Risk management processes are not sufficiently taking account of the business risks associated the rapid adoption of emerging technologies, according to a report by insurance broker Marsh and RIMS, the risk management society.
The study of the level of knowledge among risk professionals about technology innovation, found that 59 percent of survey respondents said their organizations are currently using or exploring the use of the Internet of Things (IoT) systems; 47 percent said their companies are looking into artificial intelligence (AI), although only 12 percent knew what it was being used for; and 24 percent are investigating the business use of blockchain.
Despite these trends, only 14 percent strongly believe they have a clear process in place for addressing disruptive technology risks and nearly half said there was no process at all.
The annual report “Maintaining Relevance Amid Technology Disruption” highlighted that most risk professionals would benefit from understanding how digitization changes the ways of doing business and how companies interact with their customers.
When it comes to their organization being “digital,” most risk managers tend to think mainly of operational improvements, such as automating core processes or the ability to deliver goods faster. But few consider the resulting growth opportunities and new ways of doing business and as a result do not fully grasp their organization’s risk profile.
“Emerging technologies like AI, blockchain, and IoT are fast becoming the new normal, yet risk management is not keeping up,” said Brian Elowe, chief client officer, North America, Marsh.
“Only by asking questions and understanding the underlying technologies and their uses throughout the organization can risk professionals truly appreciate their risks and respond accordingly.”
About a third of survey respondents whose organization’s have cross-function risk committees said they discuss disruptive technologies at every meeting.
In their own view, most risk executives regard their role as supporting and promoting innovation or acting as “a needed break.” Only 11 percent believe risk management has no effect or slows the process altogether.
The report notes that risk managers generally do not need to understand every new technology in detail but they should feel comfortable talking to experts to understand which technologies are used in their organizations and how they potentially affect risk management.
“Risk management professionals can add tremendous value and insight, supporting organizations’ ability to make strategic decisions regarding disruptive technology,” said Carol Fox, vice president, strategic initiatives, RIMS. “Engaging in innovation that impacts our companies, customers, industries, and even the practice of risk management itself is a giant first step. While risk professionals do not need to be ‘experts’ in the intricacies of these technologies, they can certainly advance the performance benefits that each new technology brings.”
In other technology areas risk professionals have developed a deeper understanding of the risks. More than three-quarters of survey respondents for instance noted that their company understands how legal liability from cyber risks would affect them, and how their insurance would apply. Only less than 10 percent said their organization did not understand these issues.
The focus on cyber risk is also reflected in 62 percent of respondents stating that cyber is among their organization’s top 5 risks overall.
The Excellence report, Maintaining Relevance Amid Technology Disruption, is based on 450 responses to an online survey and a series of focus groups with leading risk executives in January and February 2018.