Tag Archives: Emerging Risks

Immediate Vault Immediate Access

4 Steps to Help Organizations Embrace Risk from Emerging Technology

Posted on by

As companies continue to navigate the changing work environment brought on by the pandemic, it has become clear that business leaders will need to get comfortable revising and adapting their strategies to deal with disruption brought on from new technologies and new regulation. As risk management professionals, these rapid changes have made our job more important than ever to our organizations.

online pharmacy sildalis with best prices today in the USA

Yet the majority of our organizations—particularly in C-suites—remain far from giving risk management experts the seat at the table they need to effectively safeguard against enterprise threats, digital or otherwise.

Data from PwC’s Global Risk Survey 2022 shows that executives are starting to recognize these risks: 79% of executives report that they view the breakneck speed of digital transformation as a significant risk management challenge. Moreover, this renewed focus is translating into increased funding, as 65% of organizations are increasing their spending on risk management technology and 56% said they planned to invest in risk culture and behavioral risk in 2022.

online pharmacy mobic with best prices today in the USA

Unfortunately, the survey also found that too many organizations are treating the risk function as an add-on or incorporating risk leaders into strategic conversations too late. Only 39% of business leaders reported adding risk professionals to decision-making processes early, which should be an essential step for executives seeking to minimize risk from the outset. On a broader scale, executives seemed to lack confidence in risk managers, with only 47% of respondents saying they feel “very confident” in their risk function’s ability to build a more risk-aware culture, a key element of any successful risk-focused company.

Particularly as companies invest in emerging technologies, business leaders need to listen more to their risk and compliance functions and integrate them into conversations about how those technologies will be implemented. Artificial intelligence is a great example: when companies rush to implement systems to accelerate efficiency and analyze trends, they risk creating disproportionate bias and violating personal privacy through data sourcing. Risk professionals need to be at the table from beginning to end to make sure that an evolving regulatory environment and other pitfalls are fully accounted for in the organization’s implementation process.

While investment in risk management technology is helpful, it is insufficient without making structural changes to the organization to prioritize the risk function company-wide. Particularly as companies consider adopting emerging technologies, the following steps should be considered not just by risk management professionals, but across the C-suite:

  1. Identify, categorize, and prioritize technology risks across the company. This should be done on a regular basis by a dedicated risk management team, married with the best tools available, with findings routinely reported back to senior leaders. Companies are on the right track here: 65% plan to increase their technology spend this year across data analytics and process automation to support detection and monitoring of risks. This initial step will lay the framework for the establishment of cyber threat intelligence, systems monitoring, and incident response protocols.
  2. Adapt IT governance to the emerging technologies being adopted. Risk professionals should work with IT teams and company leadership to create governance structures that integrate seamlessly with corporate strategy, allowing for alignment of day-to-day operations, effective decision-making, a framework for best practices, and promotion of investments that enhance business objectives.
  3. Update leadership often on the emerging tech regulatory landscape. Whether across data privacy rules, cyber reporting requirements, or other complex technology challenges, a robust compliance program should keep leaders across the company updated as new technologies are implemented. Otherwise, companies risk run-ins with legal authorities and the erosion of trust from their clients and customers.
    online pharmacy cymbalta with best prices today in the USA

  4. Set expectations with leadership that not all risks are one and the same. Understanding the context around each piece of technology will become imperative to understanding its specific risks and the appropriate response strategy, including the maturity and complexity of the business processes to determine true risk to the company. Inherent in this case-by-case evaluation is an understanding of the company’s risk appetite and criteria for acceptable level of risk.

When adopted purposefully, emerging technologies can make companies more efficient, more profitable, and better stewards for their employees, clients and communities. Risk is often unavoidable for early adopters of emerging technologies, but it can be mitigated if C-suites equip their risk functions with a holistic strategy and a voice in key business decisions. As C-suites and organizations seek to adapt to a changing world, their success will hinge on the extent to which risk management is incorporated into their strategies.

3 Things Every Organization Should Do to Protect Against Cybercriminals

Posted on by

Cybersecurity should be a top priority for organizations today, especially as employees continue to work remotely without business-grade protections. In the age of COVID-19, businesses are more vulnerable than ever. Whether it is phishing scams or malware, hackers are constantly finding new ways to attack businesses. In fact, in March 2020 alone, scams increased by 400%, and have continued to increase since then.

