The three greatest challenges facing risk managers today

Risk managers have been told they face an ever more complex and challenging risk environment and as such they need to get a far better understanding of the risks, the threats and how those threats are evolving.

Beth Thurston, CEO risk management UK at Marsh told StrategicRISK that the broker is increasingly engaging with risk managers who are being challenged to address three core risks.

She explains. “The first is around cyber and artificial intelligence (AI) risks, the second is around the total cost of risk, and the third is the ongoing concerns around the supply chain.”

Thurston adds that the concerns around technology are broad and nuanced but reman a major issue for risk managers in businesses of all sizes.

“The sheer speed of change when it comes to technology is concerning risk managers, both its use within the business, and the broader impacts,” she says.

“Businesses can see the benefits of what AI can deliver but it comes with challenges and [the question is] is how those challenges can be managed in what is a fast paced environment. Areas such as data privacy, and the management of internal processes are becoming significant concerns as are the questions as to the risks that can or should be transferred.

“From the cyber perspective there are ongoing conversations with risk managers and clients, both those who have already insured the risks and those who have not, around whether they understand the risks to their business and whether they adequately transferred those risks off the balance sheet.”

She adds that risk managers are faced with questions around cyber threats including employee training and management, contingency plans and how long the business can survive without access to its technology systems.

“It has left risk managers questioning whether they are buying the right cover and the right limits,” Thurston adds. “It has made people think around the impact given the increasing dependence on technology.”

The cost challenge

Thurston says that the cost of cover and bvolatility in pricing is taxing many risk managers.

“There are a number of factors, the macro-economic environment, inflation and high interests rates which have impacted balance sheets at a time when the insurance market has been in the hard part of the pricing cycle and the effects of the Covid pandemic are still being felt.

“It has resulted in businesses having to navigate a challenging environment when it comes to cost management. There is a question over how to balance cover against cost of risk transfer and on what basis should that risk transfer be carried out.

“Risk managers want to be able to better articulate to stakeholders on the risks and they steps they are taking to manage those risks”

“Thankfully we are seeing premiums starting to reduce for the first time in three years but it differs among classes. Property rates are reducing by around 2% with cyber cover reducing by around 7%.”

However, Thurston said risk managers are keen to see the volatility removed from pricing.

“Risk managers want to be able to better articulate to stakeholders on the risks and they steps they are taking to manage those risks. They are not keen to see rate rise significantly one year and then return the following year to report that there have been significant falls in the cost of cover.”

Some risk managers are investing the premiums saved at renewal into broader cover, new areas of cover or higher limits. Others are choosing to return the additional funds back into the company.

Challenges on the horizon

Thurston’s final big challenge for risks managers is increasing concern around supply chain, which she says form part of almost every conversation.

“The concerns we see from risk managers are driven by geopolitical risks with Ukraine, the Middle East and the broader global environmental, humanitarian and industrial challenges,” she adds. “Clients are seeking to understand what major disruption would look like.

“Risk managers are approaching this from the point of view of how they can manage their exposures, but to do so they need to understand them.They need to be confident that they understand the end-to-end supply chain, where the potential challenges are, and their nature.

“Risk managers must look at whether there is an overreliance on a single supplier or a single region for a key component of their business and its success. Risks can include goods passing through territories which are the subject to sanctions or products being made in nations that have a poor record for workers’ rights.

“Risk managers need to have in place systems which allow them to analyse these risks in detail, to understand the challenges they pose currently and identify future trends.”

“Risk mangers’ understanding also needs to go beyond the first tier of the supply chain.”

Thurston adds that the constant theme which is running through the discussions with risk managers remains the need for understanding and clarity at a time when there is only complexity.

“The supply chain concerns are similar to those around cyber, in as much as risk managers now have significantly more complexity at a time when they are being forced to deal with these risks and define how best to manage the exposures in an ever shorter period.

“The other issue is how risk managers can explain the current complexities to the stakeholders… They need to have in place systems which allow them to analyse these risks in detail, to understand the challenges they pose currently and identify future trends.

“There are tools that can support risk managers in their efforts to identify theses challanges but to manage risks we need to fully understand them.”