There are many positives that will come out of hybrid working. Some examples include, increased flexibility leading to greater work life balance, the potential financial benefits of limiting the commute and the level of productivity that can take place with employees working from home. However, hybrid working is not without its risk and complexity.

A lot has been written about the loss of structured or unstructured innovation, collaboration and team building that not being together in an office can bring. There are also risks around inclusivity, fairness and the two-tier system that can be created between those who can work from home and those who cannot.

Leaders have a huge responsibility to role model hybrid working for it to work well. Presenteeism is real and can be created by leaders, sometimes without them realising it. Leaders must be fair and inclusive in everything that they do or run the risk that employee engagement will fall, a lack of trust will fester, and the culture of the organisation will not support the aims of hybrid working. Ultimately if hybrid working is not managed and led well productivity will fall and the senior echelons of the organization (who may be seeing the current period as a trial) will deem hybrid working as an ineffective working model and things may go back to how they always were. This would be an opportunity missed and could lead to the perfect storm of an inability to attract and retain talent.

Therefore, it is important to measure the success of your hybrid model and to manage the risks associated with it to ensure that if any issues do start to appear the risks are mitigated against and the model is tweaked to make sure it works. After all, the benefits of hybrid working are huge, and it is all our responsibility to make it work.

So how do you measure its success and proactively manage risk?

The answer is in the same way that we measure culture, employee engagement, our diversity, equity and inclusion strategy and all of the other people and culture related goals, objectives and processes i.e. We gather data.

That data can be gathered from many sources and collated in a centralised data hub, whether that be a spreadsheet or HR system. All managers and department heads have a responsibility to gather the data and seek feedback from their teams on a regular basis to find out what works and what could be better. This can then all be fed into the system along with survey data and other data related to the employee lifecycle such as attrition rates, performance management data etc.

KRM22 have created a risk management system that can link to your organizations data hub and align the data gathered in a risk cockpit. An example of a dashboard in the risk cockpit that focuses on measuring the success of a hybrid working model can be seen at Fig 1. The risk cockpit gives business leaders a very clear analysis of all their data and allows them to view the risk status of all of the risk related to the successful delivery of their hybrid working model.

Hybrid working effectiveness dashboard

If you would like to know more about our People and Culture Risk Cockpit which incorporates hybrid working, please get in touch with Chris Cherrington our head of people and culture risk.

KRM22 has partnered with Acuiti to develop the Capital Markets Risk Sentiment Index (CMRSI) – a benchmark of how different risks are perceived by Senior Executives across the market and how able they are to deal with them.

The top risks varied significantly by company type (download the free CMRSI for full details here). But overall, there was a clear correlation between where firms had historically invested in technology and how prepared they felt to deal with a specific risk.  

This was a key finding of the index – investment in risk technology and processes doesn’t necessarily reduce the level of the risk faced but it does boost the ability to mitigate it.  

Market risk (covering pre-trade, at trade and post-trade) was a key example. Over the past decade, billions of dollars have been invested in market risk technology across capital markets.  

The result is that, while market risk was the second biggest risk overall and the top risk for banks and proprietary trading firms, it was also the risk that respondents felt best able to mitigate. Almost half of respondents said they were fully able to do so.  

The same is true for the risk posed by regulatory monitoring and reporting and market abuse. Again, there has been significant investment in these areas (spurred on in part by hefty fines from regulators). While these risks both feature highly in the threat they are perceived to pose for firms, they also perform relatively well in terms of how able executives are to mitigate them.

The major outlier to this trend is the threat from cyber-attacks. Cyber risk emanating from an external threat was the top risk identified by respondents overall and a top three risk for all company types.  

However, when it came to mitigation, the risk was 12th out of 16 in how able executives felt able to deal with the threat. This suggests that cyber is likely to be a key target of investment over the coming years and that technology companies and their clients have a long way to go to neutralise the challenges posed.  

KRM22 Commentary on the results of the survey:

The results of this survey clearly show that the respondents feel cyber-security is a major concern to their business. And they aren’t wrong. Cyber-attacks are increasing faster than ever before, and many senior decision makers do not fully understand their vulnerabilities.

According to a report from the security company Kaspersky Lab, a cyber-attack occurs at a rate of around one every 40 seconds and these attacks are indiscriminate. What this means is simple: if a company allows an internet-connected device, they are vulnerable. Worryingly, this report goes on to say that 67 percent of companies affected by ransomware lost part or all their corporate data and one in four victims spent several weeks trying to restore access. Often, the real victims of a successful cyber-attack or security breaches are not those in the organisation, but the customers who have trusted that organisation with their data.

Lindy Cameron, the CEO of Britain’s National Cyber Security Centre (NCSC), recently warned that “Cybersecurity is still not taken as seriously as it should be, and simply is not embedded into the UK’s boardroom thinking” and that, “cyber-security should be viewed with the same importance to CEOs as finance, legal or any other vital day-to-day part of the enterprise”.

With the sheer amount of information businesses, customers and other individuals put out there in digital form, it is imperative that steps are taken to mitigate cyber security threats. For this reason, it is essential that businesses work with a professional cyber security company to protect their data and systems.

Having recently successfully completed our SOC2 Type2 accreditation, we at KRM22 are very aware about keeping our customer’s data protected, and over the coming months, we will be providing thought leadership on how to integrate cyber security into a risk-based culture.

Download the full report here: