What Have We Forgotten About Risk?

The value in risk... what we see and what we miss

Before Risk Had a Name

There are moments when I find myself wondering whether we have become so focused on managing risk that we have forgotten why we started trying to understand it in the first place?

That may sound like an unusual question coming from someone who has spent much of their career working alongside organisational leaders, their teams, and departments across a wide range of industries, sectors, and operating environments. Yet the longer I spend exploring these spaces, the more I find myself returning to a simple observation.

Long before there were risk registers, policies, governance frameworks, compliance obligations, standards, audits, or regulators, there were people.

And before there was risk, there was fear.

Long before humanity developed the language to discuss probability, consequence, governance, strategy, compliance, or accountability, we understood what it felt like to face uncertainty. We understood danger. We understood vulnerability. We understood loss. We understood the possibility of harm.

Fear is one of humanity’s oldest companions. It helped our ancestors survive. It sharpened awareness, encouraged caution, and focused attention on things that could cause harm. In many ways, fear was never the enemy. Fear was information. It was a signal that something mattered and deserved attention.

Yet fear alone does not explain humanity’s story.

If fear were our only guide, we would never have crossed oceans, explored new lands, built communities, developed technologies, created businesses, or pursued ambitious ideas. Alongside fear sat something equally powerful: possibility.

Human progress has always emerged from the tension between these two forces. The fear of what could go wrong and the possibility of what could go right. The fear of loss and the pursuit of something better. The fear of uncertainty and the courage to move forward anyway.

This tension can be seen in the very origins of the word risk itself. Historians often trace the concept back to maritime trade, where merchants and sailors faced uncertain voyages across dangerous seas. Storms, hidden reefs, piracy, changing weather conditions, and the ever-present possibility of losing ships, cargo, livelihoods, and lives created significant uncertainty.

Yet those voyages continued.

Not because the dangers were ignored, but because the opportunities were worth pursuing.

In many respects, risk emerged as humanity’s attempt to better understand and navigate the space between fear and possibility.

Yet even before risk had a name, people were already doing something remarkably important.

People lived in communities. They shared stories. They passed on knowledge. They learned through experience, hardship, mistakes, triumph, observation, and wisdom. And when they encountered something that could cause harm, whether to themselves, their families, or their communities, they did something remarkably simple.

They shared what they knew.

A parent warned a child about the edge of a cliff.

A hunter explained where predators had been seen.

A traveller shared knowledge of dangerous terrain.

A community prepared for changing weather patterns.

None of these people would have described themselves as risk managers. Yet when viewed through a modern lens, they were doing something that sits at the very heart of risk management.

They were attempting to understand uncertainty, reduce harm, and improve outcomes.

More importantly, they were doing so because they cared.

The Evolution of Risk Management

As communities grew into towns, towns into cities, and societies into increasingly complex systems, the challenges people faced also evolved.

The uncertainty surrounding a family, village, or local community eventually expanded into uncertainty surrounding trade, commerce, governments, organisations, infrastructure, technology, financial systems, supply chains, and global markets.

The simple act of sharing knowledge and wisdom remained important, but it was no longer enough on its own.

As complexity increased, new ways of understanding and managing uncertainty became necessary. Structures emerged to create consistency. Processes emerged to support decision-making. Governance frameworks developed to strengthen accountability, while standards provided a common language through which organisations, industries, and governments could better navigate uncertainty.

Over time, these developments evolved into many of the risk management, compliance, regulatory, and assurance practices we recognise today.

And in many respects, this evolution has been extraordinarily successful.

Workplaces have become safer, buildings more resilient, transport systems more reliable, and financial protections stronger. Corporate governance has matured, and lessons learned from incidents, failures, disasters, and tragedies have informed new standards, regulations, and practices designed to prevent history from repeating itself.

Though the reality is, we still have work to do here, as some lessons appear to need repeating and do just that.

For the most part, however, millions of people have benefited from these advancements. It would be difficult to argue otherwise.

Yet perhaps every evolution comes with trade-offs.

Because while our systems became more sophisticated, our relationship with risk also began to change.

The conversation gradually shifted from shared wisdom to documented process, from stewardship to compliance, from understanding to obligation, and from protecting what matters to demonstrating that requirements had been met.

Of course, this wasn’t intentional.

Nor was it universal.

Many leaders, practitioners, and organisations continue to approach risk management with genuine care, purpose, and a desire to create better outcomes.

Yet it is difficult to ignore that for many people today, risk management is no longer experienced as an opportunity to better understand uncertainty, protect what matters, or create positive outcomes.

