Risk Management

The Profession

Facebook’s global risk manager is motivated by the positive change she helps her company create in the world.
By: | October 15, 2016 • 5 min read

R10-15-16p62_Profession.indd
R&I What was your first job?

Working at a dim sum restaurant in San Francisco called Yang Sing. My mom’s best friend owned the restaurant so she recruited/shanghaied me for a summer job in the kitchen. These were the days before gloves in food prep. Soy sauce chicken wrapped in foil led to lots of foil cuts, thus an early foray into employment injuries. In retrospect, it was a great experience, it certainly motivated me to do well in school and focused me to go to college.

R&I How did you come to work in risk management?

I started out my career in insurance with the brokerage Sedgwick, since acquired by Marsh, simply because I wanted to work in downtown San Francisco. While at Sedgwick, I immediately started to take insurance classes and became interested in risk management after taking a couple of ARM classes. I liked the idea of delving deeper into one company’s risk.

R&I What is the risk management community doing right?

Advertisement




Essentially, we work collaboratively and cross-functionally with the business to identify, quantify and manage risks, and we provide the technical guidance in the use of risk transfer products or self-insurance. Now, instead of being a cost center we look at proactive ways to add to the top-line growth of our companies.

R&I What insurance carrier do you have the highest opinion of?

Well I could say Berkshire Hathaway, but that is because I’m a groupie of Warren Buffet’s. But from a professional prospective, it boils down to the fact that most insurance carriers have the capability and capacity, but do they have the creativity? Will they take the time to understand your business needs and can they give the policyholder something close to contract certainty with respects to the pre-discussed risks?

R&I How much business do you do direct versus going through a broker?

None. I feel that the broker offers the knowledge and specialization of the markets, relationships and consulting expertise.

R& I Are you optimistic about the U.S. economy or pessimistic and why?

Long-term, I’m optimistic. We still have an incredible platform for creativity and growth. Short-term, I’m pessimistic because of how intertwined the world’s economy is and the effect of that. The slowdown in China, for example, will touch us here.

R&I Who is your mentor and why?

Advertisement




I am fortunate to have many mentors, but I would say Carol Harrington, the risk manager at Sun Microsystems Inc., always believed in me. She showed me the value of the cross-functional relationship, the art of negotiation and creativity, and in the end, that there is no substitute for substance. I’ll never forget her words to me during my third week at Sun, at 9 p.m. on a Thursday night. Carol said, “I’m going to help you find another job.” I thought to myself, “Really I can’t be that bad.” She continued on to say, “in order to move up, you need to move out … you’ll be the risk manager someday.”

R&I What have you accomplished that you are proudest of?

How can I not say my kids? I tell them that society values money and power, and I value who they are as a person. BUT, make enough money to support yourself. They turned out to be awesome people.

R&I What is your favorite book or movie?

I’m a Harry Potter aficionado. I love how the author weaves the story line together and leaves clues in the early books to set up for the future.

R&I What is the most unusual/interesting place you have ever visited?

Pompeii, Italy. The preserved history from the Roman civilization to the sadness of the fate of who were essentially the poor.

R&I What is the riskiest activity you ever engaged in?

Feeding a tiger a strip of raw meat with a pair of rusted tongs through a chain-link fence that only came up to my waist. I call it risk management brain freeze.

R&I If the world has a modern hero, who is it and why?

Advertisement




OK, not trying to score any brownie points, but Mark Zuckerberg. He is prescient, leads with conviction and is a clear communicator. He is generous and respectful to others in how he interacts with employees, trying to put them at ease and giving them authority and credit. Every Friday he speaks with the employees, and you can ask any question you want. I admit, in the early days while I sat in the front row, I thought to myself, I wonder if Mark sees me and thinks, ‘What is my mother-in-law doing here?’ But I find the common thread of intelligence and security and the collegial atmosphere simply amazing.

Feeding a tiger a strip of raw meat with a pair of rusted tongs through a chain-link fence that only came up to my waist. I call it risk management brain freeze.

R&I What about this work do you find the most fulfilling or rewarding?

Every day I walk through the Facebook office I am filled with gratitude to work at a place with such an altruistic mission: connecting the world and making it a better place by sharing thoughts and viewpoints. For every 10 people in the developing world who are on the internet, one person is lifted out of poverty.

R&I What do your friends and family think you do?

Shockingly, my children know what I do as they have been brought up with the RIMS swag. They have heard of Factory Mutual (great bags) and Zurich (chocolate) and my daughter wants to become an insurance professional. Imagine that — a next generation professional. She has heard stories about how many ways risks can be managed and how insurance makes capitalism possible. She even has a T-shirt with the faces of Charlie Munger and Warren Buffet. So, I guess, my friends and family have been schooled about risk management, through my exuberance and crazy stories.




Katie Siegel is a staff writer at Risk & Insurance®. She can be reached at [email protected]

More from Risk & Insurance

More from Risk & Insurance

2017 RIMS

Resilience in Face of Cyber

New cyber model platforms will help insurers better manage aggregation risk within their books of business.
By: | April 26, 2017 • 3 min read

As insurers become increasingly concerned about the aggregation of cyber risk exposures in their portfolios, new tools are being developed to help them better assess and manage those exposures.

