This session at the RIMS 2017 Annual Conference and Exhibition explored the 2017 findings of the joint Marsh/RIMS annual study titled Ready or Not, Disruption is Here.
- Brian Elowe, Managing Director, Global Risk Management, Marsh
- Laura Langone, Senior Director, Risk & Insurance, PayPal, Inc.
- Carol Fox, Vice President Strategic Initiatives, RIMS
Technology is rapidly reshaping businesses and industries. This year’s report is a result of focus groups with risk executives in a variety of industries to understand how the risk of disruptive technologies are being addressed. Some key findings included:
1. A disturbing percentage of risk managers are unaware of disruptive technology prevalence.
52% said their organization doesn’t plan to use the Internet of Things (IoT), however, in reality, 90% of companies will be using the IoT within two or more years. 25% said that their organization uses or plans to use wearables when, in actuality, 93% of companies are evaluating the use of wearable technologies.
Panelists believe that these statistics illustrate a gap in understanding. Are these risk management professionals focused on current rather than emerging risks or are they simply unaware of their company’s plans? Risk executives cannot afford to be surprised with technology fails. They need to fortify their strategic role by understanding how technologies impact business models and the company as a whole.
2. More than half of organizations have not conducted risk assessments for disruptive technologies.
55% reported that they have not conducted a risk assessment to more deeply understand the risk associated. There was also a large awareness gap between risk managers (51%) and c-suite professionals (80%).
A primary responsibility for any risk executive is ensuring that new and emerging risks are being assessed. This should be a priority in any organization. These results indicate that risk management professionals may not have the support for a more-holistic approach across their organization.
3. Establishing effective cybersecurity topped the list for a main risk management challenge from nearly all industries.
46% cited cybersecurity as their largest challenge in relation to disruptive technologies, with healthcare (65%), real estate (64%) and education (57%) expressing the most concern. 77% said that cyber risk was a great concern, however, only 36% of those companies believe they are adequately protected.
This is slightly alarming because cybersecurity does not encompass all disruptive technologies and may obscure other concerns that organizations should have. They should not limit their concerns to only cyber risk.
4. The use of risk committees is dangerously declining.
Over half surveyed (52%) said that their organization does not have a cross-functional risk committee (but 41% think they should have one).
This continued drop should be addressed. Risk committees are essential to improve governance and to bring about a better understanding of emerging risks.
5. Risk professionals and the c-suite generally share priorities for developing risk management, although their ranking varies slightly.
Top areas of focus include improving the use of data and analytics, formalizing risk management training across the organization, upgrading risk management technology and integrating risk management into strategic planning.
It is promising that data and analytics were identified as important. Developing a consistent approach to applying data and analytics will make it easier to alert stakeholders to the pace in which technology could be disrupting the organization.