Darius Delon, a consultant and president of Risk Management 101, told Canadian Underwriter Monday what he sees as the top concerns for risk managers. Here are his Top 3 risks:
Awareness about legislative changes
In some instances, organizations are not aware of legislative changes that have already been made—to say nothing of upcoming ones—and they’re not abiding by the changes, Delon suggested.
“There are no concrete mechanisms to make organizations aware of the plethora of legislative changes that can impact them in different elements of the business,” he said. “I don’t hear a lot about that.”
He observed that this is also considered a Top 5 risk for universities.
Cyberattacks and breaches
Several large organizations have been hit with cyberattacks or breaches over the past couple of years—among them, Sony, Target, Equifax, and most recently Uber.
These breaches involved large organizations with billions of dollars, but Delon said the big concern among risk managers is that smaller businesses are not immune.
“I’m guessing that a small business with 50 people or less are susceptible to the same risks,” Delon said. “They haven’t been targeted yet.”
In the case of Uber, the company reportedly hid the breach for a year and paid US$100,000 to the thieves to have the data destroyed.
“There’s very good reason why you never disclose within kidnap and ransom K&R circles that…you have K&R cover and that you ever paid K&R cover,” he said. “You don’t want people to know because there are going to be copycats.”
Sexual harassment and codes of conduct
“Universities have already tried to address this a little while ago,” Delon said of sexual harassment and procedures to respond to that harassment. “I think this can be more pervasive for employers [without] just leaving it for social media to respond and investigate—we’re seeing that out of Hollywood.”
Inappropriate conduct has to do with being in power, and could even apply to those who haven’t been employed yet, Delon warns. Some incidents of harassment are 10, 20 or 30 years old.
“The activities of staff of leaders 30 years ago could have a negative impact on the organization today,” Delon said. “How do you manage that? You can’t manage back in time.”