A New Approach to Managing a ‘Classic’ Reputation

coca cola sweetener challenge

A new Coca-Cola-sponsored contest seems to publicly acknowledge its reputational risk, but at a minimal cost that could manage or even reduce it.

In early August, the beverage giant announced its Sweetener Challenge, seeking non-employees (preferably scientists or agriculture or nutrition professionals) who can bring the company a “natural, safe, reduced, low- or no-calorie compound that generates the taste sensation of sugar when used in beverages and foods.” The winner will be announced in Fall 2018 and will receive $1 million.

Taxes on soda, the decline of its consumption, and mounting data that sours on sugar has unquestionably affected the bottom line for the company and put pressure on the broader beverage industry. By initiating the contest, Coke seems willing to try a fresh approach to manage or favorably alter its reputation as a brand founded on sugary cola, while simultaneously attracting and retaining consumers and generating sales. That seems far less risky than not trying new techniques.

“[Reputation risk] is created when expectations are poorly managed and exceed capabilities, or when a company simply fails to execute,” wrote Nir Kossovsky in the 2014 Risk Management article “How To Manage Reputation Risk.” “Managing expectations is all about governance, operations and risk management—the blocking and tackling of running a business. Clearly, there can be perverse brilliance in a business strategy of setting expectations very low.”

Last year, Coca Cola suffered a net revenue decline from $11.5 to $9.7 billion, making the $1 million prize a cost-efficient gamble that, as Kossovsky suggested, can “conceptualize an ideal state and implement a roadmap to reduce reputation risk.”

Other companies have turned to their audiences for new ideas to increase awareness and improve their reputations. Folgers was jonesing for a new jingle this year and paid a songwriting duo $25,000 for a flavorful new take on “the best part of waking up.”

Even the commercial aviation industry sought out-of-this-world innovations from average stargazers. When the X Prize Foundation wanted to inspire the private sector to pursue commercial space flight, it did so with a $10 million prize. The pursuit of the Ansari X Prize generated $100 million in new technologies and was ultimately won by the Tier One project’s ShapeShipOne, which was financed by Microsoft co-founder Paul Allen.

According to Kossovsky, “reputational events are tried in the court of public opinion,” and Coke’s will both there and in stores. The company’s new sugar substitute will be announced in October 2018 and will eventually make its way into supermarkets. With just a few sips, consumers can ultimately decide if the company’s investment and reputation risk management technique was a sweet move.

Marsh Tracks Top Captive Trends

The number of captive insurers continues to increase globally, from 5,000 in 2006 to more than 7,000 in 2016. Once formed primarily by large companies, the captive market has opened up to mid-size and small businesses. The industry is also seeing a trend in companies forming more than one captive, using them for cyber, political risk and other exposures, according to a recent Marsh report, Captives at the Core: The Foundation of a Risk Financing Strategy.

Organizations are seeing disruptions in a number of areas and are relying more on their existing captives, Marsh said. Because of their flexibility, captives are also being used to respond to market cycles and organizational changes such as mergers and acquisitions.

While North America and Europe still dominate in numbers of captives, other regions have shown more interest in the past three years. In Latin America, captive formation increased 11% in 2016, the study found.

Within the United States, there is more competition among domiciles and some of the newer domiciles are experiencing growth. The top-growing U.S. domiciles in 2016 were Texas, Connecticut, Nevada, New Jersey, Tennessee, and New York. Domiciles outside the U.S. seeing the most growth include Sweden, Guernsey, Singapore, Malta, and the Cayman Islands.
As organizations’ exposures increase in number, complexity and severity, shareholder funds generated by captives are becoming more important. According to Marsh:

For many clients, captives are at the core of their risk management strategy, going beyond the financing of traditional property/casualty risks.

Specifically, we are seeing an increase in parent companies using captive shareholder funds to underwrite an influx of new and non-traditional risks, including cyber, supply chain, employee benefits, and terrorism, as well as to develop analytics associated with these risks and fund other risk management initiatives.

Risk management projects funded by captive shareholder funds in 2016 included initiatives to determine capital efficiency and optimal risk retention levels in the form of risk-finance optimization; quantify cyber business-interruption exposures; accelerate the closure of legacy claims; and improve workforce and fleet safety/loss control policies.

For example, Marsh-managed captives used to address cyber liability increased by 19% from 2015 to 2016. Since 2012, in fact, cyber liability programs in captives have skyrocketed 210%.
“We expect to see a continued increase, driven in part by companies that are already strong captive users and by those that may have difficulty insuring their professional liability risks,” Marsh said.

Disruptive Technologies Present Opportunities for Risk Managers, Study Finds

PHILADELPHIA–Disruptive technologies are used more and more by businesses, but those organizations appear to be unprepared. What’s more, companies seem to lack understanding of the technologies and many are not conducting risk assessments, according to the 14th annual Excellence in Risk Management report, released at the RIMS conference here.

