Author Archives: Morgan O'Rourke

About Morgan O'Rourke

Morgan O’Rourke is editor in chief of Risk Management magazine and director of publications for the Risk & Insurance Management Society (RIMS).
Immediate Vault Immediate Access

Managing Sanctions Risk from Russia’s War on Ukraine

Posted on by

Since Russia began attacking Ukraine on February 24, thousands of people have been killed and over a million people have had to flee their homes, presenting one of the largest refugee crises Europe has ever experienced. In addition to the tragic human losses, the Russian invasion of Ukraine has triggered wide-ranging economic impacts. Among them, the European Union, United Kingdom, United States, Canada, Japan and others have enacted sweeping financial sanctions on Russia in an effort to pressure President Vladimir Putin to end the conflict. These sanctions have targeted Russia’s financial system and its international financial connections by restricting transactions between Russian banks and those in other countries, most notably through the SWIFT global financial network.

The economic impacts of these sanctions will likely affect many industries around the world, whether organizations deal with Russia directly or indirectly through third countries. In a briefing yesterday, global risk consultancy Control Risks discussed some of the risk management considerations and steps companies need to take as the sanctions landscape continues to evolve. According to panelist Henry Smith, partner and head of business intelligence and due diligence in EMEA at Control Risks, there are five key areas risk professionals should focus on to address the risk facing their companies as a result of these sanctions:

  1. What are your nexuses to Russia (including outside Russia)? Organizations need to look at their touchpoints with Russia, including investors and shareholders, lenders and banks, direct and indirect clients, contractual counterparties, and goods and services sourced directly or indirectly from Russia.
  2. Which sanctions apply to your organization?
    online pharmacy azithromycin with best prices today in the USA

    The applicability of sanctions will vary based on your sector, the nationality of the people within the organization, and the currencies you use. It is helpful to note that, currently, there is greater consensus among various sanctions regimes so you may not have to parse through conflicting degrees of severity—consistent sanctions against Russia are being imposed, at least across most Western countries.
  3. What risks are you exposed to? Conduct a risk assessment around which sanctions you are exposed to and whether there are any business activities, relationships or practices you need to end or change in some way. This involves regularly screening Russian counterparties against sanctions lists and undertaking detailed analysis of higher-risk relationships.
  4. How do you respond? Review the implications of any decisions on employees and on contractual obligations, both with direct and third-party clients. Consider any impact winding down activities in one area may have on other business areas. Be sure to engage with regulators, enforcement agencies, banks and insurers for guidance.
    online pharmacy periactin with best prices today in the USA

  5. What do you do as sanctions regimes evolve? Sanctions will change in response to security and political developments over the coming weeks and months, so it is important to stay informed of any communications from authorities.
    online pharmacy reglan with best prices today in the USA

    Review and read guidance from regulators, enforcement agencies, banks and insurers, and benchmark with industry peers to make sure you can still operate effectively.

Overall, when deciding whether to continue doing business with Russia, companies will need to consider both reputational and ESG-based perspectives as well as practical issues around your ability to do business, such as maintaining the working capital required to continue operations and ensuring that goods and services can still move through the supply chain.

Experts expect that the Russia-Ukraine crisis will have a long-term impact on the global economy and many effects of these sanctions may not be felt for weeks or months. Companies will need to remain vigilant in order to stay ahead of the risks.

RIMS TechRisk/RiskTech: Using Cyberrisk Analytics to Improve Your Cyber Insurance Program

Posted on by

As ransomware continues to spread and payment costs increase, cyber insurance rates have gone up exponentially. As a result, it is more important than ever for companies to understand their cyber vulnerabilities and exposures so they can ensure they are properly covered. One way to do this is through analytics.

online pharmacy mobic with best prices today in the USA

In a presentation at the RIMS TechRisk/RiskTech virtual event, Scott Stransky, managing director and head of the Cyber Risk Analytics Center at Marsh McLennan, outlined some of the key data that can help companies get a full view of their risk.

According to Stransky, there are five categories of data that are most important to determining your risk profile. Much of this data is in publicly available datasets that insurers already consult, so it is important that you have a handle on this information as well so you know how underwriters and other outsiders are viewing you:

  1. Firmographics: company demographics like revenue, employee count, industry, location, and company hierarchy
  2. Historical incidents: past breaches and insurance claims
  3. Technographics: a company’s external cybersecurity posture including the presence of firewalls, open ports, frequency of system patching, as well as internal cybersecurity practices like password management and data encryption
  4. Scoring: combines firmographics, historical incidents and technographics into a single number that designates the level of vulnerability
  5. Loss modeling: brings all elements together to predict the likelihood and cost of an event

Armed with this data, companies can take steps to make it easier to access optimal cyber insurance coverage and better insurance pricing. These could include improving your security and claims posture by addressing potential cybersecurity gaps, updating incident response plans, and identifying vendor partners to help improve security posture or respond to incidents. Companies can also explore policy structure options in terms of different program components (limits, attachment, coverage, risk retention, etc.

online pharmacy isofair with best prices today in the USA

) and consider alternative terms and conditions.
online pharmacy robaxin with best prices today in the USA

Finally, it is important to provide robust underwriting data by using assessment tools to minimize the need for supplemental applications, preparing for additional questions from underwriters, and highlighting significant cybersecurity updates and improvements over the past year.