Instead, it is often experienced as a requirement. Something that must be completed, reported, complied with, and, in some cases, simply endured.

And perhaps that is where an important question begins to emerge.

Have we become so focused on managing uncertainty that we have become disconnected from why we sought to understand it in the first place?

When Fear Took the Driver's Seat

This is where I believe our relationship with risk begins to become particularly interesting.

Because while risk may have evolved significantly over time, one thing has remained remarkably consistent.

Fear.

Fear sat near the beginning of the story, helping our ancestors recognise danger, navigate uncertainty, and survive.

And if we are honest, fear still sits quietly beneath many of our modern conversations about risk today.

The fear of failure.

The fear of loss.

The fear of harm.

The fear of making the wrong decision.

The fear of being held accountable.

The fear of missing something important.

The fear of being blamed.

The fear of getting it wrong.

These fears are not irrational.

Nor are they unique to leaders, boards, regulators, practitioners, or organisations.

They are deeply human.

Yet perhaps one of the greatest challenges we face is that fear can sometimes become so loud that it prevents us from seeing anything beyond the threat itself.

When this happens, risk becomes synonymous with danger.

Compliance becomes synonymous with obligation.

And opportunity quietly fades into the background.

Yet if history teaches us anything, it is that risk was never solely about avoiding harm.

It was also about pursuing possibility.

The merchants who crossed dangerous seas understood this.

The explorers who ventured into unfamiliar territory understood this.

The innovators who challenged accepted thinking understood this.

The leaders who chose to act despite uncertainty understood this.

Risk and opportunity have always travelled together. They have never been opposing forces, but two sides of the same coin.

The challenge is that fear often convinces us to focus on only one side of the conversation.

The Cave We No Longer Enter

There is a quote from Joseph Campbell that has stayed with me for many years and one I often share:

"The cave you fear to enter holds the treasure you seek."

Of all the leadership, risk, and personal development quotes I have encountered, this may be one of the most relevant to risk management.

Because fear has an extraordinary ability to narrow our field of vision.

Clarity Cave

When fear takes hold, our attention naturally gravitates towards what could go wrong. We become focused on threats, vulnerabilities, exposures, consequences, and the possibility of failure. In many respects, this is a perfectly normal and understandable response. After all, fear evolved to help us survive.

The challenge is that fear was never designed to help us see the complete picture. Its role was to capture our attention and encourage us to pause, assess, and respond. What happens after that is where our judgement, experience, wisdom, and perspective begin to matter.

This is where I often find myself returning to an acronym that has followed me throughout much of my career:

FEAR — False Evidence Appearing Real.

Not because all fear is false. Far from it. Some fears are entirely justified. Some threats are very real. Some consequences are significant. Some exposures deserve our full attention and respect.

Yet fear also has a remarkable ability to influence the stories we tell ourselves.

It can convince us that uncertainty automatically equals danger. It can convince us that discomfort should be avoided. It can convince us that challenging conversations are best left untouched, or that maintaining the status quo is somehow safer than pursuing something better. And perhaps most importantly, it can convince us to stop exploring before we have fully understood what we are looking at.

The longer I have worked with leaders, teams, boards, and organisations, the more I have come to appreciate that some of the greatest opportunities for growth often sit on the other side of discomfort.

This is not because discomfort is enjoyable, challenge is easy, or harm should ever be dismissed. Rather, it is because growth rarely asks for permission before it arrives.

More often than not, growth appears disguised as uncertainty, challenge, vulnerability, difficult decisions, conversations we have been avoiding, assumptions that deserve to be questioned, or risks we do not yet fully understand.

This is where I believe many of us have developed a complicated relationship with risk.

We have become highly skilled at identifying threats, yet often less comfortable exploring the possibilities that sit alongside them. We have become accustomed to asking, “What if this goes wrong?” Yet perhaps we do not ask often enough, “What if this goes right?”, “What if there is something here we have not yet seen?”, or “What if the thing making us uncomfortable is also the thing most capable of helping us grow?”

Throughout history, progress has rarely emerged from certainty. Innovation has rarely emerged from certainty. Leadership has rarely emerged from certainty. Every meaningful advancement, whether personal, organisational, or societal, has required someone to step forward despite uncertainty rather than waiting for its complete removal.

The explorers who crossed oceans understood this. The merchants who accepted the uncertainty of trade understood this. The innovators who challenged accepted thinking understood this. The leaders who chose courage over comfort understood this.

