About Caroline McDonald

Caroline McDonald is the senior editor of the Risk Management Monitor and Risk Management magazine.

Disruptive Technologies Present Opportunities for Risk Managers, Study Finds

PHILADELPHIA–Disruptive technologies are used more and more by businesses, but those organizations appear to be unprepared. What’s more, companies seem to lack understanding of the technologies and many are not conducting risk assessments, according to the 14th annual Excellence in Risk Management report, released at the RIMS conference here.

The study found an apparent lack of awareness among risk professionals of their company’s use of existing and emerging technologies, including the Internet of Things (IoT), telematics, sensors, smart buildings, and robotics and their associated risks. When presented with 13 common disruptive technologies, 24% of respondents said their organizations are not currently using or planning to use any of them. This is surprising, as other studies have found that more than 90% of companies are either using or evaluating IoT technology or wearable technologies and that companies in the United States invested $230 billion on IoT in 2016.

Another finding was that despite the impact disruptive technology can have on an organization’s business strategy, model, and risk profile, 60% of respondents said they do not conduct risk assessments around disruptive technologies.

“Today’s disruptive technologies will soon be — and in many cases already are — the norm for doing business,” said Brian Elowe, Marsh’s U.S. client executive leader and co-author of the report said in a statement. “Such lack of understanding and attention being paid to the risks is alarming. Organizations cannot fully realize the rewards of using today’s innovative technology if the risks are not fully understood and managed.” According to the study:

Organizations generally, and risk management professionals in particular, need to adopt a more proactive approach to educate themselves about disruptive technologies — what is already in use, what is on the horizon, and what are the risks and rewards. Forward-leaning executives are able to properly identify, assess, and diagnose disruptive technology risks and their impact on business models and strategies.

This lack of clarity presents opportunity for risk professionals. In fact, previous Excellence reports have indicated that C-suite executives and boards of directors want to know what risks loom ahead for their organizations and increasingly rely on risk professionals to provide that insight.

“As organizations adapt to innovative technologies, risk professionals have the opportunity to lead the way in developing risk management capabilities and bringing insights to bear on business strategy decisions,” said Carol Fox, vice president of strategic initiatives for RIMS and co-author of the report. “As a first step, risk professionals are advised to proactively educate themselves about disruptive technologies, including what is already in use at their organizations, what technologies may be on the horizon, and the respective risks and rewards of using such technology.”

One thing companies can do to manage risks associated with disruptive technologies is facilitate discussions through cross-functional committees—yet fewer companies, only 48%, said they have one, a drop from 52% last year and 62% five years ago.

Whether discussed in weekly, monthly, or quarterly organization-wide committee meetings, emerging risks — including disruptive technologies — need to be examined regularly to anticipate and manage the acceleration of business model changes. When risk is siloed, too often the tendency can be toward an insurance-focused approach to risk transfer rather than an enterprise approach that may lead to pursuing untapped opportunities.

The Excellence survey, Ready or Not, Disruption is Here, is based on more than 700 responses to an online survey and a series of focus groups with leading risk executives in January and February 2017.

Findings from the survey were released today at the RIMS 2017 Annual Conference & Exhibition. Copies of the survey are available on www.marsh.com<http://www.marsh.com> and www.rims.org<http://www.rims.org>.

Dallas Alarms Hack a Warning of Infrastructure Vulnerability

Dallas residents were wide awake and in a state of confusion late Friday night when the city’s outdoor emergency system was hacked, causing all of its 156 alarms to blast for an hour-and-a-half until almost 1:30 a.m.

With some interpreting the warning as a bomb or missile, a number of residents dialed 9-1-1, but the number of calls—4,400 in all—overwhelmed the system, causing some callers to wait for up to six minutes for a response, the New York Times reported.

The alarms blasted for 90-second durations about 15 times, Rocky Vaz, the director of the city’s Office of Emergency Management, told reporters at a news conference.

Mr. Vaz said emergency workers and technicians had to first figure out whether the sirens had been activated because of an actual emergency. And turning off the sirens also proved difficult, eventually prompting officials to shut down the entire system.

“Every time we thought we had turned it off, the sirens would sound again, because whoever was hacking us was continuously hacking us,” Sana Syed, a spokeswoman for the city told the Times.

Eventually the alarms were turned off, which had to be done manually, one alarm at a time.

