Feeling Unprepared to Deal With Risks
Geopolitical uncertainty, challenging demographics and a difficult economy are making it harder for risk managers to protect their organizations.
“Certainly there is a feeling and understanding that the risk environment is changing, and changing really fast,” said Rory Moloney, CEO of Aon Global Risk Consulting, during the RIMS 2017 conference.
Aon’s “2017 Global Risk Management Survey,” he said, asked its 1,800 respondents, “How prepared are you?” and the results are “at its lowest point now since we started this in 2007.”
“They are sensitive to the volatility and feel less prepared,” Moloney said.
The survey found that the No. 1 global risk in 2017 was “damage to brand and reputation.” And that, too, is partly caused by the pace of change as well as the growth of 24/7 news channels and the use of social media.
“In the age of Twitter and viral videos, damage to reputation could occur because of an inappropriate tweet by an executive, or a video by an employee complaining about sexual harassment or discrimination,” according to the report.
Regardless of the difficulty faced by a company, whether it is a product recall, supply chain failure, fraudulent act or cyber event, “the worry is just that the amplification is out there and it happens so quickly,” he said
Nearly half (45 percent) of the respondents identified brand and reputation damage as their top risk concern,while only 51 percent believed they were prepared to deal with the challenge, according to the survey.
The top 10 risks, in order, are:
- Damage to reputation/brand;
- Economic slowdown/slow recovery;
- Increasing competition;
- Regulatory/legislative changes;
- Cyber crime/hacking/viruses/malicious codes;
- Failure to innovate/meet customer needs;
- Failure to attract or retain top talent;
- Business interruption;
- Political risk/uncertainties; and
- Third-party liability (including E&O).
Of the top 10 risks, half are uninsurable, while three are partially insurable, according to Aon. Only two (business interruption and third-party liability) are insurable.
Cyber risk moved up from nine in 2015 on the list to five this year – but it was No. 1 for risk managers in North America, Moloney said.
In the intervening years, the risk has expanded from disclosure of personally identifiable information from retail, health care or education organizations, to include fears of business interruption and disruption of production processors and controllers, Moloney said.
Readiness by risk managers to deal with cyber risk declined overall from 82 percent in 2015, to 79 percent in 2017, according to the report.
It is critical that business and policy leaders understand which disruptive technologies will matter to them, and prepare accordingly.
In addition, multinational companies need to prepare for new data protection rules that go into effect in the EU in May 2018. Failure to comply could result in penalties of up to 4 percent of worldwide earnings, he said.
As risk managers face geopolitical uncertainty, only 23 percent of them feel prepared to deal with the potential changes facing their organizations.
“Companies can’t control the geopolitical environment,” Moloney said.
They also can’t control the aging of the workforce, which continues to creep up. Organizations need to devote resources to attract, retain and develop employees, while continuing to grapple with a multitude of other pressing risks.
To be effective, risk managers need an integrated, holistic risk management strategy that looks “top down and bottom up” at all of their organizations’ exposures, Moloney said.
He noted that two new risks entered the survey respondents’ concerns for 2017: disruptive technologies/innovation, and major project failure.
Disruptive technologies, which includes 3D printing, the Internet of Things and ride-sharing companies, among many other innovations, ranked No. 20 on the 2017 risk management risks, and respondents forecast it to move up to No. 10 in 2020.
“It is critical that business and policy leaders understand which technologies will matter to them, and prepare accordingly,” according to the report.
Major project failure ranked No. 15 because of the potential to “undermine a company’s reputation and in many cases put a company on the brink of bankruptcy,” according to Aon.
“While major project failure is sometimes caused by external factors – such as regime change, government policy adjustment, terrorist attacks or a natural disaster – experts also attribute it to internal elements, such as failures related to market and strategies, organizational planning, leadership and governance, underestimation in analysis, quality, risk prediction, skills and competency, and teamwork and communications,” according to the report.
Additional stories from RIMS 2017:
If barriers to implementation are brought down, blockchain offers potential for financial institutions.
Risk managers can use IoT for data analytics and other risk mitigation needs, but connected devices also offer a multitude of exposures.
Liberty Mutual appears to be the first carrier to create a workflow process for evaluating medical marijuana expense reimbursement requests.
Companies should focus on response, resiliency and recovery when it comes to cyber risks.
Carriers continue their vital role of helping insureds mitigate risks and promote safety.
New cyber model platforms will help insurers better manage aggregation risk within their books of business.