Perhaps one of the greatest opportunities available to us today is not to remove fear or ignore it, but to understand it differently. To recognise that fear may be highlighting something worthy of our attention while also recognising that it may not be telling us the entire story.

Because if risk and opportunity have always travelled together, then perhaps the question is not whether fear exists. 

Perhaps the question is whether fear has become so loud that it prevents us from seeing the opportunity standing beside it.

Remembering What We Are Trying To Protect

As I reflect on the journey of risk and risk management, I find myself returning to a simple yet important question: what are we actually trying to protect?

It sounds like an obvious question, yet perhaps it is one we do not ask often enough. Somewhere amongst the frameworks, processes, policies, compliance obligations, reporting requirements, governance structures, and regulatory expectations, it can become surprisingly easy to lose sight of the reason those things exist in the first place.

None of this is intended to diminish their importance. The frameworks matter. Governance matters. Compliance matters. Regulation matters. Each has evolved for a reason, and each continues to play an important role in helping organisations, industries, and communities navigate an increasingly complex world. Yet they were never intended to become the purpose themselves. They were intended to support something much bigger.

When I think about the communities that existed long before risk had a name, I do not see people focused on compliance, reporting obligations, or regulatory requirements. I see people sharing knowledge gained through experience. I see wisdom being passed from one generation to the next. I see people helping one another navigate uncertainty, avoid harm, and create better outcomes for those around them. At its heart, the motivation was not obligation. It was care.

While the tools have evolved significantly over time, I am not convinced the underlying reason we care about risk has changed all that much. We still care because uncertainty affects people. It affects the people we lead, the people we work alongside, the people we serve, the people we love, and the communities we are part of. It affects our opportunities, our wellbeing, our livelihoods, our aspirations, and the futures we hope to create.

Perhaps this is why I have always believed that risk starts and ends with people.

Not because people are responsible for every challenge we face, nor because every solution can be found by focusing solely on people, but because people remain the reason these conversations matter. Remove people from the equation and discussions about harm, opportunity, accountability, governance, leadership, culture, trust, and stewardship lose much of their meaning.

The longer I spend exploring risk, the more convinced I become that its greatest potential has never been in helping us avoid uncertainty altogether. Rather, its potential lies in helping us understand uncertainty more clearly, navigate it more thoughtfully, and engage with it in ways that create better outcomes for people, organisations, and communities.

In many ways, this brings us full circle. The earliest forms of what we now call risk management were not born from a desire to create policies, frameworks, standards, or compliance obligations. They emerged from people sharing concerns, experiences, observations, and wisdom with one another. They emerged from a desire to reduce harm, improve outcomes, and help others navigate an uncertain world.

As societies became more complex, the systems surrounding risk quite naturally evolved. They had to. Yet perhaps in our pursuit of consistency, accountability, governance, capability, and control, some of the original connection became harder to see. Perhaps the language became more technical. Perhaps the processes became more structured. Perhaps the purpose became buried beneath the mechanisms designed to support it.

If that is true, then perhaps the opportunity before us is not to reinvent risk management, but to reconnect with it.

To reconnect with the stewardship that sits beneath accountability. To reconnect with the purpose that sits beneath compliance. To reconnect with the people who sit behind every decision, every policy, every framework, every consequence, and every opportunity.

Because risk was never solely about avoiding what could go wrong. From its earliest beginnings, it was also about understanding what could go right, and having the courage to move forward despite uncertainty.

Perhaps that is what the merchants who crossed dangerous seas understood. Perhaps it is what explorers, innovators, and leaders throughout history have understood. And perhaps it is what many of us have an opportunity to rediscover today.

Because while risk management has evolved significantly over time, the reason we care about it remains remarkably unchanged.

It has always been, and will always be, about people.

Perhaps the opportunity before us is not to create an entirely new way of thinking about risk, but to rediscover something that was there from the beginning.

The understanding that uncertainty has always carried both danger and possibility.

The understanding that fear is a starting point, not a destination.

The understanding that wisdom is often found beyond discomfort.

And the understanding that protecting what matters has never been solely about avoiding harm, but also about creating the conditions for people, organisations, and communities to thrive.

Perhaps that perspective is not new at all. Perhaps it is simply an old truth waiting to be remembered.

And perhaps, in remembering it, we may discover that the future of risk management lies not in seeing more danger, but in seeing more clearly.

About the Author

Featured Posts

What Boards Amplify

What Boards Amplify

BLOG Series: The Risk Sitting Around the Board Table – Part 3 Governance Shapes the Organisation In the second blog of this series, I explored

Read More »