Let’s talk risk: Embracing risk velocity in public sector risk management

InsightsPublic and social sector insights

Risk velocity in public sector risk management

22 January 2025
In the risk management landscape, public sector organisations increasingly recognise the need to adapt their strategies to address emerging challenges. One of these challenges is risk velocity, a relatively unused term in most organisations which assesses the speed at which risks can impact an organisation.

As we move into 2025, public sector organisations must consider the velocity of risk in their risk management frameworks. Our experts look at the importance of risk velocity, how it differs from traditional risk assessment, and why public sector organisations should integrate it into their risk management practices.

What is risk velocity?

Risk velocity refers to the speed at which a risk event can affect an organisation. Unlike traditional risk assessments that focus primarily on the probability and impact of risks, risk velocity adds a temporal dimension, emphasising how quickly a risk can materialise and cause disruption. This concept is particularly relevant in today’s fast-paced environment, where the timing between a risk event and its consequences can be almost instantaneous.

Why is risk velocity important in the public sector?

Public sector organisations operate in a financially constrained, complex and dynamic environment, where they must balance multiple priorities, including public safety, service delivery, and regulatory compliance. Including risk velocity within risk management offers several key benefits:

  1. Enhanced preparedness: By considering the speed at which risks can impact operations, public sector organisations can develop more effective response strategies. This proactive approach enables them to mitigate risks before they escalate into crises.
  2. Improved resource allocation: Understanding risk velocity helps organisations prioritise resources more effectively. High-velocity risks that can cause immediate and significant disruption can be addressed with greater urgency, ensuring that critical resources are allocated where they are needed most.
  3. Increased resilience: Incorporating risk velocity into risk management frameworks enhances organisational resilience. By anticipating rapid-onset risks, public sector organisations can build more robust systems and processes to withstand and recover from disruptions.

How does risk velocity differ from traditional risk assessment?

Traditional risk assessments typically evaluate risks based on their likelihood and potential impact. These factors are essential, but they do not capture the full picture of how risks can affect an organisation. Risk velocity introduces a third dimension, timing, which provides a better understanding of risk dynamics.

For example, a risk with a high probability and high impact but low velocity may not require immediate action, as its effects will unfold gradually. However, a risk with moderate probability and impact but high velocity requires swift intervention due to its potential to cause rapid and severe disruption.

Examples of the impact of risk velocity in the public sector

  • Cybersecurity threats: In recent years, public sector organisations have faced an increasing number of cyberattacks, including the recent ransomware attack on a major IT provider of the NHS in 2024. These attacks often occur with little warning and can cause immediate and widespread disruption. Considering risk velocity in risk management frameworks allows for the development of rapid response plans and investment in advanced cybersecurity measures to mitigate the impact of such threats.
  • Extreme weather events: Extreme weather events, such as floods and storms, can strike suddenly and with devastating effects. Public sector organisations responsible for emergency management must consider the velocity of these risks to ensure timely and effective responses. This includes developing flood resilience measures, early warning systems and establishing contingency plans.
  • Public health crises: The COVID-19 pandemic highlighted the importance of risk velocity in public health management. The rapid spread of the virus needed swift action to contain outbreaks and protect public health. Integrating risk velocity into risk management practices will enable public health agencies to better prepare for and respond to future pandemics and health crises.

How to integrate risk velocity into risk management frameworks

Risk identification and assessment

Begin by identifying potential risks and assessing their probability, impact, and velocity. This evaluation will provide a clearer picture of the risk landscape and help prioritise risks based on their urgency and potential consequences.

Scenario planning and simulation

Conduct scenario planning and simulation exercises to understand how high-velocity risks could unfold and impact your organisation. These exercises can help identify vulnerabilities and develop strategies to mitigate rapid-onset risks.

Early warning systems

Invest in early warning systems and monitoring tools to detect emerging risks quickly, which can provide real-time data and alerts, enabling your organisation to respond promptly to high-velocity risks.

Crisis management and response plans

Develop and regularly update crisis management and response plans that account for risk velocity. These plans should outline clear roles and responsibilities, communication protocols, and response actions to ensure a coordinated and effective response to rapid-onset risks.

Training and awareness

Provide training and raise awareness among your staff about the importance of risk velocity and how to respond to high-velocity risks. This includes conducting regular drills and exercises to ensure that employees are prepared to act swiftly in the face of emerging threats.

What are the challenges when integrating risk velocity into risk management frameworks?

  • Data quality and availability: Effective risk velocity assessment relies on high-quality, timely data. Public sector organisations must invest in data collection and management systems to ensure they have access to accurate and up-to-date information.
  • Resource constraints: Implementing risk velocity measures may require additional resources, including funding, technology, and personnel. Given current constraints many public sector organisations will be turning to third parties to help upskill their current staff and review their processes.
  • Cultural change: Embracing risk velocity might require a cultural shift within organisations, and leaders will need to promote a risk-aware culture that values proactive risk management and encourages employees to act swiftly in response to emerging threats.

As public sector organisations start to navigate the complexities of 2025, considering the velocity of risk in their risk management frameworks is essential. Risk velocity provides a more comprehensive understanding of how risks can impact organisations, enabling them to develop more effective response strategies and enhance their resilience.

As we look to the future, the ability to anticipate and respond to high-velocity risks will be a critical component of effective risk management. Public sector organisations must embrace this new dimension of risk assessment and invest in the tools, technologies, and processes needed to manage risk velocity effectively.

Get in touch

For more information about implementing risk velocity into your risk management framework, please contact us and one of our risk consulting experts will be in touch.

Contact us today

People in public and social sector looking at computer

Public and social sector insights

As expert advisers, with strong links across the public and social sector, our team draws on its market knowledge and industry experience to publish research and observations on new developments and regulations.

Read more

Key contacts

Contact us

+44 20 7063 4000
Meet our local team
Discover our offices
Or use our contact form