In this era of social media and easy proliferation of information over digital platforms, it is possible for corporations to make or break their reputation in a day. A single incident of cyber attack can cause severe financial as well as reputational damage to a corporation, the full extent of which is often beyond the corporation’s immediate visibility. Adding to this, the increasing complexity of risk that a corporation faces in its operations today makes it very important for firms to have the right approach to risk management or else render themselves vulnerable to new-age hazards.
The risk terrain is evolving rapidly. A host of drivers, such as technological advances, external market forces, and changing business ecosystems are transforming the environment in which corporations operate. As corporations increasingly store and process information in digital formats, the risk of cyber attacks is something that firms have to confront more frequently. New technologies such as connected and smart devices, while tremendously useful and important, also add gateways to data theft and customer information privacy breaches. In addition to new technologies, risks faced by a firm are exacerbated by rapidly changing business ecosystems and macro-environmental forces. Globalization and value chain fragmentation are trends that are exposing organizations to a greater scope and diversity of risk as they expand their operational footprint and collaborate with more external stakeholders. Rapidly changing macro-environmental forces such as colliding markets, environments, geo-politics, regulatory and economic factors, and rising terrorism, also threaten corporate operations and financial stability. All these factors call for a more strategic and forward-looking approach to risk management.
Are corporations prepared to manage this rapidly evolving risk environment? Some of the challenges faced by them in implementing their risk management strategy are adapting to the speed of change in risk, adapting to latest market developments and tools in risk management, and constraints on internal capacity and design. A key metric that can help us understand an organization’s investment in risk management is the Total Cost of Risk (TCOR) that measures the amount spent by a corporation on risk management. As per the 2016 RIMS Benchmark Survey, TCOR declined by 2% in 2015 as compared with 2014; and it was found to be at $10.55 spent on risk per $1,000 of revenue. Also, despite more than 90% of 450 respondents in an Advisen survey in 2015 saying that cyber risks are at least a moderate threat to their organization, the TCOR for cyber risk was found to be $0.38 per $1,000 of revenue in the 2016 Benchmark Survey. A decreasing TCOR, in an increasingly complex risk and regulatory environment that tomorrow brings, signals a glaring need for corporations to renew their focus on planning the right investment and approach in risk management.
In a rapidly-evolving risk terrain, a corporation’s risk and insurance management efforts should be considered far more than operational activity. In order to effectively safeguard the corporation, it is critical that risk and insurance management be supported at the executive level as a strategic effort that merits ongoing investment. Risk-and insurance-management leaders should be able to provide critical thinking about constantly-evolving risks. Unfortunately, within so many companies, the complexity and administrative aspects of day-to-day risk management operations limit the time for strategic thinking. It is, thus, crucial for corporations to design an optimized risk and insurance management strategy that empowers risk and insurance management executives to focus on the strategic aspects.
In order to deploy an optimized risk and insurance management strategy, corporations can follow a three-step approach:
- Step away from trying to fit past operating models and budgets, into the corporation’s current and future strategic framework — Consider the future risk landscape while developing tomorrow’s risk and insurance management strategies and models.
- Prioritize critical tasks that require dedicated manager’s time — This is important to enable executives to balance their tasks with the demands from the C-Suite, regulators, and investors.
- Recognize which internal operations pose a gate to strategic tasks — Segregate necessary, but focus-diluting day-to-day operations. Such activities can be outsourced to specialized professional services firms.
One of the main benefits of outsourcing all of the internal risk and insurance administrative duties to professional services specialists is the ability to follow a variable resource approach so as to provide the right amount of service as required at any particular time. Also, through their expertise, professional services corporations can establish enterprise-wide standard processes that improve accuracy and operational efficiency. They can tap the latest risk management tools and technologies to stay ahead of the rapidly evolving risk terrain. Professional services firms specializing in data and analytics are especially beneficial in the areas of emerging risk identification, claims fraud detection, claims litigation, and drawing high-level risk-trend insights.
Risk and insurance management has never been easy. And in today’s complex risk environment, finding the right approach and partner to optimize risk management will be the key to tomorrow’s success for corporations.
This blog is based on the Capgemini whitepaper 'Optimizing Risk and Insurance Management for Tomorrow’s Challenges'.
 “2016 RISK AND INSURANCE MANAGEMENT Benchmark Survey”. Advisen Website, April, 2016. Accessed March 2017. http://www.advisenltd.com/wp-content/uploads/2016/03/RISK AND INSURANCE MANAGEMENT -Book-Summary-Report-2016-04-06.pdf