Category Archives: Business Interruption

Immediate Vault Immediate Byte

RIMS Risk Forum 2018 India Kicks Off In Mumbai

Posted on by

MUMBAI – The inaugural RIMS Risk Forum 2018 India launched on November 13, and leading risk professionals from India and Asia-Pacific countries met for two days to address the challenges facing companies in the region. In a country of 1.3 billion people, expectations are for India’s risk management profession to grow, though some presenters acknowledged the proactive need to fill a potential talent gap.

During the opening keynote address, Dr. Viswanathan Ragunathan, CEO and general manager of the Varalakshmi Foundation said that examining the role of risk in Indians’ behavior and culture will initiate the dialogue among students and aspiring professionals.

“We are obviously a contradiction,” he said. “We are, at once, eternal optimists and fatalistic. At one level you can relate to what I’m saying in that Indians do not take too much risk in their day-to-day lives. Yet anyone who has taken the Mumbai trains knows…it’s almost as if we have a death wish.”

Ragunathan also discussed approaches he tends to use to assess risk, including viewing them in a VUCA environment (volatility, uncertainty, complexity and ambiguity), where one weighs how much of a situation is known against the results of controllable actions and their predictability.

“The management of volume,” he said, is ultimately at the heart of India’s challenges, and that issue is exacerbated by interconnected risks, such as a dense population and struggling infrastructure. He proposed transparency and broad communication within the Indian risk management community as starting points for solutions.

“The risk manager who understands the risk but does not share it widely does not help,” he said.

As the forum progressed, ISO31000 implementation, natural disasters and resilience, infrastructure, risk frameworks, data storage and diversity hiring practices were some of topics that received special focus on Tuesday.

“The State of Risk Management in India” was a Marsh-led panel on the findings from the newly-released, India-wide survey on risk management practices co-conducted by RIMS. The report found that risk managers are a crossroads in India, where they can assume greater leadership roles that transcend just compliance and insurance matters and can expand their knowledge base, hone their skillsets and gain access to best practices, tools and technology.

During “Thinking About Thinking in Risk Management,” Peter Young, PhD of the University of St. Thomas’ Opus, discussed the major questions facing risk managers today. He discussed how, according to his findings, experience rises dealing with uncertainty – as opposed to risk – as one looks further up on the corporate ladder.

“Risk is uncertainty when you have the capacity to measure it, and when you get to the executive suite you hardly ever deal with risk at all because you’re responsible for the strategy,” he said. “I would submit that’s broadly true among organizations at all levels. We are little ships bobbing in a big sea of uncertainty.

“[Executives] can bring a level of comfort operating in an environment of uncertainty. That turned out to be only partly true, but we think it’s an abiding truth that is slowly revealing itself.”

“Diversity in Corporate India” inspired some spirited discussions about how women’s voices and the concept of assumption are emerging as integral parts of hiring practices throughout organizations in India. Panelists were Ragunthian, Praveen Gupta, CEO of Raheja QBE General Insurance Co., and Carissa Hickling, Talent Acquisition Strategy and Technology Global Consultant for Siemens Technology India.

They spoke of how efforts to better represent women have progressed. Additionally, gay and lesbian communities are experiencing a new level of acceptance now since September, when the Supreme Court of India ruled parts of Section 377 – which was introduced in 1864 – was unconstitutional for criminalizing homosexuality. The panel agreed that while talent itself should win above all else, they acknowledged that it was a sign of progress for the nation and should be thought of as such by its corporate sectors. Hickling explained how Indian companies can now use be more open-minded in their hiring and promotion practices.

“When we look at onboarding plans and organizations, these are the moments of truth,” she said. “We can have conversations about making a small change to our HR system because this is an opportunity to change the first impression of our organization.”

She added that Siemens leadership is taking the initiative to recognize same-sex partners when discussing health benefits and taking the progress a step further extending the welcoming to transgender workers. “This is all happening very fast,” she said, “but it is a time when an organization can demonstrate that this is a time when this does matter.”

For more coverage of the forum, visit Risk Management Monitor’s Q&A with Shankar Garigiparthy.

Live RIMScast coverage of the forum is also available. Download Speaking with Leaders in Risk Management Part I and Part II.

And exclusively for RIMS members, download Peter Young’s audio live from Mumbai: Thinking about Thinking in Risk Management: New Skills for the Future.

