Risk Management

Seven Questions for Michael Liebowitz

Is risk management becoming too specialized? NYU's risk executive ponders that and other questions on risk management.
By: | March 13, 2017 • 4 min read
Topics: ERM | Risk Managers

Michael Liebowitz, senior director of insurance and enterprise risk management at New York University, has come a long way from his very first job as a paperboy for the “Long Island Press.”

He came to the risk management profession in a “circuitous route,” he said, working in outside and inside claims before the “really bad underwriting” at a former company caused his department to become so “inundated with claims,” that he opted to leave the business.

Michael Liebowitz, senior director of insurance and enterprise risk management, New York University

He joined NYU Medical Center as an insurance specialist, handling primarily property, workers’ comp and medical malpractice, and later become director of risk management at NYU. In 2006, he served as president of RIMS.

I think the biggest thing I am proud of is that probably every place I’ve been employed, I’ve been able to go into the organization and create a risk management program where there wasn’t one, or identify deficiencies in risk management programs that had been in place and improve them,” he said.

Advertisement




As for emerging risks, it’s cyber risk that most concerns Liebowitz. “Because the bad guys are always one step ahead of us. We are always playing catch up.”

These seven questions explore some of his thoughts on the risk management profession:

What is the risk management community doing right?

That’s a tough question. Risk management has now been fragmented. We have traditional risk management based upon an insurance model with loss control and safety and claim. Then you have enterprise risk management and looking at strategic risks. We are becoming subspecialists within a specialty.

I don’t know if that’s good or bad yet. It’s something that is still developing. There are very few people that have experience in all three disciplines.

What could the risk management community be doing a better job of?

We are going from generalists to specialists and subspecialists. And I just don’t know if it’s good. It’s too early on to come up with a definitive opinion. It’s a concern. I have all of that experience so it doesn’t bother me, but a person coming out of school, they don’t know what they are getting into. We are siloing ourselves. I don’t think anybody sees it coming.

What’s been the biggest change in the risk management and insurance industry since you’ve been in it?

I don’t think the insurance industry has changed all that much since I entered 30-odd years ago. We still don’t have contract certainty. They still do things the old way. Instead of mailing a spreadsheet, we are emailing a spreadsheet and sending the same information to multiple different carriers and filling out multiple different applications.

Advertisement




One way they have changed is they have decided that shareholder value is in some instances more important than insured interests. They put their shareholders before their insureds. This is a service industry; provide me with service. I am paying for it. That’s the negative.

The good side is they are putting more emphasis on loss control, loss reduction and claims identification and mitigation activities. They are trying to get ahead of the curve but those services don’t run that deep. They are very superficial. Some carriers don’t even understand what the four corners of their policy insure and I will leave it at that.

Was the contingent commission controversy overblown?

Yes. The way brokers get compensated hasn’t changed. What has changed is they are now telling you what they are making on your book of business and they are obligated to do that versus you having to ask them.

I would flip it around and say if you were really a diligent risk manager, you would have asked the question: What is the true cost of risk. And to get the true cost of risk, you have to know what you are paying your broker. It’s all about transparency and being smart enough to ask the question.

What is the most unusual/interesting place you have ever visited?

China. It’s just so foreign from a Westerner’s point of view. Shanghai is a very modern city but you can walk two blocks in any direction and contrast it with old China. Chinese food there isn’t Chinese food here. From a food perspective, it’s very different. Culturally, it’s very different. As much as I love China and don’t mind going there – I’ve been there seven or eight times – it’s very difficult to wrap my head around it.

What is the riskiest activity you ever engaged in?

Cycling on the street. It’s dangerous between the potholes and cars and sand and leaves. You need to have eyes in the back of your head.

What about this work do you find the most fulfilling or rewarding?

I like everything I do. It’s the variety, trying to solve problems and to make my clients able to do their business by protecting not only my client but the larger organization from the business some of them might engage in.

Anne Freedman is managing editor of Risk & Insurance. She can be reached at [email protected]

More from Risk & Insurance

More from Risk & Insurance

2017 RIMS

Cyber Threat Will Get More Difficult

Companies should focus on response, resiliency and recovery when it comes to cyber risks.
By: | April 19, 2017 • 2 min read
Topics: Cyber Risks | RIMS

“The sky is not falling” when it comes to cyber security, but the threat is a growing challenge for companies.

“I am not a cyber apocalyptic kind of guy,” said Gen. Michael Hayden, former head of the Central Intelligence Agency and National Security Agency, who currently is a principal at the Chertoff Group, a security consultancy.

Gen. Michael Hayden, former head of the CIA and NSA, and principal, The Chertoff Group

“There are lots of things to worry about in the cyber domain and you don’t have to be apocalyptic to be concerned,” said Hayden prior to his presentation at a Global Risk Forum sponsored by Lockton on Sunday afternoon on the geopolitical threats facing the United States.

“We have only begun to consider the threat as it currently exists in the cyber domain.”

Hayden said cyber risk is equal to the threat times your vulnerability to the threat, times the consequences of a successful attack.

At present, companies are focusing on the vulnerability aspect, and responding by building “high walls and deep moats” to keep attackers out, he said. If you do that successfully, it will prevent 80 percent of the attackers.

“It’s all about making yourself a tougher target than the next like target,” he said.

But that still leaves 20 percent vulnerability, so companies need to focus on the consequences: It’s about response, resiliency and recovery, he said.

The range of attackers is vast, including nations that have used cyber attacks to disrupt Sony (the North Koreans angry about a movie), the Sands Casino (Iranians angry about the owner’s comments about their country), and U.S. banks (Iranians seeking to disrupt iconic U.S. institutions after the Stuxnet attack on their nuclear program), he said.

“You don’t have to offend anybody to be a target,” he said. “It may be enough to be iconic.”

The world order that has existed for the past 75 years “is melting away” and the world is less stable.

And no matter how much private companies do, it may not be enough.

“The big questions in cyber now are law and policy,” Hayden said. “We have not yet decided as a people what we want or will allow our government to do to keep us safe in the cyber domain.”

The U.S. government defends the country’s land, sea and air, but when it comes to cyber, defenses have been mostly left to private enterprises, he said.

“I don’t know that we have quite decided the balance between the government’s role and the private sector’s role,” he said.

As for the government’s role in the geopolitical challenges facing it, Hayden said he has seen times that were more dangerous, but never more complicated.

The world order that has existed for the past 75 years “is melting away” and the world is less stable, he said.

Nations such as North Korea, Iran, Russia and Pakistan are “ambitious, brittle and nuclear.” The Islamic world is in a clash between secular and religious governance, and China, which he said is “competitive and occasionally confrontational” is facing its own demographic and economic challenges.

“It’s going to be a tough century,” Hayden said.

Anne Freedman is managing editor of Risk & Insurance. She can be reached at [email protected]