The physical and digital landscape is changing quickly, and facilities managers face serious challenges in managing risks across both of those environments. However, there are ways that facilities professionals can manage this new world of risk and help keep assets and occupants safe. At the 2025 IFMA World Workplace conference and expo, three risk experts discussed actionable risk management strategies:
- Colette Temmink, EVP, strategy and delivery, for Voxel
- Marshall MacFarlane, facilities senior project manager for Bell Bank
- Daniel Stonecipher, chief product and technology officer for GeoComm
How Risk Has Changed
The digital transformation has completely changed the playing field, Stonecipher said. “The traditional risks were around physical assets—things that were localized, that you could see,” he explained. “In the digital environment, things are happening invisibly.” One example is work-from-home policies. They’re popular with employees, but they also increase your cybersecurity vulnerability.
Digitally enabled ecosystems used by organizations also come with interdependent risks. The physical environment isn’t just the realm of security or FM anymore—it’s daisy-chained to other departments, such as HR, Stonecipher said.
“There’s a significantly larger number of digital tools and ecosystems in play now, and advancing my playbook from something that was reactionary to a predictive environment speaks to an organization’s level of brand and trust in security,” Stonecipher said. “That high level of brand is going to be completely dependent on their ability to secure their data, and that data needs to be part of the risk management system.”
Managing Risk in the New Environment
“Today’s world is obviously much different than it used to be,” noted MacFarlane. “Things are much faster.” Think about the last time a local business had some kind of negative event, such as a fire, he said. Remember how fast the news spread on social media? “It’s too hard to put the genie back in the bottle,” MacFarlane said. “It happens that fast, in hours or days. We have 24/7 news cycles and instant worldwide communications.”
Other factors affecting risk management today include:
- We’re dispersed, whether that means hybrid work arrangements or global companies. You might have a centralized risk management department, but it’s overseeing people all over the world.
- Technological threats like doxxing and hackers didn’t exist decades ago, but now they’re a major factor in risk management.
- There are perception-based risks, especially on social media, MacFarlane noted: “We have a lot of preconceived notions that are not necessarily accurate that we’re battling against,” he said.
To help manage these new sources of risk, new strategies are needed.
“Risk management can no longer be a secondary function,” MacFarlane said. “Back when it was focused on assets, risk management was assigned to the HR group or the FM group to make sure your regulatory stuff was up to compliance and you followed fire code. You may need more than one risk management person. You may need a department.”
Better training, better company cultures, and more accountability are also crucial, he added. Every employee at your organization has a role in risk management, “whether it’s social media, whether it’s observing OSHA infractions on the floor, or security measures,” MacFarlane said. “If an employee keeps seeing somebody propping the door all the time, address that. You can’t just put folks in those situations—they need to know when to say something, what’s accurate, and what your company’s policies and plans are so they’re feeding the right information.”
Risk managers also need to be technologically savvy, whether they’re playing offense or defense, and understand public perceptions, MacFarlane added. A new collaborative approach is needed where IT, HR, media relations, and facilities managers all have active roles.
The Future of Risk Management—Challenges and Opportunities
One of the major shifts in risk management is moving from compliance to strategy, Stonecipher said. AI tools, digital twins, and interconnected systems can help facilitate that shift by detecting issues at a pace and level of detail that humans simply can’t. However, AI isn’t the silver bullet that some would like to think it is.
“People think of AI as something that’s providing an irrefutable source of truth, and there’s becoming a reliance on that irrefutable truth, but that data model is continuously being updated,” Stonecipher said. “There’s information going into the model, and biases can be introduced into that model. If you have a cultural shift or your organization thinks in a certain way and feeds in information that is biased, your model can give you biased data.”
Risk management can sometimes feel like an anchor or like a fire that has to be contained, Stonecipher added. But there’s also an upside to risk. When you integrate risk management with safeguards around revenue, operations, and reputation, that has a positive impact on your business.
“How am I tying all of this together? How am I strategically, as a business, thinking about risk and using that as a motivator? How am I advancing my organization?” asked Stonecipher, noting that risk can be a strategic lever to invest money in the right places. “This is forcing resiliency by design.”
