Risk professionals should move to fill the understanding gap around disruptive technologies

By Canadian Underwriter | April 24, 2017 | Last updated on October 30, 2024
6 min read
|||
|||

PHILADELPHIA – Risk managers will need to take the lead in organizational efforts to address complex challenges and opportunities in an environment that increasingly features rapidly advancing disruptive technology risks, suggests a joint report from broker and risk advisor Marsh and RIMS, the risk management society.

The 14th annual Excellence in Risk Management report, Ready or Not, Disruption is Here, which explores how risk professionals are addressing the challenges of disruptive technology, was released Monday at the RIMS 2017 Annual Conference & Exhibition. The annual conference is taking place Apr. 23-26 in Philadelphia.

“We believe risk management professionals should be leading the way as companies adapt to technology innovation, with the understanding that those who fail to do so will be relegated to a support role,” cautions the report.

That said, “too many organizations don’t realize the pervasiveness of some technologies,” report authors point out.

Related: Forecasting emerging risks expected to get tougher: Marsh/RIMS report

Filling the understanding gap, though, will take effort. The report found “an apparent lack of awareness among risk professionals on existing and emerging technologies, including telematics, sensors, the Internet of Things (IoT), smart buildings and robotics, and their associated risks,” notes a joint statement from RIMS and Marsh.

Findings are based on more than 700 responses to an online survey and a series of focus groups with leading risk executives, carried out this past January and February.

Just shy of a quarter of the respondents reported their organizations do not currently use or plan to use any of 13 common disruptive technologies cited, including IoT and wearables.

The report characterizes this as “surprising,” given that “other studies have found more than 90% of companies either using or evaluating IoT technology or wearable technologies,” the statement notes.

In some cases, there is a clear divide between perception and reality. For example, while 52% of risk professionals said their organization does not use or plan to use IoT, some estimates are that 90% of companies will be using IoT technologies within two or more years.

Add to the aforementioned findings that six in 10 respondents noted they do not conduct risk assessments around disruptive technologies despite their potential impact on the business strategy, model and risk profile of the company.

“A primary responsibility for any risk executive is ensuring that new and emerging risks are being assessed,” the report states. While 55% of respondents reported no risk assessment is being done, “the feeling was higher among C-suite respondents (80%) than risk management professionals (51%).”

Beyond the lack of risk assessments, risk executives identified other challenges to managing disruptive technologies, including in relation to establishing effective cyber security (46% of respondents) and evaluating consequences to the organization (32%).

“Companies cannot afford to be surprised when technology fails or goes awry. Risk executives need to fortify their strategic role by understanding how technologies impact business models and the direction of entire industries,” report authors contend.

“Leadership in most organizations increasingly relies on risk management professionals’ insights,” the report states. “Today, that means that risk executives have both a responsibility and an opportunity to better educate themselves about technological innovations, which are reshaping their businesses and industries,” it adds.

“The pace of innovation globally has made risks more complex and interconnected. This leaves many executives struggling to understand how disruptive technologies affect their business strategies, models and operations,” the authors note.

Brian Elowe, report co-author and U.S. client executive leader for Marsh, says that “such lack of understanding and attention being paid to the risks is alarming.”

Pointing out that some disruptive technologies are already the norm for some doing business, “organizations cannot fully realize the rewards of using today’s innovative technology if the risks are not fully understood and managed,” Elowe continues.

Despite the current lack of understanding, though, that shortcoming affords risk professionals an important opportunity to fill the gap, thereby providing C-suite executives and Boards of Directors with a clearer few of looming risks.

“Organizations generally, and risk management professionals in particular, need to adopt a more proactive approach to educate themselves about disruptive technologies — what is already in use, what is on the horizon, and what are the risks and rewards,” the report argues.

“Forward-leaning executives are able to properly identify, assess and diagnose disruptive technology risks and their impact on business models and strategies,” it adds.

Asked about the main risk management challenges facing the respondent’s organization in relation to disruptive technologies, establishing effective cyber security topped the list at 46%. The balance of the list was as follows:

  • evaluating consequences to the organization (such as human capital, supply chain), 32%
  • evaluating consequences for external stakeholders (such as customers, shareholders), 27%
  • upgrading IT infrastructure, 27%;
  • developing appropriate metrics to evaluate, 21%;
  • evaluating insurance coverages for applicability (such as failure to perform data privacy, management liability, 20%;
  • keeping up with regulations, 16%;
  • understanding who in the company owns the risk, 16%;
  • determining appropriate risk sharing, 15%;
  • evaluating talent capabilities, 15%;
  • managing potential effects in contracts (such as technology vendors/customers), 15%;
  • understanding connectivity between risks, 15%;
  • making sure the board/leaders are aware of and driving the changes, 13%; and
  • managing physical risks, 8%.

“As organizations adapt to innovative technologies, risk professionals have the opportunity to lead the way in developing risk management capabilities and bringing insights to bear on business strategy decisions,” suggests Carol Fox, report co-author and vice president of strategic initiatives for RIMS.

“As a first step, risk professionals are advised to proactively educate themselves about disruptive technologies, including what is already in use at their organizations, what technologies may be on the horizon, and the respective risks and rewards of using such technology,” Fox advises.

But beyond enhancing understanding is the need for support from their organizations. Although “disruptive technologies can make or break a business,” the report states, respondents identified the top impediment to understanding these risks as “other areas have greater priority.”

While tools such as models, data and analytics can help prioritize, the report points out, “they require commitment from leadership to invest in them. And that want for investment is a symptom of the need to better align strategic thinking around the risks within organizations,” it notes.

“Improving organizational risk alignment should include investment in the resources that give risk executives the additional bandwidth to stay on top of the accelerated pace of new and emerging risks,” report authors emphasize.

Related: Organizational alignment can influence effectiveness of risk management strategy: Marsh/RIMS study

That may be aided by better ensuring risk committees do not continue to slip away.

The continuing drop in the number of companies with risk committees is a concern.

“The spread of disruptive technologies is only going to accelerate. And as organizations look for ways to manage the associated risks, we would make a case for strengthening connections and discussions across the organization through cross-functional risk committees,” the authors write.

Despite that, there is a decrease in organizations reporting they have these committees. “This year, only 48% of respondents said they have a cross-functional risk committee, a drop from 52% last year and 62% five years ago,” notes the report.

“Organizations should cultivate and foster risk committees as part of their operations,” report authors recommend.

“This can improve governance to bring about a better understanding of emerging risks, a core requirement of risk management according to business leaders,” they adds.

Report authors further recommend organizations make it a priority to re-evaluate their data and analytics usage. “Understanding how disruptive technologies can change risk profiles can provide a clearer view of the type of data needed.”

More coverage of the RIMS 2017 Annual Conference & Exhibition

Investments to fight cyber breaches must include technology, people and risk transfer: WTW cyber head

Damage to reputation/brand gets social, cyber jumps higher on risk list: Aon survey

RIMS supports charity in its fight against childhood cancer

Canadian Underwriter