Risk has been my passion and profession for a great number of years, and during that time I’ve seen enormous changes in the ways in which we anticipate, measure and assess risk.  But now, in 2025, I believe the risk profession is facing its greatest challenge yet. 
 

The three eras of risk management 

When I started in this field in the 80’s, risk management was relatively straightforward. Originally born during the latter stages of the Industrial Revolution in the mid-1800s, our discipline focused exclusively on insurable risks: fires, explosions, and other tangible threats that could be quantified and covered by insurance policies. This remained our primary concern for nearly a century, and to a large extent, these risks were generally predictable and measurable. 

The first major shift came in the 1950s  with Harry Markowitz's Modern Portfolio Theory, a mathematical framework for assembling a portfolio of assets such that the expected return is maximised for a given level of risk. Suddenly, we weren't just managing insurable risks anymore; instead, we were grappling with financial risks: market volatility, credit exposure and liquidity concerns, for example. This new paradigm changed our profession, requiring new skills and frameworks. 

The  second evolution arrived in the 1990s when strategic planning became central to business and corporate governance. Companies began integrating strategic risks into their risk management frameworks, marking the true beginning of Enterprise Risk Management (ERM). Back then, we truly thought we had reached maturity as a profession… 
 

Enter the pandemic (the next era of risk management)  

What happened in 2020 changed everything. Companies were forced to embrace technology not by choice, but by necessity. Business had to continue with or without people in offices, and technology became the enabler. But here's what we didn't anticipate: this technological integration didn't just create new risks, it fundamentally altered the nature of risk itself. 

The irony is profound: technology creates our biggest challenge while also being our only viable solution. Modern companies have hundreds or thousands of interconnected processes, each with dependencies that create massive risk matrices impossible to manage without technological platforms. We need to "dance with the devil," as I tell my colleagues, embrace the very technology that's making our traditional approaches obsolete. 

We’re now confronted with an unnerving reality. Our traditional risk management frameworks are becoming obsolete because they're built on a fundamental premise that no longer exists: the assumption that we can use only historical data to predict future risks. I’ve been a champion of education for risk professionals for many years, I’ve studied courses and reviewed new standards as and when they emerge, but they all begin with the same foundations: risk identification, risk evaluation and drawing from past experiences. But the future no longer reflects only the past. What we’re looking at now goes beyond a change in process; we must embrace a change in the very culture of risk management. 
 

Risk: the final frontier? 

We're now regularly dealing with "unknown unknowns," those risks we can't even identify, let alone measure. This goes beyond Black Swan events like the Twin Towers attack, where we at least knew terrorist risk existed. Now we're facing risks we may not be able to imagine. 

The numbers are stark. Traditional risk management frameworks now cover maybe 20% of a company's total risk landscape. Even companies that formally integrate risk management into their strategic planning might reach 50-60% coverage. That leaves a significant level of risk in the shadows. The holistic risk landscape faced by companies is now governed by different and innovative rules (exponential growth, etc.)  

At the same time, our profession faces a human capital crisis. As a baby boomer myself, I see my generation retiring without adequate replacements in the workplace. We lack sufficient academic programs, and converting professionals from other fields takes five years, the same time and more as a college degree. It's a conversion that requires completely changing one's mindset about what risk means. 

We must all essentially go back to school and learn our profession anew. The only certainty I have after all these years is that our future frameworks will be fundamentally different from anything we've known. It's both terrifying and fascinating, and why, for me, retirement isn't an option.  There’s still so much knowledge to pass on.  

I also recommend all risk management professionals to follow the work of renowned futurists (Ray Kurzweil, others), which is a powerful tool to expand our horizons of thought when carrying out professional exercises of having to "discover" (and not identify) risks, particularly those called emerging risks. 

We’re living in a world where events like the Brokerslink Global Conference and the Risk Managers Forum Jorge Luzzi, are invaluable.  Unless we continue to present these opportunities for risk professionals to discuss this changing paradigm and work together to find a new way to manage risk, there is a real chance that tomorrow’s businesses simply won’t have the tools to manage the next big crisis.