Addressing cyber-risk is too critical a task to leave to IT departments on their own, and companies should set up dedicated teams for this challenge, the Airmic fastTrack conference at the Willis Towers Watson building heard.
Nic Reys, head of cyber-threat intelligence at Control Risks, told the event that exposure was increasing on a day-to-day basis. 2017 had seen large-scale disruption through cyber-attacks, creating supply chain issues on a global scale. An attack had cost one corporation alone $300 million in remediation work.
He predicted the problems would accelerate as the ability to cause disruption trickles down from nation states to other groups such as criminals and activists, who would have no qualms about causing maximum damage to organisations.
Meanwhile, the cyber-threat had led to an increased burden of regulation, of which GDPR is one high-profile example.
Reys said cyber should be treated like other types of risk with contingency plans in place to respond rapidly to events. The responses should we well-rehearsed, he said, warning that disruption has become the "new normal".
The challenges of addressing cyber-insurance
Cyber has now overtaken natural catastrophe as a corporate concern, Jamie Bouloux CEO at EmerginRisk and Lloyd's coverholder told fastTrack delegates. Intangible assets are often the most valuable. Yet, according to figures from Aon, only 11% of cyber-risks are covered by insurance compared to 98% of tangible property.
This reflects the fact that exposures are potentially huge and difficult to quantify and therefore to price. He cited the examples of hotel chains and airlines that outsource their booking processes, which would be thrown into confusion in the event of a successful cyber-attack. He admitted that he does not envy risk managers given the task of addressing such exposures.
The challenge for insurers is to assess and express cyber-losses in the same way as physical ones and to be able, for example, to define proof of loss. An important part of the underwriting process is to assess a company's risk management, including business recovery plans.
He said the risk landscape is changing all the time. Faced with a "huge evolution of connected risk", organisations cannot afford to be stationery.
Emotional intelligence "the prime driver of success"
Ebony-Jewel Rainford-Brent, a member of the team that won the women's cricket world cup last year, gave an inspirational talk about how she had overcome injury and other adversity in her life. Now a TV broadcaster and the first female board member at Surrey County Cricket Club, she cited emotional intelligence as the main factor in any successful career. Technical skills may be essential, she said, but are not enough on their own.
Julia Graham outlines career road map
Opening the Forum, Airmic deputy CEO Julia Graham said that fastTrack was an important element of the career progression map being developed by Airmic. As it is mainly for people new to risk management, it leads naturally into the intermediate stage with the most senior practitioners taking part in the Leadership Advisory Board. She said the association would soon be unveiling Business Excellence training for the middle tier - "a dedicated programme specifically aimed at building business acumen".
Here are a few more photos from the day
Joe Tunstall, fastTrack chair opened the Forum with Airmic's Julia Graham
Nicolas Reys in the digital future opening keynote
Delegates had the chance to network with like-minded professionals and peers
Dr Santi Furnari, PhD, Cass Business School presenting the 'turning soft skills into core skills' workshop
Katie Moore, Vodafone and Danny Wong, Barnett Waddingham led delegates through the scenario analysis workshop
Reade Kiefer and her colleagues, PwC, led the crisis management workshop