3 June, 2026
  1. Home
  2. Risk Matters
  3. IRMSA warns South…

IRMSA warns South Africa faces a new era of compounded risk, not isolated crises

  • 6 minute read
By Yvonne Mothibi

Chief Executive Officer of the Institute of Risk Management South Africa (IRMSA).

For too long, South Africa has treated risk as a series of separate problems. Electricity sits in one box, cyber threats in another, water insecurity somewhere else, and public debt in yet another file on another desk. That way of thinking no longer fits the world we are living in.  The defining feature of the current global environment is not the rise of one overwhelming threat, but the collision of many. Geopolitical conflict, inflation, debt stress, cyber-attacks, supply chain disruption, climate pressure, and institutional fragility are now feeding off one another. The real danger for South Africa is the way one shock can rapidly activate several existing weaknesses at once. This is the age of compounded risk.

The current turmoil in the Middle East offers a clear example. On the surface, it may appear to be a distant geopolitical conflict. But it reaches deep into the South African economy through fuel prices, shipping routes, fertiliser costs, inflation expectations, business confidence, and the cost of capital. A war thousands of kilometres away can make it more expensive to move goods, grow food, keep generators running and finance infrastructure. It can place pressure on the rand, unsettle investors, and push up borrowing costs across emerging markets. The shock does not arrive in a single form. It arrives through multiple channels at once.

That is why the old approach to risk management is no longer enough. South Africa cannot afford to deal with threats in silos while the world delivers them in clusters.

This should matter not only to risk professionals, but to business leaders, policymakers, regulators, and boards. We are entering a period in which resilience will depend less on how well institutions manage individual risks in isolation and more on how effectively they understand interdependence. The question is no longer whether an organisation has a cyber plan, an energy plan, a continuity plan, and a financial plan. The question is whether those plans speak to one another. In an interconnected crisis, failure in one system quickly becomes pressure in another.

South Africa is especially exposed to this new reality because many of its core systems are already under strain. Energy supply has improved, but the economy remains highly vulnerable to diesel costs and fuel availability. Logistics reform is under way, but freight bottlenecks and infrastructure constraints still weaken resilience. Water insecurity is becoming more acute in several areas, yet it is still too often treated as a service delivery issue instead of a strategic economic risk. Cyber threats are becoming more sophisticated and more political, while many organisations remain underprepared for the implications of artificial intelligence, third party vulnerabilities and systemic digital disruption. At the same time, fiscal pressure limits the state’s room to respond generously or quickly when shocks hit.

Each of these challenges is serious on its own. Together, they create a far more dangerous picture.

A fuel shock, for example, can affect electricity backup systems, food production, mining costs, inflation, wage demands and consumer spending. A cyber-attack can become a crisis of operations, trust, compliance, and national security. Water shortages do not only threaten households. They also threaten industrial output, municipal stability, public health, and investor confidence. This is what compounded risk means in practice. The categories may look separate on paper, but in the real world they travel together.

That reality should change the way South Africa prepares.

First, risk management must move beyond compliance and become central to national competitiveness. In a world of overlapping shocks, the countries and companies that attract capital will be those that can demonstrate resilience, clarity, and execution under stress. Investors are no longer judging markets only on growth prospects. They are also judging whether institutions can withstand volatility, protect infrastructure, manage public finances, and respond coherently when conditions deteriorate.

Second, boards and executive teams need to demand scenario planning that reflects the world as it works. It is no longer enough to model a power failure, a cyber breach, or a spike in fuel prices separately. The more useful test is what happens when they occur close together, or when one triggers the other. Institutions need to ask harder questions. What happens if a fuel shock coincides with a logistics disruption? What happens if a cyber incident hits a critical supplier during a period of financial stress? What happens if water scarcity intersects with municipal failure and social unrest? These are no longer far-fetched hypotheticals. They are realistic planning assumptions.

Third, critical infrastructure must be understood as a national risk issue, not merely an operational one. Electricity, ports, rail, telecoms, and water systems are not isolated technical assets. They are the foundations on which economic and social stability rests. Weakness in these systems magnifies every external shock. Strength in them absorbs pressure. If South Africa is serious about resilience, then risk governance around critical infrastructure must become more integrated, more urgent, and more accountable.

Fourth, cyber resilience must be elevated. The line between criminal activity, commercial sabotage and geopolitical cyber aggression is becoming harder to distinguish. Artificial intelligence is accelerating the scale and sophistication of attacks. Third party vulnerabilities are widening the attack surface for every major institution. In this environment, cyber risk can no longer be delegated downward. It belongs at the centre of strategy, governance, and enterprise risk management.

Finally, South Africa needs a more disciplined public conversation about crisis response. The answer to every shock cannot be broad subsidies, ad hoc interventions or short-term political relief that weakens long-term resilience. The more sustainable response lies in targeted support where it is most needed, stronger institutions, better coordination and investment in the systems that reduce vulnerability before the next crisis arrives.

This is where the risk profession has a vital role to play. Risk managers are not only there to document threats after the fact or populate registers for governance purposes. They are among the few professionals trained to think across systems, to identify linkages, to test assumptions and to challenge the false comfort of siloed planning. In a period of compounded risk, that discipline becomes more valuable, not less.

South Africa does not need to become a country paralysed by fear. But it does need to become a country that is more honest about the nature of the risks it faces. The global environment has changed. Shocks are more connected, more frequent, and more difficult to contain. That makes resilience a strategic priority rather than a technical afterthought.

Read Previous

Kagiso Trust sets its sights on igniting human capacity across Africa
Read Next

Property-led economic growth leans on government reform

Most Popular

Food Matters

HEALA Chew On This Episode 1: How is big food violating our right to nutritious food?

3 June, 2024
AI Matters

Enhancing Customer Experiences: The AI Revolution in South African Business

3 June, 2024
AI Cyber Security Matters

Generative AI In Cybersecurity: What Should Business Leaders Know?

2 August, 2024
Health Matters

Introducing the Future of Personalised Healthcare

8 August, 2024
Entrepreneurship Matters

5 Levers of Valuation That Will Impact The Sale of Your Business

15 August, 2024
Share via
Facebook
X (Twitter)
LinkedIn
Mix
Email
Print
Copy Link
Copy link
CopyCopied