Among the many duties politicians have to take care of, one of the less straight-forward issues are questions related to risk. Whereas economic policy, warfare and taxation systems are policy areas that are relatively easy to design and manage, the field of risk is broad and less predictable. One way to cope with risks is to eliminate potential causes. For example, if a state does not have any nuclear plants, then this state does not have to fear a nuclear catastrophe like Chernobyl or Fukushima. However, often this is not possible, because many risks that we have to deal with today are transboundary risks. Applied to the example, we could think about state A not having any nuclear plants, but its neighbouring state B has plenty of them at the border and they explode, which would also heavily impact state A. In our globalised world, the number of potential risks with varying degrees of danger rises continuously. Whether we think about nuclear plants, effects of global warming, global pandemics or cyber risks, many of the problems pose new challenges for policy-makers.

Politicians are not merely appointed, in order to improve the economy, develop sound social policies and try to increase international prestige, but they are also responsible to use pooled resources to enable a continuous and safe social order. This is why schools, bureaucracies, hospitals, the police and fire departments are publicly funded. Certainly, these operational activities are vital to keep the societal life functioning on a daily basis. However, every now and then our societal orders are disrupted by unexpected events like earthquakes, terrorist attacks, pandemics or large-scale fires. How fast the society can recover from such an event and return to the regular daily business depends, of course, on the extent of the disruption. Naturally, in only a few cases, the extent can be humanly controlled, but what is under our full control is the risk management infrastructure: an administrative framework that enables the effective and efficient sourcing and deployment of material resources and manpower. If risks were similar, the job here would be easy. However, as it is mentioned before, there are many potential risks that highly dissimilar and require different approaches. For example, a fire-fighting aircraft will not be useful in case of a cyber attack. So, what can governments do to build a great risk mitigating framework?

The key for success of such a framework lays in the scope and flexibility of the framework. Usually, processes in bureaucracies are well-planned down to the smallest detail and subject to strict procedural rules. Since, it is impossible to account for every potential risk scenario – simply for the reason that we are unaware of many of them -, a proper risk management framework must come in form of a broad sketch of main functions that enter into force in a stress situation. Ideally, a government has a whole ministry that is responsible to work on these frameworks and is gaining vast powers in case of emergencies. In order to account for the dissimilarity of varying risk scenarios, the ministry must first identify a long list of potential risks and group structurally similar scenarios together. For example, fires, floods and tsunamis require the large-scale mobilisation of heavy machinery, or cyber attacks and attempts to overthrow the government both require quick safety measures to protect vital information and people in the government. Grouping similar potential risk scenarios together will not only help coping with already experienced scenarios, but also enhance efficiency when new situations emerge that can be put into one of the identified categories.

Secondly, each risk category should be administered by a specialised department and the human resource strategy should reflect the needs of that specific department (e.g. the department for public health risks should heavily involve health professionals). However, the main aspect is not the establishing of a ministry, nor is it the assignment of departments to the different risk categories. The most important part is the procedural approach in case of emergencies, combined with a long-term legal agenda. Emergencies require quick reaction, short chains of command, concentrated authority and an experienced people at the front. Consequently, each department must designate people within the chain of command that are vested with extra-ordinary powers during emergencies. Further, the departments must implement automated procedures; for example, in the event of a cyber attack, digital storage units are automatically shut down. These automatisms reduce the transaction cost of time and decision-fatigue. Moreover, there is much use in structured emergency plans for potential scenarios that we are already familiar with and that tend to happen more frequently, such as floods.

All of the above are immediate measures once the crisis occurs and needs to be dealt with as efficiently as possible. Many governments already apply similar strategies with much success. However, the best administrative system is obsolete if the infrastructure is porous. Accordingly, it is important that legislative improvements support the operational aspects of risk management. Recently, an Aegean earthquake shook the Turkish city Izmir. Many buildings collapsed and over 100 people lost their lives. In this particular case, it was long known that beneath the Aegean Sea two continental plates occasionally collide and, therefore, is a heightened risk of earthquakes. Sound risk management does not start with the quick dispatch of rescue forces and effective rescue procedure, but with legislation that require the strict adherence to technological standards for more earthquake-resistant buildings. Another example for long-term risk mitigation would be fire prevention measures in arid regions like the Mediterranean countries, Brazil or Australia. Here, the legislative efforts should not only comprise harsh punishments for people who cause fires, but also require the establishment of special protection forces that patrol at key points, in order to quickly detect fires, notify the relevant teams and possible take first action. The examples are endless, but the logic remains the same: risk management is, contrary to popular belief, a daily business and needs to be continuously developed. Accordingly, the relevant institutions need to constantly find new ways to lower the risk of catastrophes, while also looking for ways to lower the impact such a crisis would have, in case it occurs nonetheless. Because of the volume of aspects and the complex interaction of these multilayered factors, risk management ministries should be one of the busiest ministries. Further, enhanced legislation that accounts for risk mitigation often has positive spill-over effects on other policy areas. Thinking about the earthquake example, the proposed legislation that requires the implementation of technical standards will also automatically make the use of environmental-friendly materials more feasible and improve the urban landscape by transforming cities into more modern-looking regions. In turn, this leads to better quality of life, which influences happiness and productivity.

As it can be seen, risk management is more difficult, due to the multi-facet nature of our contemporary world. However, with the right vision, a lot of commitment and serious funding, it has the chance to reduce external disruptions and play a key part in shaping progressive policies in the future.