As ransomware continues to spread and payment costs increase, cyber insurance rates have gone up exponentially. As a result, it is more important than ever for companies to understand their cyber vulnerabilities and exposures so they can ensure they are properly covered. One way to do this is through analytics.
online pharmacy mobic with best prices today in the USA
In a presentation at the RIMS TechRisk/RiskTech virtual event, Scott Stransky, managing director and head of the Cyber Risk Analytics Center at Marsh McLennan, outlined some of the key data that can help companies get a full view of their risk.
According to Stransky, there are five categories of data that are most important to determining your risk profile. Much of this data is in publicly available datasets that insurers already consult, so it is important that you have a handle on this information as well so you know how underwriters and other outsiders are viewing you:
Firmographics: company demographics like revenue, employee count, industry, location, and company hierarchy
Historical incidents: past breaches and insurance claims
Technographics: a company’s external cybersecurity posture including the presence of firewalls, open ports, frequency of system patching, as well as internal cybersecurity practices like password management and data encryption
Scoring: combines firmographics, historical incidents and technographics into a single number that designates the level of vulnerability
Loss modeling: brings all elements together to predict the likelihood and cost of an event
Armed with this data, companies can take steps to make it easier to access optimal cyber insurance coverage and better insurance pricing. These could include improving your security and claims posture by addressing potential cybersecurity gaps, updating incident response plans, and identifying vendor partners to help improve security posture or respond to incidents. Companies can also explore policy structure options in terms of different program components (limits, attachment, coverage, risk retention, etc.
online pharmacy isofair with best prices today in the USA
) and consider alternative terms and conditions.
online pharmacy robaxin with best prices today in the USA
Finally, it is important to provide robust underwriting data by using assessment tools to minimize the need for supplemental applications, preparing for additional questions from underwriters, and highlighting significant cybersecurity updates and improvements over the past year.
In particular, companies should focus on what Stansky called the top 12 cybersecurity controls for risk mitigation, resilience and insurability:
Multifactor authentication (MFA)
Endpoint detection and response
Secured, encrypted and tested backups
Privileged access management
Email filtering and web security
Patch and vulnerability management
Cyber incident response planning and testing
Cybersecurity awareness training
Hardening techniques, including remote desktop protocol mitigation
Logging and monitoring/network protection
End-of-life system replacement
Vendor/digital supply chain risk management
For those that missed RIMS TechRisk/RiskTech, you can register and access the virtual event here. Sessions will be available on-demand for the next 60 days.
For risk professionals in India, the COVID-19 pandemic has underscored the critical need to build business resilience and develop mature yet flexible business continuity plans to address both short- and long-term threats. In the new Marsh and RIMS report Excellence in Risk Management India 2020, Spotlight on Resilience: Risk Management During COVID-19, 63% of risk professionals in India said a new pandemic or continued fallout from COVID-19 was a top risk facing their organization, followed by cyberattacks (56%), data fraud or theft (36%), failure of critical infrastructure (33%), fiscal crises (31%), and extreme weather events (25%).
This mix of top risks illustrates the critical task before risk professionals heading into 2021: ensuring capability and procedures to respond to fast-emerging disasters, while not losing sight of the critical work to boost baseline resilience against foreseeable risks across the enterprise.
“Organizations need to balance their focus between longstanding and emerging risks,” said Sanjay Kedia, country head and CEO of Marsh India. “While there has long been an awareness of weather-related risks, low-frequency risks generally receive less attention. The pandemic has underlined the need for risk managers to keep all perils on their radar.”
But, as our survey shows, the use of advanced risk management techniques in India remains limited—for example, more than one-fifth of respondents do not assess or model emerging risks,” the report noted.
This is particularly the case with emerging cyberrisks. Cyberattacks and data loss or theft ranked among the top three threats, and the pandemic escalated the already rising number of cyberthreats to companies in India with the shift to remote work, online business, and ransomware attacks. Indeed, the report noted that the pandemic led to a surge in cyberattacks against Indian companies, with New Delhi among the top 10 most often attacked cities with regard to ransomware in 2020, and more than a third of Indian respondents to a June survey by Microsoft reporting they had fallen prey to a pandemic-related phishing email. Yet only a third of respondents to the Marsh/RIMS report said they model potential cyber loss scenarios, and only 26% plan to do so in the next year. Key cyberrisk management measures and the rate of implementation among Indian companies include:
Whether it is phishing attacks on employees or internet outages interrupting operations in the supply chain, the report notes that the next major event for Indian companies could well be a cyberattack. Focusing on building cyber resilience was one of the report’s four key recommendations, noting “organizations should shift their focus from solely trying to prevent an attack to accepting the inevitability of a cyber event and taking action to mitigate its effect.”