In particular, companies should focus on what Stansky called the top 12 cybersecurity controls for risk mitigation, resilience and insurability:

  1. Multifactor authentication (MFA)
  2. Endpoint detection and response
  3. Secured, encrypted and tested backups
  4. Privileged access management
  5. Email filtering and web security
  6. Patch and vulnerability management
  7. Cyber incident response planning and testing
  8. Cybersecurity awareness training
  9. Hardening techniques, including remote desktop protocol mitigation
  10. Logging and monitoring/network protection
  11. End-of-life system replacement
  12. Vendor/digital supply chain risk management

For those that missed RIMS TechRisk/RiskTech, you can register and access the virtual event here. Sessions will be available on-demand for the next 60 days.

RIMS ERM Conference 2021: Lloyd’s Chairman on the Vital Role of Risk Management in Fighting Climate Change

Posted on by

With climate change quickly becoming one of the most important issues facing the world, Lloyd’s Chairman Bruce Carnegie-Brown stressed the importance of ESG initiatives to address the threat, as well as the vital role of risk managers, in today’s keynote address at the RIMS ERM Conference 2021 in New York City.

As evidenced by the increasing number of weather and climate-related natural disasters in recent years, the stakes couldn’t be higher for organizations and communities around the world, according to Carnegie-Brown. “Disruption, poorly managed, could destabilize our economy,” he said.

buy vidalista online sinusys.com/email/img/jpg/vidalista.html no prescription pharmacy

“Delay could destroy our ecosystem.”

Failing to take action on the climate change threat is not a sustainable strategy and will only exacerbate the damage in the future, Carnegie-Brown warned. In the face of these threats, risk managers have an important role to play in helping their organizations embrace ESG and become more resilient. “A business’s risk operations are an essential component of building ESG into the organization—often they are the driving force.

buy ciprodex online sinusys.com/email/img/jpg/ciprodex.html no prescription pharmacy

” he said. “Executives rely on their insight to power their decisions and navigate the pitfalls of new challenges. Like insurance, it enables braver decisions and more courageous action. Communicated effectively, that insight can establish a permanent place at the table for risk management.”

To be most effective, Carnegie-Brown suggested that risk managers play close attention to how they are perceived and how they interact with the rest of the organization. “If risk managers are perceived as being reactive, we need to make sure we are on the front-foot in understanding and assessing these emerging issues,” he said. “If we’re perceived as operating in the shadows, we need to be transparent in our methodology and in our motives. And if we’re perceived as obstructive, we should consider a flexible approach that allows our organizations to act innovatively and with an awareness of the potential risk.”

While it represents a daunting challenge, Carnegie-Brown saw an opportunity for risk managers to demonstrate their value by taking on the difficult task of developing organization-wide plans to address climate change. “Those plans must account for the multifaceted nature of environmental risk, they must employ the best of our skills and technologies to communicate the risk to our stakeholders, and they must be built to facilitate and orderly and urgent transition,” he said.

buy spiriva online sinusys.com/email/img/jpg/spiriva.html no prescription pharmacy

“Achieving this will allow us to carve out a pioneering role for risk management in the fight against climate change, while helping our organizations to become more inviting to investors, more attractive to prospective employees, and more likely to last sustainably in the decades to come.”

10 Tips for Securing Responsive Cyber Coverage

Posted on by

SAN DIEGO—With hacking incidents becoming all too common, risk managers are under increasing pressure to help protect their companies from the inevitable breach. Insurance is an option but policy forms are still developing. In a session at RIMS 2016, Joshua Gold, a shareholder with Anderson Kill and Debbie Gramer, director of global risk management at Arrow Electronics, Inc., offered the following 10 tips to risk mangers looking to secure the best possible coverage for their organizations.

  1. Be careful with insurance applications.
    buy anafranil online www.nicaweb.com/images/layout1/gif/anafranil.html no prescription pharmacy

    Use precise language to convey your exposures to underwriters. Never answer “yes” or “no” to a question that doesn’t really have a yes or no answer.

  2. Retro dates. Hackers can be in systems for days, months or even years so it is important push retro dates back as far as possible.
  3. Look for clear policy coverage. Forms and terms change over time as the risks shift. Having clear language can remove ambiguity.
  4. Symmetry with other insurance (e.g., CGL, property). Review existing policies to determine where there may or not be coverage gaps.
  5. Get endorsements of special coverage needs. If you have exposures from cloud providers and third-party vendors, for example, you will need to specifically address these. Exclusions matter.
  6. If you accept payment cards, be aware of PCI issues and card brand fines and penalties.
  7. Address sub-limit concerns. Losses can be expensive. Make sure sub-limits are adequate.
  8. Beware of breach of contract exclusions.
  9. Beware of conditions on “reasonable” cybersecurity measures. “Reasonable” is a  subjective term. Specifically define security measures to remove any grey areas that could lead to a coverage dispute.
    buy vibramycin online www.nicaweb.com/images/layout1/gif/vibramycin.html no prescription pharmacy

  10. Business interruption and reputational damage insurance may be vague but they are becoming more relevant. Business disruption is quickly becoming the most important operational consequence of a hacking incident.
    buy zofran online www.nicaweb.com/images/layout1/gif/zofran.html no prescription pharmacy

    Make sure you are protected.