It is vital that employers protect their organizations and employees from cyberattacks, especially now. As new scams develop, businesses must create new ways to stave off hackers. Many steps can be taken to implement—and enforce—security measures as part of daily procedures for employees. By focusing on just three strategies, organizations can help better protect themselves from phishing scams and other cyberattacks.

1. Create a Comprehensive Plan

As organizations transitioned to remote work, employers had to make foundational shifts to adapt. The same is true for security threats. Cybersecurity measures need to become part of everyday routines and tasks. This means creating a plan to protect all assets and boost security in business processes.

Each organization’s security strategy also needs to align with its specific business risks. Performing risk assessments will allow employers to determine where they need to invest in cybersecurity. It is important to identify key digital assets within networks and personal devices so that employers can determine how to best protect them.

Once an organization’s risks are assessed, it can create a plan to suit these needs. For example, a cybersecurity strategy may include secure remote access or virtual private networks (VPNs), especially for virtual workers, to protect devices from threats posed by public internet connections. Other strategies include implementing multi-factor authentication, assigning access permissions to employees and maintaining regular backups.

2. Prioritize Investments in Cybersecurity

Protecting an organization requires the proper tools. A trustworthy security framework is a vital aspect of managing risks. For many remote or hybrid workplaces, areas like cloud and or software as a service (SaaS) security are top of mind. To manage and protect these environments, organizations should shift to software-defined networking (SDN) with secure access and/or secure service edge capabilities.  

Firewalls are also an important aspect of security, as they place a barrier between trusted internal networks and the outside world. Maintaining end-to-end security has become even more difficult in the age of remote work.

Investing in threat-monitoring and endpoint protection tools can also help. While there is no silver bullet to combat the myriad threats, layering cybersecurity methods helps create “defense in depth,” better positioning the organization to face whatever specific cyberrisks may be exploited next.

3. Take the Time to Train Employees

Strategy and security are futile without proper training. Organizations must commit to continuously training employees so that they are not only aware of what cyberattacks to watch for, but what to do if they notice something. This means ensuring that employees are comfortable reporting scams. By starting training during onboarding and conducting it regularly as scams evolve or emerge, workers can shift from liabilities to assets.

Cybersecurity training ranges from phishing testing to password and device management. Employers must teach workers to update their systems, be cautious with external devices like flash drives, and practice physical device security.

Reaction is just as important as prevention. Organizations should have a plan for employees if they fall victim to a scam or notice something unusual so IT or information security professionals can solve the issue as quickly as possible and mitigate the damage.

Ignoring cybersecurity is a huge risk, as cyberattacks can have serious consequences for businesses and their customers, suppliers and partners alike. It is critical to develop a strong cybersecurity strategy and invest in resources and training. Security is continuing to increase in importance as remote work remains and threats rise. By understanding the issues, challenges and potential threats of a cyberattack, organizations can determine what steps and precautions can be taken to decrease the likelihood of a cyberattack in the future.

After COVID, Cyberrisks Top Agenda for Risk Professionals in India, Marsh and RIMS Report

Posted on by

For risk professionals in India, the COVID-19 pandemic has underscored the critical need to build business resilience and develop mature yet flexible business continuity plans to address both short- and long-term threats. In the new Marsh and RIMS report Excellence in Risk Management India 2020, Spotlight on Resilience: Risk Management During COVID-19, 63% of risk professionals in India said a new pandemic or continued fallout from COVID-19 was a top risk facing their organization, followed by cyberattacks (56%), data fraud or theft (36%), failure of critical infrastructure (33%), fiscal crises (31%), and extreme weather events (25%).

This mix of top risks illustrates the critical task before risk professionals heading into 2021: ensuring capability and procedures to respond to fast-emerging disasters, while not losing sight of the critical work to boost baseline resilience against foreseeable risks across the enterprise.

“Organizations need to balance their focus between longstanding and emerging risks,” said Sanjay Kedia, country head and CEO of Marsh India. “While there has long been an awareness of weather-related risks, low-frequency risks generally receive less attention. The pandemic has underlined the need for risk managers to keep all perils on their radar.”

Indeed, Marsh and RIMS found risk assessment and modeling are critical gaps for India-based risk professionals to focus on to mature their risk management programs. “As businesses recover from COVID-19, many senior leaders are shifting attention to questions of resilience.

buy nizoral online greendalept.com/wp-content/uploads/2023/10/nizoral.html no prescription pharmacy

But, as our survey shows, the use of advanced risk management techniques in India remains limited—for example, more than one-fifth of respondents do not assess or model emerging risks,” the report noted.