The report’s other top recommendations for risk professionals in India were:
Regularly review existing business continuity plans – “Companies should carefully review and refine their business continuity plans. They should ensure their plans enable them to respond effectively to threats that bring short-term pain and long-term and widespread challenges, as is the case with COVID-19.”
Embrace the changing working environment – “Lockdowns intended to stem the spread of COVID-19 required many companies to quickly move to remote working, change their business models, and implement new safety measures upon return to the workplace. Other perils, like a natural disaster, could necessitate and precipitate such shifts, even if shorter in duration. Businesses should invest in structures that allow employees to work remotely effectively, efficiently, and safely and should educate employees on new ways of working under changing circumstances.”
Remap and remodel your supply chain – “The COVID-19 pandemic emphasizes the need to re-examine supply chains regularly, with special focus on understanding the resilience and reliance of vendors. Companies would benefit from understanding their vendors’ ecosystems; both to provide a clearer view of how they could be affected by different risks and to review contracts to better understand liabilities.
Moving forward, there is considerable room for risk professionals to be more involved in scenario analysis and strategy
In December, RIMS introduced additional resources specifically for risk professionals in India looking to elevate their risk practice. The report was released around the recent RIMS Virtual Risk Forum India 2020, which brought together hundreds of risk and insurance professionals from across India and around the world. Soon thereafter, the risk management society also announced the official formation of a RIMS India Chapter.
“The exchange of knowledge and experience drives the risk management profession, allowing practitioners to more effectively enhance corporate decision-making, strengthen resiliency and leverage new and exciting opportunities for their organizations,” said Roop Kumar, chief of risk at SBI Life and inaugural president of the India chapter’s board of directors. “RIMS India Chapter will quickly become an exceptional resource for all business leaders. We look forward to delivering cutting-edge risk management insight to support our members as they advance their programs and their careers.”
Other members of the inaugural board of the India chapter include: Keerthana Mainkar, head ERM at Infosys; Amol Padhye, head of market risk at HDFC Bank; Amber Gupta, head legal and corporate secretary at Birla Sunlife Insurance; Anand Shirur, CEO of Digitangle Consulting PVT, Ltd; Steward Doss, associate professor at National Insurance Academy; Monika Mittal, professor at BIMTECH; Shibyanshu Sharma, vice president of risk management at SBI Life; and Yogesh Ghorpade, head of ERM and insurance lead at Thermax Industries.
“RIMS India’s Board of Directors truly represent a cross-section of the country’s risk management community,” said Gopal Krishnan K S, head of RIMS India Operations. “The Society looks forward to learning from their unique experiences and welcoming others to contribute so that, together, we can develop the highest standard of risk management education to address corporate India’s biggest concerns.
Recently, the Association for the Management of Risk And Insurance of Enterprise (AMRAE) and EY jointly released the 11th edition of the RMIS Panorama, offering an in-depth look at the organizations and professionals who are using risk management information systems (RMIS), how well they have adapted, and guidance for those seeking their first or newest framework.
After surveying 570 risk managers and 36 vendors from more than 30 countries, Panorama’s authors note the top reported benefits from RMIS were the ability to spend more time analyzing (and not collecting) data, harmonizing practices and reducing silos. Of those who have adopted these systems, 47% are in the industry and services sector, followed by 31% in banking and insurance and 12% in the public sector.
Some other key takeaways from the report include:
54% of risk managers already use an RMIS and report a 71% satisfaction rate.
Though a majority of risk managers said they wish to keep RMIS costs at less than €300,000, last year marked the first increase for RMIS budgets totaling more than €1 million (approximately $1.12 million). This trend was largely driven by activity in North America, and a 2% increase is projected for 2019.
Ease-of-use is still the main criteria for selecting an RMIS tool. The market is seeing an increasing demand for “ergonomic and advanced reporting” within the solution.
According to the report (which can be found here in both English and French), there has been a 60% year-over-year increase in RFP solicitations for RMIS from the international risk management community since 2013. Francois Beaume, AMRAE vice president and VP of risks and insurance at Sonepar, said he expects the trend to continue and noted that the report can serve as impartial guidance to help risk professionals find the right RMIS vendor and system for their organization.
online pharmacy isofair with best prices today in the USA
The report also offers insight on best practices around the RMIS lifecycle from the original requirement design phase to the change management program following implementation.
“Our approach is based on two critical pillars – objectivity and neutrality,” Beaume explained. “As an increasing number of risk professionals seek their first or new RMIS models, they may need help selecting or even adapting them to their own methodologies.”
Panorama also explores the most requested RMIS modules, which range from risk mapping and incidents management to audit. Internal control and audit garnered high satisfaction rates among professionals, both exceeded 80% in cumulatively “meeting” or “exceeding” expectations.
Additionally, the report includes testimonials from six global risk managers on their experiences with RMIS.
online pharmacy avodart with best prices today in the USA
For example, according to Susan Hiteshew, a RIMS board member and senior director of insurance for the Americas at Marriott International, RMIS systems provide a “one-stop shop for data aggregation, reporting and analysis” that “builds a single source of truth when making decisions.”
To fellow risk managers starting the process, Hiteshew advised, “Rather than reproducing work within the system, companies undergoing an implementation must begin with the end in mind and work backward to build and validate processes to realize the full RMIS value. This helps minimize the execution risk that can materialize and offset the system’s advertised value proposition.
online pharmacy lariam with best prices today in the USA
“
Francois Beaume was recently a featured guest on RIMScast to discuss the Panorama‘s findings and international market trends. Download the free podcast episode here.
From a risk management perspective, one of the benefits of automation is that robots can play a significant role in reducing injuries when deployed to replace or support workers in high-hazard jobs, such as those involving high force and repetition. Yet, without appropriate risk assessments, their benefits can become skewed in other situations.
Unfortunately, many companies still make critical automation decisions without adequately engaging risk management, which can leave workers vulnerable to a new set of unanticipated workplace hazards. By some estimates, manufacturers will deploy 1.2 million new robots in the next decade; the expanding use of robotics may bring numerous new significant safety considerations along with a critical need for effective risk management.
As the trend toward greater automation gains momentum, here are six tips for risk managers to assess automation-related workplace hazards and help their organizations achieve the gains they envisioned with these major investments:
Do not underestimate the value risk management brings to automation. Although automation is not new, companies still have much to learn about its effective deployment and implementation – especially in situations where the aim is increased productivity.
Risk managers need to be actively involved in assessing potential risks as automation purchasing decisions are made, as well as in planning and managing implementation, related employee training and post-implementation safety assessments and injury monitoring.
Initiate a dynamic dialogue. When the aim of investing in robotics and automation is specifically for productivity improvement, the starting point should be for risk and operations managers and safety/ergonomics experts to open a dialogue with workers in units designated for automation; they are much more flexible than robots and can offer insights on improving the workplace, reducing injuries and driving efficiency – either without significant investment or by focusing deployment of automation where it is likely to have the greatest impact.
Focus on human factors with increased automation. As plants become more fully automated, the interface between the equipment and employees becomes increasingly significant. Historically, there has been an increased emphasis on automation, but an insufficient focus on the human interface. With more industries retooling plants and upgrading operations, the premium will be on the intelligent design of the next generation of facilities. It calls for the use of advanced tools, such as HumanCAD 3D, to analyze the impact of new equipment on human operators, production, and maintenance, as well as assessments from ergonomics and risk management professionals.
Understand automation is not a panacea. Even the latest robotics may not address every issue, such as assembly tasks that require very fine motor skills, hand-eye coordination and higher-level thinking (such as complex assemblies, part orientation, inspection and precision fits). The automation of some tasks ultimately could require higher rates of repetition in the upper extremities of workers. In this case, ergonomic workstation design, scheduled breaks and worker feedback will be keys to prevent injuries and achieve gains in quality and productivity.
Do not overlook worker demographics. Although automation may help all workers raise their productivity levels, implementation should account for the needs of an aging workforce. Businesses with multiple manufacturing facilities may have to refine workstations, signage, and lighting in areas with higher concentrations of older workers to achieve consistent productivity gains across all operations.
Monitor potential worker safety issues with new product designs. Some forward-looking organizations are pushing for the application of design rules and human factors analysis to evaluate the “Design for Assembly and Ergonomics” (DFMAE) process. In these situations, product designers and advanced manufacturing equipment engineers collaborate with ergonomists to evaluate new product designs and the manufacturing equipment that goes with it. Until such approaches become widespread, it makes sense to check how new product designs might affect assembly workers.
Even slight adjustments in product design, manufacturing equipment or workstations can make the job easier and less stressful for employees without expensive robotics.
Investments in highly sophisticated equipment require thorough evaluation of all potential risks involving the interface between the equipment and employee. In some cases, operating equipment may expose workers to a range of injuries, such as repetitive motion issues. And high-speed mobile equipment can pose an outright danger on a factory floor without the delineation of designated “safety zones.” As key members of their organization’s automation team, risk managers play a critical role in anticipating and assessing exposures, developing remedies and facilitating success to ensure robots are working in collaboration with employees and not creating new, unanticipated risks.
