R&I: What was your first job?
I did copying, filing, data entry and other clerical tasks at a local HMO while I was in high school.
R&I: How did you come to work in risk management?
Almost all of my jobs have been related to insurance, starting with the HMO and including work in the coordinated care/utilization review department at a hospital while I was in college. I was interested in what I learned in those jobs, so I decided to major in risk management and insurance while I was at UW-Madison. Through my classes, I realized that a career in risk would allow me to do several of the things I love — problem-solving, negotiating and building strong relationships with people.
R&I: What are the benefits of internships and college graduate training programs? Are they a good tool for attracting more young people to the field of risk management and insurance?
I think they’re a great way to start building a network of contacts early on, and a great way to get new graduates familiar with different aspects of the industry. As recruiting tools, I think they will be important programs because they offer new graduates a foot in the door and a clear path forward, as well as hands-on training that gives you experience right off the bat.
R&I: What is the risk management community doing right?
Developing and improving upon analytics to help drive decisions, including predictive analytics for claims operations and platforms to help determine limits and retentions to manage volatility. There is still room for these platforms to continue to improve and evolve, but the growing commitment is great to see!
R&I: What was the best location for the RIMS conference and why?
San Diego. What is not to love about Southern California after a long Minnesota winter!
R&I: What emerging commercial risk most concerns you?
I think it will be very interesting to see how the industry changes as new risks around Internet of Things and technology continue to emerge.
R&I: What’s been the biggest change in the risk management and insurance industry since you’ve been in it?
In addition to greater use of data and analytics, I appreciate that risk management is moving beyond just traditional insurance. We are getting more comfortable with risk-taking and more creative with alternative risk transfer solutions.
R&I: How much business do you do direct versus going through a broker?
We do everything through a broker.
R&I: Who is your mentor and why?
I am fortunate to have met many people I admire and respect over my years in the industry and they have taught me so much about how to be successful. Currently, I have several mentors both in the insurance community and internally at Target. It is helpful to have both as I continue to develop. Sometimes I am looking for guidance on career development or risk management-specific concerns, and other times it is great to talk through more general ideas such as how to become a better manager or team advocate.
R&I: What have you accomplished that you are proudest of?
I ran the Twin Cities Marathon several years ago.
R&I: What is your favorite book or movie?
“Love Actually.” I watch it every Christmas while making cookies.
R&I: What is your favorite drink?
Craft beer. I like IPAs or saisons. Currently, my favorite is Insight Brewing’s Sunken City.
R&I: What’s the best restaurant you’ve ever eaten at?
That’s so hard to decide. I am currently working my way through the Eater.com list of best restaurants in the Twin Cities and try to go to restaurants on those lists everywhere I go.
R&I: What is the most unusual/interesting place you have ever visited?
Iceland. It is so bizarre but also amazingly beautiful.
R&I: What is the riskiest activity you ever engaged in?
I am a very risk-averse person … maybe zip lining?
R&I: What about this work do you find the most fulfilling or rewarding?
I love that every day is different and that we get to learn about what is going on and support so many areas of the company. The days are full of problem-solving to help the company achieve its goals — either through helping to keep team members and guests safe, protecting profits or finding creative ways to support new business initiatives.
R&I: What do your friends and family think you do?
Most of the kids I know are disappointed to learn that I am not a cashier at their local Target store. Most others settle for a business job at the corporate office or “something related to insurance.”
A Winning Strategy
As a fast-growing company, Under Armour Inc. naturally has to keep on top of any number of potential exposures that could pop up — and Susan Hiteshew helps her firm do just that with her New Business Venture Global Insurance & Risk Management playbook.
“In a young company that grows as quickly as we do, you can’t wait for things to happen — you have to be proactive,” said Hiteshew, who came on board in 2011 as the company’s first traditional risk manager.
Founded in 1996 as a fitness apparel retailer, Under Armour has logged 20 percent-plus quarterly revenue growth for years, as it extends its global reach and product base to include more fitness technology solutions.
In 2014, the company made its first acquisition, the fitness-tracking application MapMyFitness. As the firm began to integrate the new purchase, Hiteshew shrewdly realized that the organization needed a playbook to learn how her team could integrate and add value.
“When we built the playbook, we tried to think about our internal stakeholders — what is important to them — and how the work we do can help them get to the goal line faster and smarter,” she said. “But one of the biggest challenges of risk management is getting a seat at the table at the right time, and so instead of risk management chasing down information, we found a way to facilitate the flow of information to us.”
The playbook details exactly how Hiteshew’s team could add value to any new project, and how the team should be looped into any project at the onset, so that risk management could help to “reduce the likelihood of surprises in their businesses operations.”
“In a young company that grows as quickly as we do, you can’t wait for things to happen — you have to be proactive.” — Susan Hiteshew, senior manager, global insurance and risk financing, Under Armour Inc.
In drafting the playbook, Hiteshew’s team conducted extensive research, pulling themes from certain underwriting applications, timelines that are important to the organization, and key strategic areas of focus.
The team then asked its broker team at Aon, led by Charlie Skinner in Baltimore, to review and add input to the playbook before the materials began to be distributed internally in 2015. Since then, the playbook continues to be upgraded as the company grows.
