. And they were.
We call these nuisance lawsuits. They are the web equivalent of ambulance chasers. They send out mass demand letters to folks that have knowingly or unintentionally violated image copyrights with the knowledge that most folks would rather settle than go to court. This approach can be pretty lucrative. And while questionable, perfectly legal.
Ultimately, we settled as well.
Time to Rethink
The experience left me rethinking the whole web thing. First, we depend heavily on user-generated content, so we need to be diligent about plagiarism and other infringements. But was it really worth it? And then came along GDPR, CCPA, and a slew of other privacy laws. Ugh! And that’s just the tip of the iceberg when it comes to compliance.
Time to give up? Tempting, but no.
It was time to get smarter and adopt a risk management strategy to identify and mitigate potential compliance and other web risks. Unfortunately, there is absolutely no way to eliminate risk. Any business faces risks, and sadly some don’t come out the other side. The best we can do is to manage and mitigate our exposures.
Risk vs. Reward
Risk vs. Reward
First and foremost, we need to understand why we consider taking on risks. The counterpart to risk is the reward. The reward is the benefit or upside to be had if we are successful. For example, there may be a risk of pursuing a new product line – the costs associated with its development, market acceptance, etc. But if it works, the reward is we make lots of money and vacation with Jeff Bezos and Elon Musk (assuming you think that’s a reward). On the other hand, if you had to spend $5,000 to pursue a contract worth $1 Million, would you? Well, it depends on the risk involved.
To decide whether to pursue the contract, we need to understand ‘What is Risk?”
Risk is comprised of two components – probability and impact. For example, what is the risk of dying in a plane crash?
- The probability is low – about 1 in 11 million, while dying in a car crash comes in at 1 in 5,000. So technically, the plane is safer. Source – NOVA | The Deadliest Plane Crash | How Risky Is Flying? | PBS
- The impact is high – dead is dead.
So do you get on the plane? You need to weigh the probability against the impact and decide. And with risk management, there always has to be a decision.
Before you get to that point, you need to do a risk assessment. First, you have to identify all the potential risks, including the risk of not identifying an unknown risk (risk register). Then you consider the probability and impact of each risk (risk assessment) to decide (risk response) to each risk. This entire process is Risk Management.
There are five potential responses to any risk –
- Avoid the risk – don’t launch your startup, don’t sell online.
- Accept the risk – the reward outweighs the risk, and we can live with the downside of the risk.
- Mitigate the risk – Takes steps to lessen the impact or probability.
- Transfer the risk – We do this through insurance. For example, our business could be flooded, so we buy flood insurance, thus transferring the risk to the insurance company.
- Escalate – When you identify risk but are not authorized to decide, you may elevate it to your boss or your board, whoever has an ultimate say in these matters.
Once you’ve determined the reward is worth the risk, you will select one of the five responses based on your risk assessment (probability vs. impact). Doing nothing when faced with risk by default falls into either avoidance or acceptance, depending on the situation. It is still a decision.
Risk management is not a “set it and forget it” exercise. New risks will emerge as the market, regulatory and compliance landscapes shift. This is an ongoing process. But, at least you’ll be able to sleep at night.
Sleeping at Night
While it is not possible to eliminate all risks, you can deal with them. Legal counsel can advise you on matters that impact your business from a compliance and regulatory standpoint. In addition, we can offer you tools and solutions to address web-specific concerns like privacy, consent, and accessibility. The point is to develop a risk management approach for your business. Then, you have a plan for when risks materialize (when they happen, they become incidents, and that’s another article).
It is not about avoiding risks; it’s about managing your response to them.
Developing a Risk Management Plan for Your Online Business
Follow us on LinkedIn – Understanding eCommerce