The COVID-19 pandemic has, for many economies and industries, acted as something of a wrecking ball and, inevitably, the consulting industry is no exception: Our current estimate is a global fall in consulting revenues of 16% during the course of 2020. But compare this to our much lower projected contraction in risk consulting, where we currently estimate that revenues will fall by less than 10%, and it’s clear that there are some very different dynamics at play here.
Of course, the risk consulting market is not emerging from this crisis unscathed. Internal audit work has been a major casualty as other priorities have proved to be more pressing; and discretionary areas of spend–such as on risks relating to large transformation programmes–have also taken a big hit. That said, there have been more winners than losers in this area of the market: The need to be compliant with regulations has not gone away, and risk remains a vital component of those mission-critical transformation projects that have continued.
One of the biggest impacts has been on business resilience work, which has taken on a whole new dimension. Before COVID-19 struck, few businesses were prepared to deal with a global pandemic, and fewer still were equipped to deal with such a long-lasting threat. COVID-19 has effectively redefined the way that companies need to consider risk and the future security of their operations, and there has been an upsurge in clients looking for help to work this out. This is made more complex still by the fact that the ripple effects of the pandemic, coupled with the threat of further waves of infection, mean that this is not a case of developing a plan and then ticking it off a to-do list. As one senior risk professional told us recently: “We’re working hard to ensure our clients understand that risk is now so dynamic that they can’t look at it as a single snapshot.”
Cybersecurity demand has also been impacted in a big way. The unprecedented move to home working has exposed businesses to a new swathe of threats and vulnerabilities, and companies are scrambling for help to develop strategies that protect data and IP that is sitting—and being transferred between—often poorly protected home computers. Cybersecurity was one of the fastest-growing areas of risk work even before the pandemic took hold, and is unlikely to lose its leading spot anytime soon.
None of us knows what the rest of 2020 holds, but we can be reasonably certain that one of the least risky areas of consulting will be risk.