Other parts of this series:
- P&C insurers will need to overhaul their risk management to seize platform business opportunities
- Clear risk-management guidelines enable P&C insurers to bolster their business resilience and cyber-defenses
- Staff training and skills development are strong defenses that P&C insurers can deploy in the fight against cyber-crime
- New digital technology provides P&C insurers with powerful tools to counter escalating cyber-threats
P&C insurers eager to capitalize on the huge potential of platform businesses will have to make sure their risk management can accommodate much closer ties with partners and customers. Consolidating cyber-risk and operational risk is essential.
Property and casualty (P&C) insurers need to take a close look at their own risk management if they want to capitalize on the enormous potential of emerging platform businesses.
This new form of business, which spans multiple digital ecosystems, will propel insurance providers into far closer relations with customers and partners. Increased intimacy is going to expose insurers to greater business risk, especially cyber-risk. They’ll not only have to step up their own defenses but also safeguard their customers and partners.
Before revising their risk management to accommodate new platform businesses, P&C insurers should be clear about the extent of their exposure to digital ecosystems. Carriers, as I mentioned in my previous blog series, need to determine whether they’ll operate in future as utilities delivering connected insurance products through digital channels, solution integrators that bundle services from a variety of partners, or ecosystem orchestrators that offer customers a wide range of real-time protection services.
Having defined their ecosystem engagement, P&C companies should then tailor their risk management systems and processes to address their new risk profile. Studies we’ve conducted with Chartis Research show that it’s important that insurers, and other financial services firms, integrate their oversight of cyber-risk and operational risk within a comprehensive enterprise risk management strategy.
Many insurers still manage cyber-risk separately from operational risk and compliance. It’s often the responsibility of the IT business unit. However, cyber-risk stretches far beyond the boundaries of IT. A cyber-security breach, for example, can impact the whole organization. And very quickly. It can shut-down critical operations, cause substantial financial losses and inflict severe reputational damage. The negative effects of such a breach are often long-lasting and sometimes irreversible.
A consolidated enterprise risk management strategy enables insurers, and other organizations, to better align their defenses against cyber-threats. Chartis recommends a three-tier defense that begins with the identification of potential threats, is backed by a risk evaluation and response framework, and thereafter provides ongoing assurance through internal and external auditing.
Moreover, a comprehensive enterprise risk management strategy bolsters an insurer’s business resilience. It allows the company to quickly implement a broad, multi-faceted response to a security breach. This minimizes the risk to the organization as well as its shareholders, partners and customers. Such swift and effective action is vital in the highly interconnected world of platform businesses.
In my next blog post I’ll discuss some of the key steps P&C insurers need to take to align their cyber-risk and operational risk activities. Until then, have a look at these links. I think you’ll find them useful.