This fall, Risk & Insurance caught up with Andreas Berger, the CEO of Swiss Re Corporate Solutions. What follows is a transcript of that discussion, edited for length and clarity.

Risk & Insurance: There are a host of interconnected global risks out there, and they seem to be increasing in frequency and severity. How do businesses get on top of these risks, and how can the insurance industry help?

Andreas Berger: Our world has changed. Risk is accelerating, and that is compounded by the fact that everything is deeply interconnected, everything from geopolitical and economic and social issues to technology, climate and regulation — and of course the ongoing hard market.

We’ve spoken to dozens of risk managers, CXOs and boards of the world’s leading companies, and we’ve been hearing a common refrain: Once upon a time, risk was a question of making sure someone had bought insurance. Today, boards and management alike are trying to get a grip on the totality of risks in an organization and in particular, supply chains.

The real difficulty is getting on top of the complexity of supply chains, being able to quantify the risk and its impact and work out what to do about it. And this is a fundamental question about the ability to manage risk. It includes insurance, but it’s much, much more. The big question we’re addressing now: How can a company get in control of its supply chain risks?

Corporate clients are telling us they want more control over their risks; they want to be able to view them holistically and strategically. To do that, their organizations need to dramatically improve risk management, but they don’t have the tools and models that we have to assess, quantify and prioritize risk.

And even if they did, they would need the data to run through the models to be in good shape — and currently the data quality is not great. It sits in different systems across their business, SAP, Excel and homegrown systems.

Finally, clients told us that, with the insights they could generate from our models, they wanted to be able to decide whom they share the insights with, internally and externally. They want to be in control, and that has to be our starting point — giving the client control.

R&I: What are the main risks that businesses are considering when it comes to their supply chain?

AB: The biggest concern that C-suites and risk managers have is business interruption. It’s always been up there. After that, corporates would focus on things like natural catastrophes, geopolitical unrest, and then cyber started to come up more. These are the main causes of business interruption.

For the supply chain, the business interruption is the big item. That’s what keeps our customers awake at night and we must always keep this in mind. When you ask questions about supply chain risk management, a key issue is transparency. Here, you find a lot of differences, because the complexities of supply chains vary across businesses and industries.

Companies wanted to create transparency in their supply chain, so they invested in risk management and insurers got the data out of that risk management process. But the data was often unstructured, didn’t make sense and the sum of the information wasn’t adding up. Often, the unstructured and incomplete data only told half the story.

For example, you could see that some manufacturers only had control over their tier one suppliers, maybe tier two or tier three. But if a problem happens at a tier five or six level and it’s a single source for a key part, it creates a bottleneck. Add to this the fact that your competitors probably also use the same tier five or six supplier and you have the case for a major disruption that was unknown or hidden in the supply chain until a loss happens.

Customers need to get into the detail of their supply chain and ask themselves: Is there enough stock? Can their supplier still deliver through their business crisis management processes? Can they deliver to you or to your competitor? Who’s got priority?

This is all completely unknown, and that’s where the contingent business interruption risk comes in, which is a big financial loss for corporates. It all boils down to the business interruption, and that’s where we believe we need to empower the customer and help them take control of their risk.

R&I: What does empowering the customer look like in this context? How can insurance help businesses get the clarity they need over their supply chain risks?

AB: We have to help our customers beyond risk transfer, and we can do that at Swiss Re because we have insights and models on managing risk that we have built up for over a century. And it’s that insight and ability to model risk accurately that we’re now providing to customers.

A lot of companies — the big tech firms and various software companies — are also trying to tackle this, but we’re looking at it holistically and from a risk management perspective. To solve the problem, you need to start with the customer.

So we’ve spent more than two years developing a supply chain management solution. Here, we invite customers to securely upload their data on the platform we have created, called Risk Data & Services (RDS), a platform that is neutral and open so there’s no ambiguity around ownership of the uploaded data. This data belongs to the customer — they have control of it. Nobody else sees it unless the data owner wants them to.

The moment the data is uploaded on the platform, it’s mapped with our data model, which has been created from over 150 years of data experience and insight at Swiss Re. With the customer’s data mapped to this data model, we create what is called a digital twin.

R&I: How does this help your customers manage their supply chain risks?

AB: Helping customers take control of supply chain risk all starts with creating a digital twin of the supply chain, which includes all your suppliers across the entire network — every single tier of supplier, your assets and respective shipment information.

This “digital twin” then sits on the platform, and you and your colleagues can work with the same data all in one place — organized and secure, and the owner controls all access rights.

With the digital twin in place, you can then run “what-if” scenarios to understand how a risk event could potentially disrupt your supply chain.

You can perform simulations against risks such as strikes, natural catastrophes or other uncertain events. The solution lets you instantly identify critical suppliers, areas where the risk is elevated and weak points in the network. Based on these insights, you can design a risk mitigation strategy and work with colleagues from other departments to implement it.

You can even track the effectiveness, literally watching your supply chain become resilient over time. We have also implemented alerts that warn about impending storms or geopolitical events impacting key suppliers, which could lead to delivery shortages.

But it’s more than a static alert. We provide information on affected suppliers and linked end-products that would be delayed. Thanks to these risk alerts and insights, you can now proactively manage the risk rather than reacting when the damage is already done.

Customers can also use apps that give them direct access to our state-of-the-art risk models. These apps are linked via APIs that sit on the platform, but it’s not only ours. It’s also other third-party data provider apps that give insight on additional risk categories. The platform we created is neutral and open. This is very important, as it ensures that the customer can access the services they want, also beyond Swiss Re’s offering.

