It's hard to go a day – or an hour – without hearing about the 'unimaginable' scale of COVID-19. The extreme crisis beyond comprehension. An unforeseeable event – apparently. Whether it is a 'black swan' event or not will be debated – and probably litigated – soon enough. Its cause might even be the subject of a global inquiry if the Prime Minister has his way.

But as the fight for survival inches slowly towards recovery, businesses that spend the coming years immersed in internal navel-gazing and restating risk strategies confined only to the immediate context of a global pandemic will repeat the same mistake that has contributed to so much of their current hardship.

The financial pain of COVID-19 is in that sense the symptom, not the root cause, and reactionary responses from businesses in a post-coronavirus world may offer some immediate relief but will not be a magical future-proofing cure.

Regulators will be expected, soon enough, to peer into boardrooms, scrutinising governance and cultural settings consistent with their stance since the Banking Royal Commission. Remember that?

In its October 2019 review into board oversight of non-financial risk, ASIC's Corporate Governance Taskforce identified some concerning trends. An inability on the part of directors to 'think laterally and innovatively to overcome challenges' and to 'change past practices to minimise the likelihood of future failings'. Boards getting lost in 'dense, voluminous board packs' and leaving critical gaps in strategic planning. And an overly-collegiate culture leading to an absence of proactive, probing engagement in the business, forward planning and holding one another, and management, to account.

And in releasing a summary of the governance practices of large financial institutions, insurers and super entities six months earlier, APRA identified what it termed a 'boiling frog' effect, with boards content to plod along and prioritise action only 'when there is regulatory scrutiny or after adverse events'.

The current pandemic is undoubtedly an extreme event. But so were the devastating summer bushfires that wiped out billions of dollars for insurers, financiers and businesses in the tourism and entertainment sectors, among others. And the narrative then was that the bushfires were an isolated 'once in a century' event. They could not have been planned for and 'she'll be right' for another hundred years.

Yet the scale and intensity of similar extreme events will only increase with a changing climate. As will the risk for boards. Globally, 2019 saw a strong rise in climate-related litigation, with the total number of climate change court cases rising to 1444, up from 1302 a year before, and spread over 33 countries.

Global authorities have been at pains to warn of the demand and supply chain disruptions for businesses, increased prices and regulatory compliance costs, and exposure for insurers and financiers as a result of climate change. Our own regulators – the RBA, ASIC and APRA – have been clear in regulatory guidance in the last 12 months that climate change is a 'now' issue; it requires risk planning and mitigation by every company in every sector of the economy.

Directors can no longer bury their heads in the sand, putting climate change in the too hard basket for tomorrow's board.

Even in the health context, COVID-19 is not unique. While not to the scale of the current crisis, SARS in 2003 and the Ebola virus a decade later were red flags and the containment of those viruses should have served as a lesson, not a cause for bravado or entrenching a false sense of invincibility. In his 2015 TED talk, Bill Gates cautioned world leaders and businesses that the next global catastrophe would be another pandemic, a 'highly infectious virus' more devastating than any natural disaster or war. Our own regulator, APRA, issued a Prudential Practice Guide on Pandemic Planning in May 2013 cautioning banks, insurers and super funds to proactively plan for and manage the risks of future widespread outbreaks that could impact on their operations.

And extreme events aside, let's not forget that the scale of other more 'everyday' business disruption risks – money laundering, financial crime, data and privacy breaches and major workplace health and safety incidents to name a few – also continues to rapidly evolve in the background. With the current pandemic-centric macro and micro world view, have these risks been all but forgotten?

The critical task for boards is to begin – and follow through with – the corporate governance overhaul our regulators have prioritised and are waiting to pursue with vigour once the worst of COVID-19 subsides. To break down every aspect of their operations and put in place stress testing and business continuity plans for every kind of disruption to which they could be exposed. And to go about tackling some of the harder issues too – creating an effective corporate culture marked by proactive planning and engagement, questioning and probing into the details instead of a tick the box item on the board agenda. Not just signing off on another motherhood policy statement but actually ensuring it is implemented and is effective. Working with management and all staff to ensure serious risks are escalated and challenges are welcomed and supported.

If boards do not confront these challenges now – and instead view the landscape with tunnel vision as a reactionary response to the immediate pandemic context – then in another 12 months the type of risk might have changed (perhaps another extreme weather event or a ransomware attack) and it might not affect so many businesses at the same time like COVID-19 has. But the same impact will replay for individual companies time and time again.

So while the global quest for a COVID-19 cure continues, all boards can take control of their own destinies now. Prevention always trumps any cure.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.