Ahead of this year’s Airmic annual conference, StrategicRISK spoke with Charlie Kitson, head of UK client engagement at AIG, on the evolving risk landscape, core challenges for risk managers and how the industry needs to respond.
This year’s conference is themed, the future is now – tomorrow’s risks are today’s challenges: what does this mean for businesses?
Traditional business models are being disrupted and reinvented, at an exponential pace. The velocity of change – and its breadth and sheer impact – is being felt in almost all countries, sectors and markets. Combined with the increasing complexity of risk, this brings several new challenges to companies, boards and risk professionals.
How does this play out in the threats that risk managers are dealing with today?
Major themes that are top of mind right now include:
Cyber exposure: Technological advancements are disrupting and intensifying the risk landscape and significantly increasing the severity of cyber threats. Data breaches and theft of intellectual property (IP) are a growing concern for all companies in this environment. As more businesses hold valuable data, they become more vulnerable to the risks of data leakage and attacks. We know from our recent cyber claims analysis that targeted ransomware and cyber business interruption are hot topics. In 2017, we have seen as many cyber claims notifications as the previous four years combined, the equivalent of one per working day.
Geopolitical risk: The increasing number of governmental policy shifts, referendums, shock elections and stricter sanction regimes are exacerbating the risk landscape. As a result, some multinationals are uncomfortable with taking on risks associated with developing their businesses in more volatile markets. They are paying careful consideration to how much risk they take, how to allocate their resources and in which countries to place their investments.
Regulatory changes: The regulatory environment is more demanding than ever, with increased scrutiny by regulators and less time for businesses to react. Many governments are operating under the backdrop of having to enforce tough austerity measures. In some cases, this has given rise to popular anger, fear of institutions and globalisation.
Multinationals can often be targeted and individuals – directors and officers – are put in the frame. Regulation can also affect companies globally. The new GDPR is a good example. While this law serves as a healthy ‘soundcheck’ for best practice in data protection, businesses who fail to comply will face hefty fines and impacts could be felt by companies both outside and inside the EU. Other challenges include changes in tax rates where multinational insurance programmes are concerned.
Underpinning all of the above is reputational risk: This is top of mind for boards and is one of the biggest challenge for c-suites and boards. Complexity arises because damage to reputation affects all stakeholders – employees, customers, shareholders and suppliers.
How can insurers respond to these risks?
Some of these risks, and those often discussed at board level, are hard to quantify and more difficult to insure.
But for the most part, insurers are becoming more proactive in supporting clients by forming stronger and more meaningful partnerships. We work closely with our key clients and stakeholders to better understand their challenges, so that we can create new solutions that effectively mitigates risk for both parties.
Cyber is a good case in point. This is a risk that affects a whole host of intangible assets, (data, IP, reputation) and is interlinked to other risk areas, for example, system failures and loss of confidence and profits. Offering pre- and post-breach risk mitigation services that go beyond the core indemnity product is key, such as continual monitoring and immediate response; PR support for company and individual reputations; data restoration, recollection and recreation following a security breach or data leak.
But addressing non-physical risks is not only about supplying products and risk management services. We believe that providing education to help risk managers better understand the complex risk environment is extremely important. Helping develop the risk managers of tomorrow, particularly in areas of strategic decision-making, and educating the board and c-suite on the management of risk will contribute towards making their companies more resilient. In this regard, we have developed the AIG Risk Management Academy (ARMA) to do just that. Feedback from the 120 risk managers that have graduated from ARMA to date has been truly outstanding.
As the business landscape evolves and risks grow in complexity, key attributes required include strong expertise, a proven track record and a flexible, adaptable approach. At AIG we stay one step ahead of this constant evolution by working in close partnership with our clients to understand their exposures so we can build bespoke solutions fit for the future.