One of those tools, a comprehensive cyber risk modeling application for the insurance and reinsurance markets, was announced on April 24 by AIR Worldwide.

Advertisement




Last year at RIMS, AIR announced the release of the industry’s first open source deterministic cyber risk scenario, subsequently releasing a series of scenarios throughout the year, and offering the service to insurers on a consulting basis.

Its latest release, ARC– Analytics of Risk from Cyber — continues that work by offering the modeling platform for license to insurance clients for internal use rather than on a consulting basis. ARC is separate from AIR’s Touchstone platform, allowing for more flexibility in the rapidly changing cyber environment.

ARC allows insurers to get a better picture of their exposures across an entire book of business, with the help of a comprehensive industry exposure database that combines data from multiple public and commercial sources.

Scott Stransky, assistant vice president and principal scientist, AIR Worldwide

The recent attacks on Dyn and Amazon Web Services (AWS) provide perfect examples of how the ARC platform can be used to enhance the industry’s resilience, said Scott Stransky, assistant vice president and principal scientist for AIR Worldwide.

Stransky noted that insurers don’t necessarily have visibility into which of their insureds use Dyn, Amazon Web Services, Rackspace, or other common internet services providers.

In the Dyn and AWS events, there was little insured loss because the downtime fell largely just under policy waiting periods.

But,” said Stransky, “it got our clients thinking, well it happened for a few hours – could it happen for longer? And what does that do to us if it does? … This is really where our model can be very helpful.”

The purpose of having this model is to make the world more resilient … that’s really the goal.” Scott Stransky, assistant vice president and principal scientist, AIR Worldwide

AIR has run the Dyn incident through its model, with the parameters of a single day of downtime impacting the Fortune 1000. Then it did the same with the AWS event.

When we run Fortune 1000 for Dyn for one day, we get a half a billion dollars of loss,” said Stransky. “Taking it one step further – we’ve run the same exercise for AWS for one day, through the Fortune 1000 only, and the losses are about $3 billion.”

So once you expand it out to millions of businesses, the losses would be much higher,” he added.

The ARC platform allows insurers to assess cyber exposures including “silent cyber,” across the spectrum of business, be it D&O, E&O, general liability or property. There are 18 scenarios that can be modeled, with the capability to adjust variables broadly for a better handle on events of varying severity and scope.

Looking ahead, AIR is taking a closer look at what Stransky calls “silent silent cyber,” the complex indirect and difficult to assess or insure potential impacts of any given cyber event.

Stransky cites the 2014 hack of the National Weather Service website as an example. For several days after the hack, no satellite weather imagery was available to be fed into weather models.

Imagine there was a hurricane happening during the time there was no weather service imagery,” he said. “[So] the models wouldn’t have been as accurate; people wouldn’t have had as much advance warning; they wouldn’t have evacuated as quickly or boarded up their homes.”

It’s possible that the losses would be significantly higher in such a scenario, but there would be no way to quantify how much of it could be attributed to the cyber attack and how much was strictly the result of the hurricane itself.

It’s very, very indirect,” said Stransky, citing the recent hack of the Dallas tornado sirens as another example. Not only did the situation jam up the 911 system, potentially exacerbating any number of crisis events, but such a false alarm could lead to increased losses in the future.

The next time if there’s a real tornado, people make think, ‘Oh, its just some hack,’ ” he said. “So if there’s a real tornado, who knows what’s going to happen.”

Advertisement




Modeling for “silent silent cyber” remains elusive. But platforms like ARC are a step in the right direction for ensuring the continued health and strength of the insurance industry in the face of the ever-changing specter of cyber exposure.

Because we have this model, insurers are now able to manage the risks better, to be more resilient against cyber attacks, to really understand their portfolios,” said Stransky. “So when it does happen, they’ll be able to respond, they’ll be able to pay out the claims properly, they’ll be prepared.

The purpose of having this model is to make the world more resilient … that’s really the goal.”

Additional stories from RIMS 2017:

Blockchain Pros and Cons

If barriers to implementation are brought down, blockchain offers potential for financial institutions.

Embrace the Internet of Things

Risk managers can use IoT for data analytics and other risk mitigation needs, but connected devices also offer a multitude of exposures.

Feeling Unprepared to Deal With Risks

Damage to brand and reputation ranked as the top risk concern of risk managers throughout the world.

Reviewing Medical Marijuana Claims

Liberty Mutual appears to be the first carrier to create a workflow process for evaluating medical marijuana expense reimbursement requests.

Cyber Threat Will Get More Difficult

Companies should focus on response, resiliency and recovery when it comes to cyber risks.

RIMS Conference Held in Birthplace of Insurance in US

Carriers continue their vital role of helping insureds mitigate risks and promote safety.

Michelle Kerr is associate editor of Risk & Insurance. She can be reached at [email protected]