The study found an apparent lack of awareness among risk professionals of their company’s use of existing and emerging technologies, including the Internet of Things (IoT), telematics, sensors, smart buildings, and robotics and their associated risks. When presented with 13 common disruptive technologies, 24% of respondents said their organizations are not currently using or planning to use any of them. This is surprising, as other studies have found that more than 90% of companies are either using or evaluating IoT technology or wearable technologies and that companies in the United States invested $230 billion on IoT in 2016.

Another finding was that despite the impact disruptive technology can have on an organization’s business strategy, model, and risk profile, 60% of respondents said they do not conduct risk assessments around disruptive technologies.

“Today’s disruptive technologies will soon be — and in many cases already are — the norm for doing business,” said Brian Elowe, Marsh’s U.S. client executive leader and co-author of the report said in a statement. “Such lack of understanding and attention being paid to the risks is alarming. Organizations cannot fully realize the rewards of using today’s innovative technology if the risks are not fully understood and managed.” According to the study:

Organizations generally, and risk management professionals in particular, need to adopt a more proactive approach to educate themselves about disruptive technologies — what is already in use, what is on the horizon, and what are the risks and rewards. Forward-leaning executives are able to properly identify, assess, and diagnose disruptive technology risks and their impact on business models and strategies.

This lack of clarity presents opportunity for risk professionals. In fact, previous Excellence reports have indicated that C-suite executives and boards of directors want to know what risks loom ahead for their organizations and increasingly rely on risk professionals to provide that insight.

“As organizations adapt to innovative technologies, risk professionals have the opportunity to lead the way in developing risk management capabilities and bringing insights to bear on business strategy decisions,” said Carol Fox, vice president of strategic initiatives for RIMS and co-author of the report. “As a first step, risk professionals are advised to proactively educate themselves about disruptive technologies, including what is already in use at their organizations, what technologies may be on the horizon, and the respective risks and rewards of using such technology.”

One thing companies can do to manage risks associated with disruptive technologies is facilitate discussions through cross-functional committees—yet fewer companies, only 48%, said they have one, a drop from 52% last year and 62% five years ago.

Whether discussed in weekly, monthly, or quarterly organization-wide committee meetings, emerging risks — including disruptive technologies — need to be examined regularly to anticipate and manage the acceleration of business model changes. When risk is siloed, too often the tendency can be toward an insurance-focused approach to risk transfer rather than an enterprise approach that may lead to pursuing untapped opportunities.

The Excellence survey, Ready or Not, Disruption is Here, is based on more than 700 responses to an online survey and a series of focus groups with leading risk executives in January and February 2017.

Findings from the survey were released today at the RIMS 2017 Annual Conference & Exhibition. Copies of the survey are available on www.marsh.com<http://www.marsh.com> and www.rims.org<http://www.rims.org>.

Dallas Alarms Hack a Warning of Infrastructure Vulnerability

Dallas residents were wide awake and in a state of confusion late Friday night when the city’s outdoor emergency system was hacked, causing all of its 156 alarms to blast for an hour-and-a-half until almost 1:30 a.m.

With some interpreting the warning as a bomb or missile, a number of residents dialed 9-1-1, but the number of calls—4,400 in all—overwhelmed the system, causing some callers to wait for up to six minutes for a response, the New York Times reported.

The alarms blasted for 90-second durations about 15 times, Rocky Vaz, the director of the city’s Office of Emergency Management, told reporters at a news conference.

Mr. Vaz said emergency workers and technicians had to first figure out whether the sirens had been activated because of an actual emergency. And turning off the sirens also proved difficult, eventually prompting officials to shut down the entire system.

“Every time we thought we had turned it off, the sirens would sound again, because whoever was hacking us was continuously hacking us,” Sana Syed, a spokeswoman for the city told the Times.

Eventually the alarms were turned off, which had to be done manually, one alarm at a time.

On Saturday afternoon the system, used for hurricanes and other warnings, was still down, but officials said they hoped to have it functioning soon. They also said they had pinpointed the origin of the security breach after ruling out that the alarms had come from their control system or from remote access.

Mr. Vaz said that Dallas had reached out to the Federal Communications Commission for help and was taking steps to prevent hackers from setting off the system again, but that city officials had not communicated with federal law enforcement authorities.

Security officials have warned about the risks that such hacking attacks pose to infrastructure, which is often aging and in disrepair. Federal data shows that the number of attacks on critical infrastructure appears to have risen: to nearly 300 in 2015 from just under 200 in 2012. Attacks include a 2008 oil pipeline explosion in Turkey; a 2015 hacking of Ukraine’s power grid, leaving 200,000 people in Western Ukraine without electricity for several hours; and in 2013, hackers tried to gain control of a small dam in upstate New York. Seven computer specialists, who worked for Iran’s Islamic Revolutionary Guards Corps., were indicted for trying to take over controls of the dam, according to the Times.