COVID-19 from a risk management perspective

Risk Management is daily business in cybersecurity and when following the COVID-19 news I am sometimes surprised that at least in some countries the decisions on countermeasures like social distancing and lockdowns are mainly taken by virologists. This makes sense at a first glance because they know best how COVID-19 spreads, but they might not be experts on risk management and social behavior.

Take Sweden as an example where staying at home is only recommended, but no enforced lockdowns take place. Most decisions there are taken by their chief virologist Anders Tegnell. He might be a good virologist, but the Swedish government seems to lack risk management expertise or follows the strategy to prefer economic or own interests over saving human life. Even though the strategy of herd immunity might be a valid option for COVID-19, it is a risky one and comparably high death rates proof that for Sweden and the UK (which recently changed their strategy). Of course, many people did not expect such a pandemic to ever occur. Anyway, every professional government should have prepared a crisis plan that covers such a severe situation beforehand. Like in every good information security strategy or business continuity plan, the risk appetite and priorities should be defined in this crisis plan, e.g. “Human life should be protected over economic interest” or maybe the other way around.

In times of capitalism and market economy it is not surprising that many people strive to optimize life for themselves and their close friends and family, but do not consider the well-being of the whole society if the social or financial burden for themselves gets too high. For sure there are many people that consider lockdown restrictions as a high burden and the risk of getting severely sick as relatively low. Those people will ignore government recommendations and some of them even guidelines and thus further spread the disease. Also, people tend to evaluate risks wrongly in general. They underestimate risks if they have the feeling that they can influence the risk by themselves e.g. when steering a car and overestimate risks if they have no influence on them like being on an airplane (not the pilot) or being hit by a terrorist attack. People also perceive risks higher if they are personally affected. You can read more about perceived vs. actual risks in this article.

Having those factors in mind it should be unavoidable from a government perspective to adopt and enforce rules to limit the spread of COVID-19 and keep death rates as low as possible. Lockdowns should be kept until sufficient compensating measures like widespread testing for antibodies and a (privacy-friendly) Corona App are in place to keep the curve flat.

So be patient if your government enforces or keeps lockdowns longer than you wish. They might have a limited risk appetite that helps to avoid cases of death. And you can speed up re-opening by supporting compensating measures: stay home if possible, keep distance & wear masks when in public, …

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.