Risk Insider: Zachary Gifford

Stay True, Be Kind

By: | November 16, 2016 • 2 min read
Zachary Gifford is Director, Systemwide Risk Management with the California State University – Office of the Chancellor. He also is active in risk management organizations such as PARMA, PRIMA and RIMS. He can be reached at [email protected]
Topics: Risk Insider

Depending on one’s point-of-view, this past election appears to have caused a great amount of anxiety, vitriol and perhaps evidence of an electorate who made their choices (regardless of party) based on their heart and not on reliable nonpartisan evaluations, analytics or fact checking.

“I heard it on talk radio” or “saw it on a blog” are generally not the best sources of dispassionate and accurate information. In this election, that appeared to be the overwhelming source of ‘information’ used by the young, old, male, female, Republican, Democrat, etc.

Enterprise risk management gurus or ISO 31000 disciples must be scratching their heads. Can one imagine assessing a risk management endeavor in the same manner a large percentage of the electorate evaluated one of the ultimate risk assessments?

With the above said, and when there appears to be a period of great change at the federal level, we need to remind ourselves that the Constitution has the built-in ability to “pump the breaks,” most namely through the separation of powers. Our founders built in safety valves to protect us from demagoguery, fascism and oligarchy.

From a risk management perspective we ask the question: “What does this historical election mean to the profession, our organizations and ourselves?”

From a risk management perspective we ask the question: “What does this historical election mean to the profession, our organizations and ourselves?”

Advertisement




As to the profession and our organizations, the answers are likely as plentiful as there are questions.

The risk manager for a mining, petroleum or pharmaceutical operation might be doing handsprings of joy at this moment.

Conversely, many working for governmental entities, especially those providing regulatory oversight or “services,” clean energy or the media, might be ingesting large quantities of antacids this week. Cherry smoothie flavor is my favorite.

One cannot think holistically without considering how such change affects one’s self. Without ranting about personal beliefs, all people should be able to agree that we want a president of the United States (and congress I suspect … ) to be successful, visionary and do well for the country.

Further, we do not have to respect the individual in the position; however, we must respect the position and the democratic values of our country. The ease of the transition of power is a good example of why we are blessed to live in the United State.

So let’s keep our chins up or our celebrations of new-found power humble and realize we are citizens first and then Democrat, Republican or other. Together, common ground can be found, and if not, we all get another bite of the apple in two and then four years hence.

Stay true and be kind to one another.

Share this article:

Risk Insider: Eric Copple

Selling Peace of Mind in an RM Package

By: | November 2, 2016 • 3 min read
Eric B. Copple CIC, CRM is a risk management adviser for Arthur J. Gallagher & Co. Throughout his 20 years of brokerage experience, he has helped clients build effective risk management systems to stay on the road to success. He can be reached at [email protected]

Whether you believe you are in sales or not, most of us spend our days trying to persuade other people to adopt our idea, way of thinking, product, approach, etc.

We are all of us eternally trying to convince someone to buy or buy-in, literally or figuratively.

Advertisement




According to Daniel Pink in his exceptional new book To Sell Is Human, “Dig beneath the sprouts of your own calendar entries and examine their roots, and I suspect that you’ll discover something similar.

Some of you, no doubt, are selling in the literal sense — convincing existing customers and fresh prospects to buy casualty insurance or consulting services or homemade pies at a farmer’s market.

But all of you are likely spending more time than you realize selling in a broader sense — pitching colleagues, persuading funders, cajoling kids. Like it or not, we are all in sales now.”

Let’s face it: there are few things more difficult to sell than the concept of risk management. From a time and resource allotment standpoint, Risk Management and now Enterprise Risk Management have always been a difficult sell to the ADHD world of business.

Convincing a business that they should loop back and check their processes when they’ve already begun to institute a new plan, or spend important hours on the front-end of a launch to make a failure prevention plan, will not make you popular.

When the topic of risk management is introduced, our minds instantly gravitate toward boredom, meetings, micro-management and extra work.

Why is this true? Like beginning a diet or a new workout regime, starting a RM process seems somehow painful. People have a natural aversion to pain and anything negative.

Seem like an over-generalization? Then think about how often the answer is “Fine” to the question “How are you doing?”

Like anything worthwhile in life, the risk management approach is going to take more work on your part.

It often seems easier and perhaps more polite to not get into it with someone, even if they could potentially help. We really do not want to waste time thinking about what is wrong or what could go wrong in our own lives, families or businesses.

But at its core, what is risk management? What is insurance, for that matter?

PEACE OF MIND. We want to feel like things are going to turn out as we intended, and everyone is going to arrive safely at their desired destination.

In any other area of life, how is this peace of mind achieved? By putting in the work.  By taking the time and effort to see a plan through to the end, to the point where you are bone-weary and can lay your head on the pillow and say, “I did the best I could do.”

Like anything worthwhile in life, the risk management approach is going to take more work on your part. However, there is nothing more valuable in getting you so much closer to what you really want — PEACE OF MIND.

So, what are we selling? PEACE OF MIND.

How are we selling it? The answer to this question really matters. If you set out to lose twenty pounds, you must first picture a slimmer version of yourself with a big smile on your face.

If you want to run your first marathon for your 40th birthday, you must plan and practice. But even before that you must really like the mental picture of yourself crossing that finish line.

Why do we do these crazy things to ourselves? For the results. We like the picture of ourselves at the end of the work.

And that is how we should sell risk management. We need to spend time creating the pitch.

