Risk managers step up to new risks and new challenges
As the Covid-19 pandemic continues to grab the attention of companies, cyber risks have emerged as one of the biggest threats to many organisations, according to participants in this year’s Risk Frontiers Europe survey from Portugal and Spain.
To make matters more challenging for risk managers, cyber risks are gaining in intensity and frequency at a time when the insurance market seems less amenable than before to providing adequate transfer solutions for their clients.
“Cyber is generating daily losses. Hacker attacks take place every day. But the message from the market is that it will get much more complicated. Capacity will be reduced and covers will be restricted,” said Daniel San Millán, president of Spain’s risk management association Igrea. “Colleagues tell me that it is very hard to buy ransomware protection today. Cyber is the line that is the most likely to get worse next year.”
David González, chief insurance officer at construction group Sacyr, said cyber risks have become a fundamental issue for many, if not all, companies. “This is not only from the point of view of the insurance coverage, but also because the risks to which companies, industries and countries are exposed to are on the rise with the digitalisation of the economy. The pandemic was an accelerator of this process, the world has become less physical and more digital, and it is necessary to adopt measures to fight cybercrime,” he said.
And Mr González shares Mr San Millán’s concerns about the response of the insurance market to this growing threat.
“Three years ago, cyber insurance was sold at reasonable prices and with enough capacity. This year, the market has changed drastically. Insurance capacity has shrunk even more than for other products, and prices have shot up in a very abrupt way,” he said.
Jorge Neto, insurance manager at retail group Jeronimo Martins, warned that with this scenario in mind, companies have no alternative but to keep up with the evolution of cyber risks and invest in mitigation.
“Cyber is a difficult risk. When we are exposed to a property risk, we know that it can be a fire, a flood, a robbery. The trigger of the policy is well identified, and so are the mitigation strategies. It is, after all, a policy that has existed for more than 200 years. Cyber risks are much more recent and the market still does not have an accumulated loss experience that is significant,” he said.
“Also, the triggers are not that clear. There are many entry points that are not well known, or that are not well quantified yet. Companies must prepare themselves to mitigate cyber risks in a loop that we have to go over and over again, as it is a dynamic process and new triggers appear all the time,” he added.
Emerging risks
But cyber is not the only risk on the rise over the past couple of years.
“A risk that is much more relevant in 2021 than in previous years is the dramatic inflation of some prices of raw materials, and the scarcity of many of them,” said Lourdes Freiria, director of risks and insurance at Grupo San José. “It is a subject that affects the very essence of many businesses, threatening their profitability and, on occasions, even hampering their ability to keep production going, or making it impossible.”
Another growing risk is the impact of nat cat events, she noted. And underlying all those challenges is the neverending pandemic. Hopes that it could be coming to a close were boosted by the progress of vaccination in the US and Europe but have lately been dampened by the appearance of new variants and the reluctance of many people to take their shots. The pandemic has delivered several lessons to risk managers and will carry on doing so.
On the insurance side, for instance, it has become clear that extraordinary measures are needed to deal with this kind of catastrophe.
“The pandemic has taught us that the market is not ready to provide coverage against systemic risks. Either states, in partnership with the insurance sector, take the reins to make sure that covers against systemic risks are available in the future, or there will be no transferring them. Political action is required,” Mr San Millán said.
“The main lesson of the pandemic is that something like this can happen again in the future. And it is unlikely that it will take as long to happen again as it took for a global pandemic to take place after 1918,” Mr Campilho added. “In my opinion, if anything, pandemics will be more frequent than before. The challenge is to make sure that, once this pandemic is over, we will have some kind of insurance coverage to deal with this kind of situation. Maybe by using parametric insurance technology, for example,” he continued.
Risk managers to the fore
The pandemic has also illustrated how important risk management is for companies, Mr Neto said. In his view, risk management has gained relevance and this trend will continue over the near term.
“The pandemic is not a risk linked to financial cycles. It has shown that some risks that are very improbable can happen when we least expect. They come around virtually overnight, and risk management is the department that can help the company face a crisis and recover from it. Companies need to have the capacity to reinvent themselves very quickly and devise answers to new situations. Only organisations that can come up with such answers, and are resilient, have the ability to survive this kind of situation,” he said.
Ms Freiria remarked that companies have increasingly drawn on the expertise and experience that risk managers have in dealing with tough situations and making difficult decisions. In that sense, their role has expanded.
“In my particular case, I have been able to be a member of the crisis committee created to face the pandemic, and it has helped me to take a global and direct view of everything that was going on. It has also allowed me to actively participate in the process of making decisions that were important for the workings of our organisation in such complex times,” she said.
“The world has changed radically, and the work of risk managers has been very good,” Mr San Millán remarked. “We have been called more often to lead prevention and mitigation, as well as risk transfer when possible. The pandemic has lifted risk managers back into an important position in our companies.”