On Saturday afternoon the system, used for hurricanes and other warnings, was still down, but officials said they hoped to have it functioning soon. They also said they had pinpointed the origin of the security breach after ruling out that the alarms had come from their control system or from remote access.

Mr. Vaz said that Dallas had reached out to the Federal Communications Commission for help and was taking steps to prevent hackers from setting off the system again, but that city officials had not communicated with federal law enforcement authorities.

Security officials have warned about the risks that such hacking attacks pose to infrastructure, which is often aging and in disrepair. Federal data shows that the number of attacks on critical infrastructure appears to have risen: to nearly 300 in 2015 from just under 200 in 2012. Attacks include a 2008 oil pipeline explosion in Turkey; a 2015 hacking of Ukraine’s power grid, leaving 200,000 people in Western Ukraine without electricity for several hours; and in 2013, hackers tried to gain control of a small dam in upstate New York. Seven computer specialists, who worked for Iran’s Islamic Revolutionary Guards Corps., were indicted for trying to take over controls of the dam, according to the Times.

First Quarter 2017 Sees Upward Rate Movement

U.S. insurance buyers may see higher rates this year, as the composite rate index for commercial accounts increased plus 1% for the first time in 20 months, MarketScout reported today.

Rates for business interruption, inland marine, workers compensation, crime, and surety coverages held steady in the first quarter, while rates for all other coverages either moderated or increased.

“The plus 1% composite rate index was driven by larger rate increases in commercial auto, transportation, professional and D&O rates,” Richard Kerr, CEO of MarketScout said in a statement. “We also recorded small rate increases in the majority of coverage and industry classifications. So, 2017 begins with insurers moving away from the rate cuts of 2016.”

Small accounts (up to $25,000) were assessed a 1% rate increase in the first quarter of 2017. Medium accounts ($25,001 to $250,000) were flat, while both large ($250,001 to $1 million) and jumbo accounts (more than $1 million) saw rate decreases of minus 1% and minus 2% respectively, MarketScout said.

By industry class, every industry experienced a move toward higher rates in the first quarter, with transportation seeing the largest rate increase at plus 5%.

Lloyd’s to Establish EU Base in Brussels

One day after the UK set in motion its process for withdrawal from the European Union by triggering Article 50, Lloyd’s announced that it has chosen Brussels as the location for its European Union subsidiary.

A market of syndicates in London, Lloyd’s said its intention is to be ready to write business for the Jan. 1, 2019, renewal season. The move will enable the company to write risks from all 27 European Union countries and three European Economic Area states once the UK has left the EU. Because Britain remains a full member of the EU for at least two more years, there is no immediate impact on existing policies, renewals or new policies, including multi-year policies written during this period of time, according to the insurer.

In 2015, the EEA accounted for £2.93 billion ($3.66 billion) or 11% of its gross written premium, the organization said.

“It is important that we are able to provide the market and customers with an effective solution that means business can carry on without interruption when the UK leaves the EU,” Lloyd’s Chief Executive Inga Beale said in a statement. She added that Brussels met the critical elements of providing a robust regulatory framework in a central location.

“We are a market, we are unique, we are not like an insurance company – we needed to find a regulator with the resources and the bandwidth to regulate the Lloyd’s market,” Chairman John Nelson told Reuters.

Nelson said the Brussels subsidiary would employ dozens of staff in areas such as compliance and information technology, unlike banks that have said they may move hundreds of staff to the EU. The regulated company will also have its own board.

U.S. insurer AIG recently announced it was moving its headquarters from London to Luxembourg, and Lloyd’s insurer Hiscox is in the process of choosing between Luxembourg and Malta.

While the United Kingdom’s relationship with the European Union may have sometimes been a fractious one, the decision by 52% of its voters to leave the world’s biggest single market was an outcome that many experts and businesses did not expect, Neil Hodge wrote in the August 2016 Risk Management Magazine.

A month before the June 23 referendum, the 100 Group, which represents finance directors from the U.K.’s biggest companies, conducted a survey that found that not one of its members supported a British exit—or “Brexit”—from the EU. This view was echoed by Carolyn Fairbairn, director-general of the U.K.’s leading pro-business lobby group, the Confederation of British Industry (CBI). “The decision to leave the EU is not one that business would have chosen to take,” she said. “We know that the majority of our members wanted to stay in.”