This is particularly the case with emerging cyberrisks. Cyberattacks and data loss or theft ranked among the top three threats, and the pandemic escalated the already rising number of cyberthreats to companies in India with the shift to remote work, online business, and ransomware attacks. Indeed, the report noted that the pandemic led to a surge in cyberattacks against Indian companies, with New Delhi among the top 10 most often attacked cities with regard to ransomware in 2020, and more than a third of Indian respondents to a June survey by Microsoft reporting they had fallen prey to a pandemic-related phishing email. Yet only a third of respondents to the Marsh/RIMS report said they model potential cyber loss scenarios, and only 26% plan to do so in the next year. Key cyberrisk management measures and the rate of implementation among Indian companies include:

Whether it is phishing attacks on employees or internet outages interrupting operations in the supply chain, the report notes that the next major event for Indian companies could well be a cyberattack. Focusing on building cyber resilience was one of the report’s four key recommendations, noting “organizations should shift their focus from solely trying to prevent an attack to accepting the inevitability of a cyber event and taking action to mitigate its effect.”

The report’s other top recommendations for risk professionals in India were:

  • Regularly review existing business continuity plans – “Companies should carefully review and refine their business continuity plans. They should ensure their plans enable them to respond effectively to threats that bring short-term pain and long-term and widespread challenges, as is the case with COVID-19.”
  • Embrace the changing working environment – “Lockdowns intended to stem the spread of COVID-19 required many companies to quickly move to remote working, change their business models, and implement new safety measures upon return to the workplace. Other perils, like a natural disaster, could necessitate and precipitate such shifts, even if shorter in duration. Businesses should invest in structures that allow employees to work remotely effectively, efficiently, and safely and should educate employees on new ways of working under changing circumstances.”
  • Remap and remodel your supply chain – “The COVID-19 pandemic emphasizes the need to re-examine supply chains regularly, with special focus on understanding the resilience and reliance of vendors. Companies would benefit from understanding their vendors’ ecosystems; both to provide a clearer view of how they could be affected by different risks and to review contracts to better understand liabilities.
    buy inderal online greendalept.com/wp-content/uploads/2023/10/inderal.html no prescription pharmacy

Moving forward, there is considerable room for risk professionals to be more involved in scenario analysis and strategy

In December, RIMS introduced additional resources specifically for risk professionals in India looking to elevate their risk practice. The report was released around the recent RIMS Virtual Risk Forum India 2020, which brought together hundreds of risk and insurance professionals from across India and around the world. Soon thereafter, the risk management society also announced the official formation of a RIMS India Chapter.

“The exchange of knowledge and experience drives the risk management profession, allowing practitioners to more effectively enhance corporate decision-making, strengthen resiliency and leverage new and exciting opportunities for their organizations,” said Roop Kumar, chief of risk at SBI Life and inaugural president of the India chapter’s board of directors. “RIMS India Chapter will quickly become an exceptional resource for all business leaders. We look forward to delivering cutting-edge risk management insight to support our members as they advance their programs and their careers.”

Other members of the inaugural board of the India chapter include: Keerthana Mainkar, head ERM at Infosys; Amol Padhye, head of market risk at HDFC Bank; Amber Gupta, head legal and corporate secretary at Birla Sunlife Insurance; Anand Shirur, CEO of Digitangle Consulting PVT, Ltd; Steward Doss, associate professor at National Insurance Academy; Monika Mittal, professor at BIMTECH; Shibyanshu Sharma, vice president of risk management at SBI Life; and Yogesh Ghorpade, head of ERM and insurance lead at Thermax Industries.

“RIMS India’s Board of Directors truly represent a cross-section of the country’s risk management community,” said Gopal Krishnan K S, head of RIMS India Operations. “The Society looks forward to learning from their unique experiences and welcoming others to contribute so that, together, we can develop the highest standard of risk management education to address corporate India’s biggest concerns.

buy cozaar online greendalept.com/wp-content/uploads/2023/10/cozaar.html no prescription pharmacy

FAA Announces Drone Testing Partnerships Beyond Current Regulations

Posted on by

Drone regulations FAA

Yesterday, the Federal Aviation Administration announced three partnerships with companies to expand the operation of unmanned aerial vehicles (UAVs) in an initiative the agency is calling the Pathfinder program.