Advertisement




As Pink says, “The purpose [of the pitch] is to offer something so compelling that it begins a conversation, brings the other person in as a participant, and eventually arrives at an outcome that appeals to both of you.”

If we are not painting a vivid, technicolor picture of the imagined best future, we are never going to get the amount of buy-in we need to make a real difference.

As risk managers, we must help our organizations or clients focus on the results that naturally follow quality advance planning – and particularly on that much-desired PEACE OF MIND.

Share this article:

Sponsored Content by Nationwide

Hot Hacks That Leave You Cold

Cyber risk managers look at the latest in breaches and the future of cyber liability.
By: | December 1, 2016 • 5 min read

Nationwide_SponsoredContent_1016Thousands of dollars lost at the blink of an eye, and systems shut down for weeks. It might sound like something out of a movie, but it’s becoming more and more of a reality thanks to modern hackers. As technology evolves and becomes more sophisticated, so do the occurrence of cyber breaches.

“The more we rely on technology, the more everything becomes interconnected,” said Jackie Lee, associate vice president, Cyber Liability at Nationwide. “We are in an age where our car is a giant computer, and we can turn on our air conditioners with our phones. Everyone holds data. It’s everywhere.”

Phishing Out Fraud

According to Lee, phishing is on the rise as one of the most common forms of cyber attacks. What used to be easy to identify as fraudulent has become harder to distinguish. Gone are the days of the emails from the Nigerian prince, which have been replaced with much more sophisticated—and tricky—techniques that could extort millions.

“A typical phishing email is much more legitimate and plausible,” Lee said. “It could be an email appearing to be from human resources at annual benefits enrollment or it could be a seemingly authentic message from the CFO asking to release an invoice.”

According to Lee, the root of phishing is behavior and analytics. “Hackers can pick out so much from a person’s behavior, whether it’s a key word in an engagement survey or certain times when they are logging onto VPN.”

On the flip side, behavior also helps determine the best course of action to prevent phishing.

“When we send an exercise email to test how associates respond to phishing, we monitor who has clicked the first round, then a second round,” she said. “We look at repeat offenders and also determine if there is one exercise that is more susceptible. Once we understand that, we can take the right steps to make sure employees are trained to be more aware and recognize a potentially fraudulent email.”

Lee stressed that phishing can affect employees at all levels.

“When the exercise is sent out, we find that 20 percent of the opens are from employees at the executive level,” she said. “It’s just as important they are taking the right steps to ensure they are practicing what they are preaching.”

Locking Down Ransomware

Nationwide_SponsoredContent_1016Another hot hacking ploy is ransomware, a type of property-related cyber attack that prevents or limits users from accessing their system unless a ransom is paid. The average ransom request for a business is around $10,000. According to the FBI, there were 2,400 ransomware complaints in 2015, resulting in total estimated losses of more than $24 million. These threats are expected to increase by 300% this year alone.

“These events are happening, and businesses aren’t reporting them,” Lee said.

In the last five years, government entities saw the largest amount of ransomware attacks. Lee added that another popular target is hospitals.

After a recent cyber attack, a hospital in Los Angeles was without its crucial computer programs until it paid the hackers $17,000 to restore its systems.

Lee said there is beginning to be more industry-wide awareness around ransomware, and many healthcare organizations are starting to buy cyber insurance and are taking steps to safeguard their electronic files.

“A hospital holds an enormous amount of data, but there is so much more at stake than just the computer systems,” Lee said. “All their medical systems are technology-based. To lose those would be catastrophic.”

And though not all situations are life-or-death, Lee does emphasize that any kind of property loss could be crippling. “On a granular scale, you look at everything from your car to your security system. All data storage points could be controlled and compromised at some point.”

The Future of Cyber Liability

According to Lee, the Cyber product, which is still in its infancy, is poised to affect every line of business. She foresees underwriting offering more expertise in crime and becoming more segmented into areas of engineering, property, and automotive to address ongoing growing concerns.”

“Cyber coverage will become more than a one-dimensional product,” she said. “I see a large gap in coverage. Consistency is evolving, and as technology evolves, we are beginning to touch other lines. It’s no longer about if a breach will happen. It’s when.”

About Nationwide’s Cyber Solutions

Nationwide’s cyber liability coverage includes a service-based solution that helps mitigate losses. Whether it’s loss prevention resources, breach response and remediation expertise, or an experienced claim team, Nationwide’s comprehensive package of services will complement and enhance an organization’s cyber risk profile.

Nationwide currently offers up to $15 million in limits for Network Security, Data Privacy, Technology E&O, and First Party Business Interruption.

Nationwide_SponsoredContent_1016
Products underwritten by Nationwide Mutual Insurance Company and Affiliated Companies. Not all Nationwide affiliated companies are mutual companies, and not all Nationwide members are insured by a mutual company. Subject to underwriting guidelines, review, and approval. Products and discounts not available to all persons in all states. Home Office: One Nationwide Plaza, Columbus, OH. Nationwide, the Nationwide N and Eagle, and other marks displayed on this page are service marks of Nationwide Mutual Insurance Company, unless otherwise disclosed. © 2016 Nationwide Mutual Insurance Company.

SponsoredContent

BrandStudioLogo

This article was produced by the R&I Brand Studio, a unit of the advertising department of Risk & Insurance, in collaboration with Nationwide. The editorial staff of Risk & Insurance had no role in its preparation.




Nationwide, a Fortune 100 company, is one of the largest and strongest diversified insurance and financial services organizations in the U.S. and is rated A+ by both A.M. Best and Standard & Poor’s.
Share this article: