Category Archives: Technology Risk

Immediate Vault Immediate Access

A TechRisk/RiskTech Reading List from Risk Management Magazine

Posted on by

Last week, the RIMS TechRisk/RiskTech virtual event featured two days of education content on some of the biggest challenges and opportunities in modern risk management, focusing extensively on cyberrisk as well as risktech—the latest technology tools and techniques for managing risk. As the presentations made clear, technology introduces some of the greatest risks to organizations, but also some of the most promising innovations to introduce or enhance risk management.

“We all know that, ‘As fast as a business develops a strategy to protect their organization’s digital assets, cyber predators have already figured out their next move,’” said Patrick Sterling, vice president of legendary people and risk management at Texas Roadhouse Restaurants and 2022 president of RIMS. “So, risk professionals must do what risk professionals do best: We must adapt. And we must adapt quickly.”

“We can’t forget about the risks that preceded this pandemic, and top on that list stands technology,” Sterling added in his address during the event. “Cyber gets a bad rap—when we talk about risk, we must remember risk can lead to positive outcomes. While greater dependency on technology has opened the door to more threats, it also allows us to improve processes, keep employees safe, boost efficiencies and engage our customers in a whole new way.”

As a RIMS virtual event, the content from TechRisk/RiskTech will be available for attendees or new registrants to view on-demand for the next 60 days, and you can check out the sessions here.

Following the TechRisk/RiskTech event and last Friday’s international Data Privacy Day, risk professionals who want to learn more about cyberrisk and risktech topics can also check out a wealth of related articles from Risk Management Magazine. Whether you would like to keep up the education after attending TechRisk/Risktech or just want to catch up on topics like cyberrisk, ransomware, cyber insurance, risktech, artificial intelligence, the internet of things and connected devices, and other technology that can help manage risk, here’s a roundup of recent Risk Management articles on cyberrisk and risktech:

Tech Risk (Cyberrisk):

Risktech:

RIMS TechRisk/RiskTech: Emerging Risk AI Bias

Posted on by

On the second day of the RIMS virtual event TechRisk/RiskTech, CornerstoneAI founder and president Chantal Sathi and advisor Eric Barberio discussed the potential uses for artificial intelligence-based technologies and how risk managers can avoid the potential inherent biases in AI.

Explaining the current state of AI and machine learning, Sathi noted that this is “emerging technology and is here to stay,” making it even more imperative to understand and account for the associated risks. The algorithms that make up these technologies feed off data sets, Sathi explained, and these data sets can contain inherent bias in how they are collected and used. While it is a misconception that all algorithms have or can produce bias, the fundamental challenge is determining whether the AI and machine learning systems that a risk manager’s company uses do contain bias.

The risks of not rooting out bias in your company’s technology include:

  • Loss of trust: If or when it is revealed that the company’s products and services are based on biased technology or data, customers and others will lose faith in the company.
  • Punitive damage: Countries around the world have implemented or are in the process of implementing regulations governing AI, attempting to ensure human control of such technologies. These regulations (such as GDPR in the European Union) can include punitive damages for violations.
  • Social harm: The widespread use of AI and machine learning includes applications in legal sentencing, medical decisions, job applications and other business functions that have major impact on people’s lives and society at large.

Sathi and Barberio outlined five steps to assess these technologies for fairness and address bias:

  1. Clearly and specifically defining the scope of what the product is supposed to do.
  2. Interpreting and pre-processing the data, which involves gathering and cleaning the data to determine if it adequately represents the full scope of ethnic backgrounds and other demographics.
  3. Most importantly, the company should employ a bias detection framework. This can include a data audit tool to determine whether any output demonstrates unjustified differential bias.
  4. Validating the results the product produces using correlation open source toolkits, such as IBM AI Fairness 360 or MS Fairlearn.
  5. Producing a final assessment report.

Following these steps, risk professionals can help ensure their companies use AI and machine learning without perpetuating its inherent bias.

The session “Emerging Risk AI Bias” and others from RIMS TechRisk/RiskTech will be available on-demand for the next 60 days, and you can access the virtual event here.

RIMS TechRisk/RiskTech: Using Cyberrisk Analytics to Improve Your Cyber Insurance Program

Posted on by

As ransomware continues to spread and payment costs increase, cyber insurance rates have gone up exponentially. As a result, it is more important than ever for companies to understand their cyber vulnerabilities and exposures so they can ensure they are properly covered. One way to do this is through analytics.

online pharmacy mobic with best prices today in the USA

In a presentation at the RIMS TechRisk/RiskTech virtual event, Scott Stransky, managing director and head of the Cyber Risk Analytics Center at Marsh McLennan, outlined some of the key data that can help companies get a full view of their risk.