Former NSA Director Talks Cybersecurity, Insurance at Advisen Conference

Posted on by

NEW YORK—Advisen’s Cyber Risk Insights Conference, held during Cyber Week, featured risk management professionals and more than 18 panels and sessions on Oct. 25. The keynote was delivered by Adm.

buy apixaban online achievephysiorehab.ca/wp-content/uploads/2023/10/jpg/apixaban.html no prescription pharmacy

Michael S. Rogers, former Navy commander of U.S. Cyber Command and Director of the National Security Agency (NSA), under the administrations of  Presidents Obama and Trump. Rogers discussed rising cyber threats and offered advice to providers and consumers as they assess their cyber insurance policies.

“For insurers, you need to be prepared, because the list of actors is growing and the threat is growing,” Rogers said. “Don’t build on a strategy [where you believe] things are getting better.”

He also put a particular spotlight on the fact that there is no universally accepted guideline for cyber threats when considering acts of war. Cyber, he said, differs from traditional triggers because there’s typically no physical injury or loss of life.

“You have these wholly different international views, because nation-states in western democracies do not have ownership of the web,” he said. “They do not control their citizens and control the flow of data,” as opposed to countries with greater control of information.

buy bactroban online achievephysiorehab.ca/wp-content/uploads/2023/10/jpg/bactroban.html no prescription pharmacy

“Because you have these broad, polar views it’s been difficult at times, on an international level, to get a consensus on what a framework be like to set a cybersecurity standard,” which Rogers added, could help define how a cyber attack might be considered an act of warfare.

buy strattera online achievephysiorehab.ca/wp-content/uploads/2023/10/jpg/strattera.html no prescription pharmacy

He proposed an approach that could start nations on a path to a universally accepted guideline: “Can get we get a smaller subset of issues to coalesce around a core group of principles, start small, and build from there? I think we’ll have success that way.”

Rogers noted that he is a proponent and believes incentivization may be the key to keeping businesses safer and maintaining lower premiums, using features of the automotive industry as an example.

“Automatic brakes and safer vehicles, for example, were an incentive for the buyer and the seller,” he said. “Production and consumption were all incentivized to make better decisions. I don’t know if it will work [with cyber insurance]. It’s all about risk.”

Rogers’ insight dovetailed along with the new information from the eighth annual Advisen cyber survey that Zurich Insurance released at the opening of the conference.

The percentage of companies that purchase cyber insurance, either via stand-alone policies or endorsements, has increased 40 points since 2011. This year’s results show a 10% increase from 2017, the largest year-over-year increase since its inception.

“Cyberrisks continue to change and businesses continue to look for ways to protect themselves from those risks,” said Paul Horgan, head of North America Commercial Insurance for Zurich North America. “These survey results provide a critical snapshot of the attitudes, concerns and actions of risk managers. It is our responsibility to respond to their needs and concerns with innovative services and solutions.”

Survey results show the two most influential factors driving cyber insurance purchases in the past year:

  • regulatory changes such as the European Union’s (EU) General Data Protection Regulation (GDPR), and
  • business continuity risks such as the Dyn distributed denial of servicer (DDoS) attack, WannaCry and NotPetya events. These caused significant losses to businesses around the world, shutting down network systems and in many cases slowing or actually halting business operations.

The Advisen data reflects a stark contrast to the feedback from last year’s survey, which found that just 10% of respondents identified business interruption as the primary reason for purchasing cyber insurance and that purchase growth had gone stagnant after a steady six-year increase from 35% to 65%.

These factors were two of the top emerging cyberrisks identified by Risk Management magazine in early 2018.

Q&A: California Businesses Prepare for the Next Quake

Posted on by

On October 18, more than 10 million Californians participated in The Great Shakeout to prepare for the next catastrophic earthquake and bring awareness to earthquake preparedness across the state. The United States Geological Survey (USGS) predicts a 99% chance of a magnitude 6.7+ earthquake in the Bay Area within the next 30 years, preparation is essential.

Kate Stillwell is a structural engineer and founder and CEO of Jumpstart, a new earthquake insurance provider which helps families and individuals following a disaster via text. As a business owner and lifelong Californian, Stillwell took part in the Shakeout and shared her experience and insight for earthquake preparedness.

Risk Management Monitor: How difficult is it to get businesses to take part in an event like the Shakeout?

Kate Stillwell: The trick is to make it fun. It only takes a few minutes, and if you can get some good laughs out of it, all the better. Also, for the San Francisco Bay Area, the anniversary of the 1989 Loma Prieta earthquake is always the same week as ShakeOut, so people remember and talk about it around the proverbial water cooler.

RMM: How beneficial is it for them to take part?