U.S.-based drone maker PrecisionHawk will be exploring the possibilities of flights over agriculture while testing tracking and a system for drones and planes to remain aware of each other in flight to avoid collisions. CNN will be testing the use of drones for newsgathering in urban areas where drones will remain in the line of sight of operators. BNSF Railroad, owned by Warren Buffet’s Berkshire Hathaway, received permission to test drone operations outside of the operator’s visual line of sight. The company will “explore command-and-control challenges of using UAS to inspect rail system infrastructure,” the FAA reported.

“Government has some of the best and brightest minds in aviation, but we can’t operate in a vacuum,” said U.S. Transportation Secretary Anthony Foxx. “This is a big job, and we’ll get to our goal of safe, widespread UAS integration more quickly by leveraging the resources and expertise of the industry.”

To that end, Pathfinder will allow these corporate entities to research operations that push the boundaries of the recent draft rules released regarding small unmanned aircraft, namely by operating both within and without the visual line of sight requirements currently mandated by the FAA.

“Even as we pursue our current rulemaking effort for small unmanned aircraft, we must continue to actively look for future ways to expand non-recreational UAS uses,” said FAA Administrator Michael Huerta, who announced the initiative at a conference held Wednesday by the Association for Unmanned Vehicle Systems International. “This new initiative involving three leading U.S. companies will help us anticipate and address the needs of the evolving UAS industry.”

This effort is also the first step in realizing some companies’ grander aspirations for drone use, such as the package delivery applications being pursued by Amazon. That being said, the information gathered by these companies will merely provide data to inform future FAA regulations, which are still pending and may only approve broader operations in a few years. Other companies looking into similar applications that are beyond the scope of current draft regulations would still need to apply for and receive a Section 333 exemption from the FAA. While about 300 of these requests have been granted, the agency has received repeated criticism for an exceptionally slow and sometimes mystifying review process.

“The impact of the Pathfinder Program could be profound for several reasons — perhaps most importantly, it shows the FAA is serious about moving quickly to safely and practically integrate commercial drone use in the U.S.,” said Anthony Mormino, senior legal counsel at Swiss Re. “Allowing drone flights beyond the sight of a drone operator is considered the key to unlocking the true potential of commercial drone use.  This collaboration could impact the future rules promulgated by the FAA regarding the line of sight requirement for commercial drones.”

Such developments could also significantly impact insurers. As discussed in “Drones Take Flight,” the April cover story of Risk Management magazine, one of the most promising near-future applications for UAVs could be in the insurance industry in the wake of natural catastrophes or other major claim events. “Reducing or eliminating the visual line of sight limitation on commercial drone use will allow insurance companies to employ UAVs to their fullest extent in insurance underwriting and claims management,” Mormino said. “Consider that the FAA has already granted a number of insurance companies permission to test and use UAVs for insurance inspection purposes. These companies include AIG, State Farm, Erie Insurance Group, and USAA.

buy pepcid online www.gcbhllc.org/scripts/html/pepcid.html no prescription pharmacy

They plan to use UAVs, for example, to more quickly process insurance claims after natural disasters by allowing them to inspect damage —especially in remote locations—in real time.

buy zestril online www.gcbhllc.org/scripts/html/zestril.html no prescription pharmacy

Insurers also plan to use UAVs to obtain imagery and data for use in underwriting, such as roof inspections. Until the FAA mitigates the visual line of sight limitation, however, the foregoing insurance uses for UAVs will remain drastically limited. Success for the FAA’s new Pathfinder program would open the door to potentially even larger scale use of UAVs by insurance companies.”

The implications for insurers also extend to the products and pricing offered. “First, the current dearth of UAS loss data makes it difficult for insurance companies to properly price insurance policies covering drone use,” said Carol Kreiling, senior claim manager at Swiss Re. “It is therefore no surprise that only a handful of insurers actually issue stand alone drone insurance coverage, such as Zurich Insurance in Canada, and Tokio Marine in the Lloyd’s of London market. An increase in commercial use of drones in the US could provide a steady flow of data that would allow more insurers to price and issue coverage for use of UAS. On the other hand, if the Pathfinder program’s goals are fulfilled—to find ways to safely use UAVs outside a pilot’s visual line of sight—increased remote use of drones could raise risk profiles for insurance coverage.

buy tobrex online www.gcbhllc.org/scripts/html/tobrex.html no prescription pharmacy

At the conference, Huerta also announced a new smartphone app called B4UFLY, designed to help model aircraft and UAS users know if it is safe and legal to fly in their current or planned location by pairing geolocations with the relevant restrictions and requirements.

For more about drones, UAV regulations, and the potential impact these machines may have on the insurance industry, check out “Drones Take Flight,” the April cover story of Risk Management magazine.