- Corporate Security
- Governance, Risk and Compliance
- Information Security
Governance, Risk and Compliance
By Resolver Modified May 23, 2019
The RIMS 2019 Annual Conference, the largest risk event of the year, took place in Boston from April 28th to May 1. During the event, we presented a debate on the risks versus the rewards for organizations regarding the implementation of new technology. This is the second installment in this debate series. Previously, we debated the risks and rewards of technological innovations.
On Team Reward was Sou Ford, the Senior VP for Willis Tower Watson. Sou got her start in 1991 with an opportunity to join the training program at Aetna Bond. From there, she went to Marsh as a broker and then to Reliance National as an underwriter for E&O. After a transfer to Atlanta in 2003, she joined Willis Tower Watson in 2010 and joined the cybersecurity team in 2016.
On Team Risk was Mark Plumer, Partner at Pillsbury Winthrop Shaw Pittman LLP. Mark has been practicing law for over 30 years and has always acted on behalf of policyholders. He represents clients through various kinds of insurance-related matters, from the very beginning stages of selecting an insurance policy, all the way up through contentious claims. He holds several accolades and has negotiated dozens of settlements of complex claims outside of litigation, with some valued in the billions.
Both panelists were asked to take stances on Team Reward and Team Risk for the purpose of this debate. Their responses to the following statements do not reflect their actual opinions or the opinions of the organizations that they work for.
Team Reward: Companies either need to innovate or die. Risk management is there so that you can continue to innovate, thrive, and grow. You can’t let insurance or cyber risks dictate your company’s actions. You need to do what you need to do and the risk manager is will deal with the ramifications and find ways to transfer any risks.
Team Risk: Both the benefits and the concerns should be of equal importance. One isn’t more important than the other. Although many say you have to innovate or die, it’s just as possible to innovate and die. If you don’t manage your risks well, you can wind up in serious trouble. Without considering the risks, you might end up like Theranos. A risk assessment is needed with the roll-out of each new technology.
Team Reward: The risk manager should be involved, but he or she shouldn’t be a hurdle or obstacle. Your risk manager should think of the new technology from a risk management perspective. Their job is to help you to understand exactly what the risks are so that you know what you’re getting into. And, while new technology may come with a risk, the greater risk actually comes from the people using that technology. 2/3rds of the issues are people initiated, whether they be due to negligence, bad employees, or other human error.
Team Risk: The risk manager isn’t supposed to be an expert in the new technology. He or she is, however, an expert in managing potential risks. Because of this, it’s important for the risk manager to be involved from the very beginning. You need to build teams when innovating new products. Those teams need to include relevant stakeholders, which includes the risk manager. Risk management is all about communication, understanding the risks, and whether or not you can accept them or should try to transfer them.
Team Reward: Cyber insurance won’t help you to mitigate losses. It can, however, be helpful if you’re trying to protect your balance sheet. If you have a lot of cash and don’t experience quarterly dips and spikes, then maybe it’s not worth it. For some, it may only be worth the expense if you’re trying to comply with contracts or bring in business.
Team Risk: There are actually several ways to protect yourself, with insurance being just one of a four-point plan. These methods include:
Insurance policies vary widely, and they can be very complicated. While insurance is important, it’s actually the least important of the four. It’s only worth the expense if you buy the right policy that covers the risks you care about the most.
Team Reward: In order to gain something, you have to give something up. Everything comes at a cost. When you download an app, you’ve already surrendered some privacy, even though you might not realize it. Most people don’t read the fine print. The concept of the right to privacy is a myth.
Team Risk: This is a normative question. It really all depends upon the individual, as people all have different views regarding personal privacy. From a legal standpoint, there is a growing body of statutory guidance. While there are no national privacy laws yet in the United States, almost all states have some privacy laws. Some states – like California – are even beginning to put together quite comprehensive laws. Legislatures are beginning to speak for people and determining what rights will be protected.
Team Reward: Replacing humans with robots can actually be very beneficial. By replacing humans, you can reduce accidents, workers’ compensation claims, improve your company’s productivity, and cut down on costs. Robots can’t replace humans when it comes to jobs that require empathy or compassion, but they can replace humans when it comes to repetitive or physical tasks.
Team Risk: It’s very important to be thoughtful about the risks of replacing humans with robots. For instance, what if you replace humans with a very expensive piece of equipment that suddenly stops working or malfunctions and causes injury to persons or property? While it’s great to be economical, you still need to be cognizant of the risks and hidden costs of using robots to replace humans.