Increasingly interconnected risks require unified risk management
Operational risk is on the rise according to a Moody's survey, making unified risk management vital, say Sapna Amlani and Stephen Golliker
Energy and utilities companies and their partners face an era where risks come in many forms and are increasingly interconnected, requiring them to take a more unified approach to risk management to protect their operations and anticipate, mitigate and respond to threats in real time.
Economic uncertainty, geopolitics and interconnected digital systems mean risk events rarely occur in isolation, so they should not be treated in silos. Technology is amplifying both interdependence and exposure. This means a problem at any point in a supply chain – the result of a financial collapse, a natural disaster, sanctions, cyber attack or other cause – is likely to have knock-on effects elsewhere, as supply chains stretch across continents and data travels instantaneously.
In a Moody’s survey of 50 senior company executives responsible for risk, compliance, finance, procurement and operations, 41 reported increased exposure to operational risk in recent years.
“Operational risk has taken on a whole new dimension because of how connected everything is,” said one respondent to the survey, which was conducted between July and September 2025 across a broad mix of industries globally. “A disruption in one vendor, one data centre, one logistics partner, and it cascades instantly.”
Survey respondents also noted a rise in cyber risk, with 46 out of 50 saying cyber risk has grown as a threat to their business in recent years. Shell and Haliburton are among high-profile companies in the energy sector that have been affected by ransomware attacks in the past two years.
Operational risk has taken on a whole new dimension because of how connected everything is. A disruption in one vendor, one data centre, one logistics partner, and it cascades instantly
A survey respondent
Respondents also indicated that digital dependency has outpaced digital control, as organisations have migrated critical operations data and decision systems into cloud environments and third-party platforms faster than their governance frameworks have adapted.
Many firms rely on fragmented risk management systems. Risk functions are often divided between IT, compliance, finance, procurement and operations, respondents reported. Divided workflows often hinder visibility and delay response times. Manual processes may hold up onboarding, obscure supplier vulnerabilities and increase the likelihood of regulatory breaches. The result is often that data is siloed, processes are inconsistent and accountability diffuse, potentially leading to a growing ‘execution gap’ between recognising risk is interconnected and being able to act on that insight.
This fragmentation may be especially dangerous in the context of third-party risk. Suppliers, contractors and intermediaries often have access to internal systems and data, introducing operational, financial and cyber security risks. Without a unified view, energy firms may struggle to assess interdependencies and anticipate disruptions that could harm business continuity.
Unified risk management systems can mitigate some of this risk by helping risk managers draw timely information from many sources, providing tools to assess evolving and interconnected risks at any time. This can help make fast, informed decisions and potentially mitigate dangers. To be effective, this requires accurate, up-to-date datasets and suitable tools to interrogate them, together with the right processes.
A unified risk management system consolidates risk profiles into a single, integrated platform. It may support perpetual monitoring, automated alerts and real-time decision-making across key dimensions – from financial health and sanctions exposure to cyber security threats and vulnerability to extreme weather events.
Ideally, the system is supported by a wider unified approach to risk management across the company, which includes clear governance, well-defined risk appetite, strong accountability across disciplines and strategic priorities set out by boards and senior leadership. This approach transforms risk management from a reactive exercise into a proactive strategy.
Global risk has entered a new phase of speed, interdependence and unpredictability, as interlinked forces can amplify one another in unexpected ways
High-quality data is also a critical component of effective risk management. Without it, even the most advanced tools may fall short. Unified systems can integrate internal and external data sources – including public registries, compliance databases and media reports – to help build more comprehensive risk profiles. Technology can then be harnessed for maximum impact.
For example, by embedding predictive analytics, firms may be in a better position to detect early signals of distress, geopolitical instability, or regulatory change. Automated due diligence tools can flag complex ownership structures or hidden dangers in high-risk jurisdictions, leading to faster and more informed responses.
Additionally, advances in technology, including artificial intelligence, have made it simpler to integrate, monitor and update large and varied datasets with the information needed to assess the risk of a supplier or other partner. Rigorous risk assessment of third parties requires regularly updated data on that entity and the circumstances that may affect it. Key information might include the latest details on financial reports, credit ratings, ownership changes, geopolitics, natural disasters, tax changes, cyber security measures, stories in the media and other data.
Carrying out this monitoring manually is very time-consuming but, with AI, datasets can be gathered and then interrogated using advanced analytics to identify patterns and predict outcomes, and alerts can be set up to warn if suppliers may have weaknesses. Furthermore, tasks like these can be carried out in minutes, rather than days. The time saved may be crucial to protect operations and supply chains before damage occurs.
Such unified platforms may also be able to run what-if scenarios to show the likely impact of events such as tax changes, possible sanctions or extreme weather events, on particular partners. This would allow contingency plans to be made if such circumstances occur. For example, it may be possible to model the effects of a powerful hurricane on an energy company’s operations, logistics and partners in a given area and take steps to mitigate problems before they happen.
Third-party and operational risks have grown as organisations have become more dependent on – and responsible for – extended, multi-tiered networks of suppliers and partners. Digital transformation has multiplied the number of external interfaces and service providers on which business continuity depends. This complexity can create new points of failure. Survey respondents widely referred to how a single disruption in one vendor, one data centre, one logistics partner may cascade quickly, disrupting operations, breaching compliance rules, or exposing data across multiple regions.
Global risk has entered a new phase of speed, interdependence and unpredictability, as interlinked forces can amplify one another in unexpected ways. A cyber incident can trigger supply-chain disruption, regulatory intervention and reputational fallout within days. Economic volatility and geopolitical shifts can ripple through financial markets and affect consumer behaviour.
Energy and utilities companies also need to consider how local rules will affect their operations and their risks. For example, Germany’s Energiewende policies have tightened emissions compliance and accelerated renewables integration, creating regulatory complexity for gas-fired plants.
Risk is increasingly viewed as a strategic business challenge and a growing concern at board level. Risk teams are now expected to anticipate disruptions, not just respond to them. A unified risk management system can help make this happen. By using risk indicators, monitoring changes and setting up early-warning signals, suppliers in stress are more likely to be identified before they impact operations. The combination of good data and good processes with a unified platform makes it much easier to plan ahead and avoid potentially costly disruptions to operations and the supply chain.
Sapna Amlani is the supply-chain industry practice lead and Stephen Golliker the energy and resources industry lead at Moody’s.
More on Risk management
Energy Risk Europe Leaders’ Network: geopolitical risk
Energy Risk’s European Leaders’ Network had its first meeting in November to discuss the risks posed to energy firms by recent geopolitical developments
Energy Risk US Leaders’ Network: tackling volatility
Energy Risk’s inaugural US Leaders’ Network convened in Houston in October to discuss risk management challenges caused by geopolitical upheaval, policy uncertainty and volatility
LNG trading strategies set to change amid major market shifts
The global LNG market is on the brink of significant changes set to alter trading dynamics and market behaviour, say analysts
Why commodity finance is ripe for stablecoin
Digital currency brings cost efficiencies to financing, but its real benefit to commodity firms lies in making huge pools of new capital available, write Jean-Marc Bonnefous and Ronan Julien
US shutdown leaves commodity traders without key data
Commodity traders are ‘flying blind’ without Commitment of Traders reports
Energy Risk at 30: Learning from the past
Energy Risk looks back at the seminal events and developments that have shaped today’s energy markets
Past disasters can prove the value of energy risk management
Analysing failures and losses at energy firms can underscore the value of consistent, high-quality risk management
How quants shaped the modern energy markets
The business models of today’s utility firms are built on quantitative analysis, but the introduction of these techniques in the 1990s was far from smooth