The playbook has been particularly helpful in dealing with challenges created by fast growth, including coordinating communication between multiple facilities, Hiteshew said.
“We’re now decentralized between Baltimore, our European headquarters in Amsterdam, our team in Shanghai and Guangzhou, and our Latin American headquarters in Panama,” she said. “This document has helped us concisely communicate our involvement.”
Jonathan Schwartz, the firm’s vice president of global risk management, said Hiteshew excels at strategic thinking and communications.
“At Under Armour, change is constant, and playing catch-up with the business is a losing proposition,” Schwartz said. “Susan has kept insurance and risk management proactive and strategic by effectively keeping pace with UA’s growth and change.” &
Hot Hacks That Leave You Cold
Thousands of dollars lost at the blink of an eye, and systems shut down for weeks. It might sound like something out of a movie, but it’s becoming more and more of a reality thanks to modern hackers. As technology evolves and becomes more sophisticated, so do the occurrence of cyber breaches.
“The more we rely on technology, the more everything becomes interconnected,” said Jackie Lee, associate vice president, Cyber Liability at Nationwide. “We are in an age where our car is a giant computer, and we can turn on our air conditioners with our phones. Everyone holds data. It’s everywhere.”
Phishing Out Fraud
According to Lee, phishing is on the rise as one of the most common forms of cyber attacks. What used to be easy to identify as fraudulent has become harder to distinguish. Gone are the days of the emails from the Nigerian prince, which have been replaced with much more sophisticated—and tricky—techniques that could extort millions.
“A typical phishing email is much more legitimate and plausible,” Lee said. “It could be an email appearing to be from human resources at annual benefits enrollment or it could be a seemingly authentic message from the CFO asking to release an invoice.”
According to Lee, the root of phishing is behavior and analytics. “Hackers can pick out so much from a person’s behavior, whether it’s a key word in an engagement survey or certain times when they are logging onto VPN.”
On the flip side, behavior also helps determine the best course of action to prevent phishing.
“When we send an exercise email to test how associates respond to phishing, we monitor who has clicked the first round, then a second round,” she said. “We look at repeat offenders and also determine if there is one exercise that is more susceptible. Once we understand that, we can take the right steps to make sure employees are trained to be more aware and recognize a potentially fraudulent email.”
Lee stressed that phishing can affect employees at all levels.
“When the exercise is sent out, we find that 20 percent of the opens are from employees at the executive level,” she said. “It’s just as important they are taking the right steps to ensure they are practicing what they are preaching.”
Locking Down Ransomware
Another hot hacking ploy is ransomware, a type of property-related cyber attack that prevents or limits users from accessing their system unless a ransom is paid. The average ransom request for a business is around $10,000. According to the FBI, there were 2,400 ransomware complaints in 2015, resulting in total estimated losses of more than $24 million. These threats are expected to increase by 300% this year alone.
“These events are happening, and businesses aren’t reporting them,” Lee said.
In the last five years, government entities saw the largest amount of ransomware attacks. Lee added that another popular target is hospitals.
After a recent cyber attack, a hospital in Los Angeles was without its crucial computer programs until it paid the hackers $17,000 to restore its systems.
Lee said there is beginning to be more industry-wide awareness around ransomware, and many healthcare organizations are starting to buy cyber insurance and are taking steps to safeguard their electronic files.
“A hospital holds an enormous amount of data, but there is so much more at stake than just the computer systems,” Lee said. “All their medical systems are technology-based. To lose those would be catastrophic.”
And though not all situations are life-or-death, Lee does emphasize that any kind of property loss could be crippling. “On a granular scale, you look at everything from your car to your security system. All data storage points could be controlled and compromised at some point.”
The Future of Cyber Liability
According to Lee, the Cyber product, which is still in its infancy, is poised to affect every line of business. She foresees underwriting offering more expertise in crime and becoming more segmented into areas of engineering, property, and automotive to address ongoing growing concerns.”
“Cyber coverage will become more than a one-dimensional product,” she said. “I see a large gap in coverage. Consistency is evolving, and as technology evolves, we are beginning to touch other lines. It’s no longer about if a breach will happen. It’s when.”
About Nationwide’s Cyber Solutions
Nationwide’s cyber liability coverage includes a service-based solution that helps mitigate losses. Whether it’s loss prevention resources, breach response and remediation expertise, or an experienced claim team, Nationwide’s comprehensive package of services will complement and enhance an organization’s cyber risk profile.
Nationwide currently offers up to $15 million in limits for Network Security, Data Privacy, Technology E&O, and First Party Business Interruption.
Products underwritten by Nationwide Mutual Insurance Company and Affiliated Companies. Not all Nationwide affiliated companies are mutual companies, and not all Nationwide members are insured by a mutual company. Subject to underwriting guidelines, review, and approval. Products and discounts not available to all persons in all states. Home Office: One Nationwide Plaza, Columbus, OH. Nationwide, the Nationwide N and Eagle, and other marks displayed on this page are service marks of Nationwide Mutual Insurance Company, unless otherwise disclosed. © 2016 Nationwide Mutual Insurance Company.
This article was produced by the R&I Brand Studio, a unit of the advertising department of Risk & Insurance, in collaboration with Nationwide. The editorial staff of Risk & Insurance had no role in its preparation.