Future Ready

RIMS 2015 Annual Conference & Exhibition, New Orleans

The changing world of risk demands that risk professionals be well-versed about not only what is happening now, but also about what is coming up. With the C-Suite increasingly involving risk professionals in the conversation, as well as relying on them to provide an accurate view of potential risks, being informed and prepared is essential. Attendees of the RIMS 2015 Annual Conference & Exhibition, held April 26 to 29 in New Orleans, learned how best to be ready for everything from cyber security to use of drones, competition and big data.

CYBER RISK VAULTS INTO TOP 10

Cyber has entered the 2015 Global Risk Management Survey’s Top 10 global risks for the first time, demonstrating it is a key risk factor for today’s businesses, reports Aon Risk Solutions, the risk management business of Aon plc.

Cyber risk vaulted to nine from 18 in Aon’s 2013 Global Risk Management Survey, notes the latest edition of the biennial survey, released at RIMS 2015. And the risk is projected to continue its ascent, with Aon expecting cyber risk to rank seventh in 2018.

“Cyber risk is fast-moving, impossible to predict and difficult to understand, but the damage can be immense,” states the survey report. “One of the dangers facing the insurance industry is the potential for a cyber hurricane, an event that could impact multiple lines of businesses, geographies and industry sectors,” it notes.

“With today’s rapid technological change, it is no surprise that cyber has entered the Top 10 for the first time, and with increasing attacks impacting on a company’s reputation, the results illustrate the hyperconnectivity between risks,” says Stephen Cross, chief innovation officer at Aon Risk Solutions.

Perhaps more surprising, suggests Cross, is the lack of alignment between the board and the risk manager. “Such diverse views illustrate how imperative it is that the Board of Directors has effective and regular communication with risk managers to effectively assess and mitigate the company’s risk exposure.”

One positive trend is that reported readiness for cyber risk has increased from 68% in 2013 to 82% in 2015. Not so positive, though, is that 58% of polled companies have not completed a cyber risk assessment, and that 90% recognize that they are insufficiently prepared to protect themselves against cyber risk.

The Top 10 risks identified are as follows: damage to reputation/brand; economic slowdown/slow recovery; regulatory/legislative changes; increasing competition; failure to attract or retain top talent; failure to innovate/meet customer needs; business interruption; third-party liability; cyber risk (computer crime/hacking/viruses/malicious codes); and property damage.

NEED TO EXPEDITE DRONE AUTHORIZATIONS

A study out of the United States detailing how drones can be used to help first-responders and improve relief

efforts following a disaster recommends that the Federal Aviation Administration (FAA) expedite emergency flight authorizations for the private sector.

Released during RIMS 2015, the study by Measure, in co-ordination with the American Red Cross and co-sponsored by Zurich, argues that expediting authorizations would greatly reduce insurer response times and greatly enhance risk assessment, mitigation and claims response.

“We believe that drone technology can help deliver the most relevant data, in particular for our claims and our risk engineering operations, as they respond to natural disasters and work to support our customers,” Dan Riordan, Zurich’s chief executive officer of global corporate in North America, told reporters.

“When a disaster occurs, drones may be used to provide relief workers with better situational awareness, locate survivors amidst the rubble, perform structural analysis of damaged infrastructure, deliver needed supplies and equipment, evacuate casualties and help extinguish fires,” the study states.

In that vein, the study recommends that the FAA develop an emergency certificate of authorization process for private sector and non-profit organizations that would allow for the on-demand operation of drones post-disaster and issue blanket approval for locations in which these entities can fly.

If response is on the ground in 24 hours or 48 hours, “it can take months or even years off of the recovery process,” Riordan said. “We may not be able to get the claims professional in there 24 hours later, but (we will have) the data to be able to assess and help us move much more quickly on the claims process, to be able to identify what is necessary, and how can we get the right resources to support.”

ORGANIZATIONAL ALIGNMENT HAS INFLUENCE

A focus on the “here and now” could prove disruptive to the organizational strategies of companies, at least on the short-term horizon, highlighting the need to align strategy and what risk management is being asked to do, suggests the 12th Annual Excellence in Risk Management Survey, released during RIMS 2015.

Conducted by Marsh and RIMS, the risk management society, the report is based on 300-plus responses to an online survey and a series of focus groups with risk executives.