R&I: What if a supplier from the seventh tier thinks this is all very nice but they don’t want to put their data on your platform?

AB: You’re right. The production site data might be perceived by suppliers as commercially sensitive information and hence they might be less willing to share. However, the RDS platform allows every independent company to store their site data in their own private environment yet securely share the risk insights (generated from the processing of the raw data). This unique setup of the RDS platform allows the supply chain participants to be mutually beneficial without sharing their commercially sensitive data with each other.

Also, the RDS platform does not have any limitations on the number of users. It depends on the company’s willingness to invite its suppliers to the platform and suppliers’ willingness to join it.

R&I: How long has the platform been up and running?

AB: We developed the Supply Chain Resilience data model and the data and technology strategy after COVID-19 started. The foundations were already in place, but after the lockdowns, we accelerated the process.

At the same time, many commercial insurers were undertaking their own transformation programmes in order to return to profitability after many years of high combined ratios. We saw capacity reduce for certain risks, as well as price increases and more scrutiny on the terms and conditions of the insurance policies. Customers that were used to being able to transfer risks easily suddenly needed to reprioritize risk management and invest in making their supply chain and operations more resilient in order to secure the limited capacity.

This was our starting point for developing the platform and to help customers optimize their total cost of risk. That’s the theme we ran with because it was so clear to us that, in a hard market, there will come a time where people are less willing to pay the next rate increase — but instead they will want to take control of their risk and be able to take smart decisions about how they manage the risk, transfer the risk to the insurance market or self-insure. How do you do that? You need to have the data and to start modeling it yourself.

R&I: So how did you decide where to start with the platform? Where did you focus first?

AB: A year ago, we completed multiple pilots, and with those first clients, we worked hard to understand exactly what their needs were. That produced a whole array of priorities, but we realized it was too much and needed to focus. So we looked at the most important ones based on customer needs, which were property exposure management, supply chain, and sustainability.

In the sustainability case, we’re talking about climate risk scores to see how your company’s physical assets are impacted by natural catastrophes and climate change. For instance, you can play out scenarios looking at sea level rises for the next 15, 20, 25 years, giving you actionable insights into the company.

With these types of insights, corporates can then use data to help make critical decisions and answer questions such as: Do I change my investment plans? Do I open manufacturing plants somewhere else that will be less prone to severe natural catastrophes? Those are critical decisions that need to be made, so we focused on those three use cases. There will be other areas coming in the future. The three initial solutions are already available today and are being used by clients across the globe.

Our RDS platform is completely new and is a unique offering in the market. We believe it can and already is changing the way customers and the insurance industry deal with risk and risk transfer. Nobody is excluded from the platform — for example, other commercial insurers, brokers and Insurtech players are all invited to the platform. Ultimately, the customer will then be able to see who is best placed to help them manage the risk that they face.

R&I: There is a narrative that says there are insurance products to address supply chain issues, but the uptake is very light. Is that accurate, and if so, will the transparency of this platform give the industry some traction in actually selling risk transfer?

AB: Yes, the platform will give the industry some traction and enable corporates to accurately convey their risks to the market. The challenge for the industry is that we always look at historic data. If you consider the typical renewal process, it could take up to nine months, and within it, there are countless points where communication could break down or the data could become compromised. Then comes the renewal date and the policy renews.

The assets are being insured based on data that is now 10 or 11 months old. However, in the meantime, the company has divested, has bought another company, or has maybe had an incident with one of its assets. So now the insurance policy does not match the risk that the corporate faces. Customers that we worked with when developing the platform said this was a huge problem for them. So we looked into how we could help to ensure that we have more frequently updated information and can underwrite risks based on the most up-to-date information available.

To do this, upon a customer’s agreement, we link the RDS platform to the original data source, where the value sits; this could be an SAP booking system, for example. We ingest the data into the platform, and we would agree upon a certain frequency of updates with the customer. So how updated the data is is a given asset value that can be communicated to the wider market, which is very important because it determines swings and limits in pricing.

That should give you a feeling of what data can do if you manage it, control it and make it available internally to your colleagues as well as externally. Our data model is being updated continuously — it is health-checked every hour.

R&I: What are your thoughts on the current issues around geopolitical instability, sustainability and cyber risks? Is there a role for data in managing these too?

AB: Yes, geopolitical issues are not new, but they’re accelerating and happening more concurrently. Look at the supply chain disruption through the Ukraine war — we had a problem already, but it has accelerated, creating real stress in some industries across the world. The secondary effects lead to food security problems, and in every part of the world, there is a risk of social unrest, the energy crisis is spilling over, and that is linked to sustainability targets that have to be met.

All of these issues can lead to business interruption, but one of its key causes today is cyberattack — it’s one of the top five geopolitical risks. There are insurance solutions, but the limits are too low and there is a need to invest to understand and model the broader cyber risk properly. There are a few promising attempts by some parties in the industry to collect the relevant data, which is a first step in the right direction.

R&I: Any final thoughts on how businesses can manage risk in a such a volatile, unpredictable environment?

AB: Risk managers at large and midsize corporates must also think about what they do when they budget for their insurance premiums. They need to factor in inflation. What assumptions do they have? Which institutions do they follow for information? I think we must become much more granular and technical in how we address all the effects and impacts that come our way.

And I think the hardening of the market has taught all stakeholders lessons — including boards, rating agencies, regulators. They’re all asking questions now, are much more aware of what’s happening out there and, crucially, how that should be reflected in the way they do business. &