KS: It builds muscle memory. You need to know what to do without thinking because you won’t be thinking.  Just as important is that the drill strikes up a conversation about other ways to get prepared, not just at work, but at home, too.

RMM: What did you take away from this year’s event?

KS: We got a great video of ourselves and since we’re in a co-working space, we did it in front of all the other startups, which reminded them they need to practice and get prepared, too. 

RMM: What are some commonalities that small, medium and large businesses share when preparing for earthquakes?

KS: Businesses of all sizes must keep their employees safe. Employees need to know how to react, to “Drop, cover, and hold on,” like we emphasize during the ShakeOut, and to climb under desks or other sturdy objects and stay put. Businesses also generally face the challenge of convincing employees to take preparation seriously and review preparedness plans, that’s why national events like the Great ShakeOut are such an effective tool.

RMM: How do small, medium and large businesses differ when preparing?

KS: Small businesses have the advantage of all co-workers knowing one another and being able to physically look out for each other in the event of a disaster. For homeowners, we always say that neighbors are the people you’ll rely on in the event of a disaster, and it really is similar at work. Colleagues are able to look out for each other in the event of an earthquake, and this is much easier for smaller teams. In a larger business, you can replicate these positive effects by grouping people by team.

RMM: How have preparedness plans changed in recent years? What significant improvements, if any, have you noticed or instituted?

KS: The rapid development and improvement of earthquake sensor networks have been the most significant improvement in earthquake preparedness recently. The USGS ShakeAlert system began Phase 1 operations just a couple days ago, providing hospitals, transit systems, and other institutions the earliest possible earthquake warnings so they can initiate life-saving operations. It’s not enough time to evacuate a building, but it is enough time to stop the elevators and open the doors, so people don’t get trapped. These kinds of full-system improvements are making huge strides in helping us prepare and stay one step ahead of the next big earthquake.

RMM: What are some difficulties California businesses – or businesses with operations there – face, that differ from those in other high-risk areas?

KS: One of the biggest factors is downtime. There are so many externalities outside of a business’ control, which affect how soon an operation can get back up and running. The prudent approach for a business with operations in California is to locate any operations requiring continuous uptime, such as out-of-state data centers. Also, consider designating a secondary location for executive operations until the home facilities can be occupied.

RMM: What are the most effective safety drills businesses can perform?

KS: No matter what type of emergency, a really important drill is to practice an alternative chain of command with a command-and-control style of making decisions.  This is so foreign to the normal style of making decisions. In emergency situations, the best person to be in the “command” position is usually not the day-to-day business leaders; it’s someone with emergency response training.

Visit here for more information about Jumpstart.

Data Breaches Taking Slightly Longer To Detect, Study Finds

Posted on by

Despite rising global awareness of data breaches in various industries, organizations experienced an increase in the number of days to identify a data breach over the last fiscal year. According to a new study conducted by the Ponemon Institute and published by IBM, it takes an average of 197 days for a company to identify a breach – up six days from 2017 – and an average of 69 days to contain it (which also showed a three-day increase from 2017).

“We attribute the increase in days to the growth in the use of IoT devices, extensive use of mobile platforms, increased migration to the cloud and compliance failures,” study authors said in 2018 Cost of Data Breach Study: Impact of Business Continuity Management.

This year’s study included 2,634 employees from 477 companies in 17 industries in 13 countries and two regions. The study found that the average total cost of a data breach in 2018 is .

buy biaxin online imed.isid.org/wp-content/uploads/2023/10/jpg/biaxin.html no prescription pharmacy

86 million; $1.45 million is attributable to the most-costly component, which is lost business cost. The least expensive component is data breach notification at The least expensive component is data breach notification at $0.16 million.

Ponemon also included a framework for measuring the cost of mega breaches, which are breaches involving at least 1 million compromised records. There is also a special analysis of the cost to recover from a data breach.

buy cytotec online imed.isid.org/wp-content/uploads/2023/10/jpg/cytotec.html no prescription pharmacy

Some notable findings include:

  • The average cost per compromised record at the surveyed organizations was $148 in fiscal year 2018, up from $141 in 2017 but down from $158 in 2016.
  • The larger the data breach, the less likely the organization will have another breach in the next 24 months.
    buy robaxin online imed.isid.org/wp-content/uploads/2023/10/jpg/robaxin.html no prescription pharmacy

  • Healthcare organizations took an average of 55 days to detect a breach, but 1,037 days to contain it.

To download IBM’s survey, click here.