“Successful risk executives strive to ensure that they and their organizations have a clear point of view about risk management priorities, how those priorities may change, and where organizational gaps in alignment exist,” notes the report.

Many of the risk executives in the focus groups said that they are being asked to do things on risk that might be disruptive to the strategies of their organizations, Carol Fox, director of the strategic and enterprise risk practice at RIMS and a report co-author, said during a press conference.

“Many of the risk executives that we talked with in the focus groups said that the focus of most of their organizations was on the here and now, and that there’s a growing concern that their Boards of Directors and executives may be overly concentrating on things like the regulatory disclosure requirements and compliance, which tend to be

retrospective views versus emerging risks and how those issues can impact their organizations, which is a much more prospective view,” Brian Elowe, a managing director at Marsh and report co-author, told assembled reporters.

“Alignment with other, more strategic functions is generally higher (nearly double in some cases) when risk management reports into somewhere other than finance,” the report adds.

BIG DATA, BIG ADVANTAGE

Big data will be an integral part of the future, but its potential effectiveness will be governed by knowing just how to use it, Stephen McGill, group president of Aon plc, suggested during RIMS 2015.

Noting that the amount of data created in the last two years is greater than the amount that had accumulated up until then, McGill reported to attendees that by 2018, the amount of data will be 50 times greater than the amount there is today.

“So when we look at big data, it’s not the fact that there’s all this data around. It’s what you can do with that data and how you can bring it down into a structured way and turn it into something that is impactful, first and foremost, to help support our clients,” he said.

Having structured data will allow for doing predictive modelling that can actually help inform clients make better decisions on their risk management and risk transfer needs, McGill told attendees of the session.

“I think data is critical. I think how you use it is even more critical, and I think it’s going to be an incredibly important competitive advantage for firms,” he added.

J. Patrick Gallagher, chairman, president and chief executive officer of Arthur J. Gallagher & Co., agreed.

“I think it’s possible that you might even say, at some point, the real value that a broking firm brings is the data, [and] how they can accumulate and make sense out of the data to help you understand where the world’s going,” Gallagher argued.

David Batchelor, president of Marsh LLC’s international division, said the “issue is how the data is imported in a relevant way and creating something that is giving insight… to an organization.”

What is going on with big data, analytics and technology is “relevant with your C-Suite in terms of discussions around risk issues and how you define some of the risks, and optimization of the risk in looking at the way in which your own capital can be used versus that of cost transfers,” Batchelor added.

CYBER DEMAND GROWING

The cyber insurance market may be developing more slowly than John Doyle, AIG’s chief executive officer of commercial insurance, may have expected, but he suggested during a panel discussion at RIMS 2015 that the market is growing and products are starting to catch up.

“I think like most markets as they develop, the early generation of products, the product probably doesn’t work,” Doyle said, noting that for AIG cyber

offerings, the view has changed from the financial perspective to the customer perspective.

“We don’t view our role in this as just a place for you to transfer risk. We think that we can do much more than that and, really, have invested quite a bit in risk management capabilities to help you better understand those risks,” he said.

Dan Riordan, chief executive officer of global corporate in North America for Zurich, agreed.

“I think it’s about more than just coverage; it’s more than just insurance. It is the insight that our customers are looking for, more insight into the issue of preparedness,” Riordan suggested.

“The market is probably a US$2 billion market,” for the cyber and security privacy area, he said. “There are reports it will go up to US$5 billion to US$10 billion.”

Pointing out that when Zurich looked at cyber penetration a couple of years ago, it found that 5% to 15% of companies were buying some sort of cyber protection. Today, the reports are 30% to 40%.

Although cyber is currently largely an errors and omissions-based product, there is interest in broader coverage beyond security and privacy, Riordan

said, perhaps including the potential impact on property or on business interruption. “I think the industry is challenged now to look at how we can provide capacity, how we can get our arms around the risks that are growing related to cyber,” he suggested.

“It really is an exposure that’s showing itself to be deserving of its own tower of risk,” said John Lupica, chairman, insurance, North America for ACE Group.

“You’re always trying to find that balance between coverage and price points,” Lupica said. “Where we sit today, it certainly feels like we’re reaching that intersection.”