According to Stransky, there are five categories of data that are most important to determining your risk profile. Much of this data is in publicly available datasets that insurers already consult, so it is important that you have a handle on this information as well so you know how underwriters and other outsiders are viewing you:

  1. Firmographics: company demographics like revenue, employee count, industry, location, and company hierarchy
  2. Historical incidents: past breaches and insurance claims
  3. Technographics: a company’s external cybersecurity posture including the presence of firewalls, open ports, frequency of system patching, as well as internal cybersecurity practices like password management and data encryption
  4. Scoring: combines firmographics, historical incidents and technographics into a single number that designates the level of vulnerability
  5. Loss modeling: brings all elements together to predict the likelihood and cost of an event

Armed with this data, companies can take steps to make it easier to access optimal cyber insurance coverage and better insurance pricing. These could include improving your security and claims posture by addressing potential cybersecurity gaps, updating incident response plans, and identifying vendor partners to help improve security posture or respond to incidents. Companies can also explore policy structure options in terms of different program components (limits, attachment, coverage, risk retention, etc.

online pharmacy isofair with best prices today in the USA

) and consider alternative terms and conditions.
online pharmacy robaxin with best prices today in the USA

Finally, it is important to provide robust underwriting data by using assessment tools to minimize the need for supplemental applications, preparing for additional questions from underwriters, and highlighting significant cybersecurity updates and improvements over the past year.

In particular, companies should focus on what Stansky called the top 12 cybersecurity controls for risk mitigation, resilience and insurability:

  1. Multifactor authentication (MFA)
  2. Endpoint detection and response
  3. Secured, encrypted and tested backups
  4. Privileged access management
  5. Email filtering and web security
  6. Patch and vulnerability management
  7. Cyber incident response planning and testing
  8. Cybersecurity awareness training
  9. Hardening techniques, including remote desktop protocol mitigation
  10. Logging and monitoring/network protection
  11. End-of-life system replacement
  12. Vendor/digital supply chain risk management

For those that missed RIMS TechRisk/RiskTech, you can register and access the virtual event here. Sessions will be available on-demand for the next 60 days.

RIMS TechRisk/RiskTech: Opportunities and Risks of AI

Posted on by

On the first day of the RIMS virtual event TechRisk/RiskTech, author and UCLA professor Dr. Ramesh Srinivasan gave a keynote titled “The Opportunities and Downside Risks of Using AI,” touching on the key flashpoints of current technological advancement, and what they mean for risk management. He noted that as data storage has become far cheaper, and computation quicker, this has allowed risk assessment technology to improve. But with these improvements come serious risks.

Srinivasan provided an overview of where artificial intelligence and machine learning stand, and how companies use these technologies. AI is “already here,” he said, and numerous companies are using the technology, including corporate giants Uber and Airbnb, whose business models depend on AI. He also stressed that AI is not the threat portrayed in movies, and that these portrayals have led to a kind of “generalized AI anxiety,” a fear of robotic takeover or the end of humanity—not a realistic scenario.

However, the algorithms that support them and govern many users’ online activities could end up being something akin to the “pre-cogs” from Minority Report that predict future crimes because the algorithms are collecting so much personal information. Companies are using these algorithms to make decisions about users, sometimes based on data sets that are skewed to reflect the biases of the people who collected that data in the first place.

Often, technology companies will sell products with little transparency into the algorithms and data sets that the product is built around. In terms of avoiding products that use AI and machine learning that are built with implicit bias guiding those technologies, Srinivasan suggested A/B testing new products, using them on a trial or short-term basis, and using them on a small subset of users or data to see what effect they have.

When deciding which AI/machine learning technology their companies should use, Srinivasan recommended that risk professionals should specifically consider mapping out what technology their company is using and weigh the benefits against the potential risks, and also examining those risks thoroughly and what short- and long-term threats they pose to the organization.

Specific risks of AI (as companies currently use it) that risk professionals should consider include:

  • Economic risk in the form of the gig economy, which, while making business more efficient, also leaves workers with unsustainable income
  • Increased automation in the form of the internet of things, driverless vehicles, wearable tech, and other ways of replacing workers with machines, risk making labor obsolete.
  • Users do not get benefits from people and companies using and profiting off of their data.
  • New technologies also have immense environmental impact, including the amount of power that cryptocurrencies require and the health risks of electronic waste.
  • Issues like cyberwarfare, intellectual property theft and disinformation are all exacerbated as these technologies advance.
  • The bias inherent in AI/machine learning have real world impacts. For example, court sentencing often relies on biased predictive algorithms, as do policing, health care facilities (AI giving cancer treatment recommendations, for example) and business functions like hiring.

Despite these potential pitfalls, Srinivasan was optimistic, noting that risk professionals “can guide this digital world as much as it guides you,” and that “AI can serve us all.”

RIMS TechRisk/RiskTech continues today, with sessions including:

  • Emerging Risk: AI Bias
  • Connected & Protected
  • Tips for Navigating the Cyber Market
  • Taking on Rising Temps: Tools and Techniques to Manage Extreme Weather Risks for Workers
  • Using Telematics to Give a Total Risk Picture

You can register and access the virtual event here, and sessions will be available on-demand for the next 60 days.