4 Key Trends Dramatically Shifting Private Sector Risk Profiles

In an unpredictable risk landscape, businesses need a dynamic and fluid response strategy. Here are four key trends that are dramatically affecting private risk profiles.
By: | October 31, 2019

Businesses today operate in a “not if, but when” risk environment. This means that every entity at some point will likely experience a significant disruption from one cause or another, whether a natural catastrophe, climate-related event, cyber incident, legal or regulatory snafu or reputational crisis.

Digital transformation and interconnectivity could reasonably be pinpointed as the underlying factors that tie these exposures together. Reliance on technology means that the strength of both physical and virtual IT infrastructure is at the center of resiliency and a critical component of incident response — no matter what type of incident it is.

“IT and operations don’t just dance together. They are one entity,” said Sean Murphy, crisis management & business continuity leader, BDO USA.

In an environment where risks not only emerge and evolve rapidly, but overlap in an intricate web, business leaders need to ask themselves if their business continuity and disaster recovery plans are still relevant. Are they actually fit to help you respond and move past disruptions as threats become more dynamic?

Sean Murphy
Crisis Management &
Business Continuity Leader

Here are four key trends have coalesced to dramatically shift risk profiles over the past 5 to 10 years.

1)  Intensified Natural Catastrophe Risk

Rising global temperatures have contributed to more frequent and severe storms. Even communities without direct exposure to hurricanes’ battering winds and sea level surges are vulnerable to historic rainfalls and flooding.

“Increasingly we see cyber as a peril, but mother nature hates computer systems. Flood, fire, hurricanes and tornados can do harm at large scale, and in many cases, the physical damage will exceed any cyber related event,” said Ian Thornton-Trump, head of cyber security at AmTrust International.

“From an IT perspective this is all about resiliency and maintaining (and testing) backups.”

Planning to deal with a damaged building is fairly straightforward. But the picture gets more complicated if that building houses your system’s main servers, or for manufacturers, any robotic production equipment.

“When you rely heavily on automation, the downtime could extend for weeks or months due to the specialized and expensive nature of the equipment,” said Megan Linkin, VP, parametric Nat Cat, Swiss Re Corporate Solutions.

 2) Rise of Cyber Crime 

Digitization and automation have also amplified exposure to malicious hackers and system failure.

“Advances in technology and global Interconnectivity have made the world a better place, they also have created a fertile playground for cyber criminals,” said Elizabeth Queen, vice president risk management, Wolters Kluwer.

“Not only are criminals targeting intangible assets and the companies that make, control, store, process them, but they provide the surveillance, extraction and getaway cars, in ways that are continuously evolving.”

Planning to deal with a damaged building is fairly straightforward. But the picture gets more complicated if that building houses your system’s main servers, or for manufacturers, any robotic production equipment.

“Take ransomware as an example. You’re in the middle of the event making decisions. Do you know how much you’re willing to pay? If your cyber insurance will cover that payout? if you haven’t practiced a response and you’re making decisions on the fly, you may make one that’s not covered,” said Jeff Phillips, managing director of insurance & federal claims services, EY.

3) Reputation as Balance Sheet Asset

A company’s response to any negative event can cause even more damage if it doesn’t satisfy consumers’ expectations.

Elizabeth Queen, vice president, Risk Management, Wolters Kluwer

“Today, this intangible asset sits firmly and high on top balance sheets,” Queen said. “How an organization is perceived to be responding to an incident can have a direct impact on shareholder and brand value.”

According to a recent study by Pentland Analytics and Aon, “Reputation Risk in the Cyber Age,” social media plays a significant role in how shareholder value is affected by incident response. News travels fast, and a poor communications strategy will be noticed and critiqued immediately.

Companies who fared best were prepared with a response that was contrite, clear and transparent, consistent across the company, and reinforced by actions of atonement. Companies without such a plan saw a nearly 30% decrease in shareholder value.

4) Vulnerability of Interdependency

Globalization has linked companies and countries together in so many ways it can seem nearly impossible to work out all the potential consequences of one event.

Incidents that affect a partner, supplier or key customer can hurt a business as much as if that incident had happened to the business itself.

Companies must consider these key players’ exposures as much as their own.

“It’s the density and speed of connections that create complexity,” Murphy said. “We don’t know what we don’t know. Which means it is difficult to see cause and effect and almost impossible to predict cascading effects.” &

Katie Dwyer is a freelance editor and writer based out of Philadelphia. She can be reached at [email protected]

More from Risk & Insurance

More from Risk & Insurance