How the high-tech boom has increased the level of non-physical risks and created new challenges for the risk management profession

Threats

One of the main challenges facing risk managers and chief risk officers around the world is that the high-tech boom – and particularly the internet – now means that the value of many companies is now largely made up of non-physical resources, such as their brand and data, or what is increasingly being referred to as intangible assets. Until recently, the main stock value of a company was its physical assets, namely property, plant and machinery.

However, nowadays, it is much more likely in many sectors to comprise these non-physical assets. Airmic will be looking in detail at how advancement in technology has changed the risk landscape in several workshops today.

A point that will surely be discussed at these workshops will be a shift in focus from physical assets to intangible assets. Peter Hacker, head of communications, technology and media practice, at JLT Specialty Ltd, says that these non-physical assets “can be little more than a website, intellectual property data, a brand. So what does that mean for risk managers? If 80% or 90% of your firm’s value is based on these things, this represents a change of focus for risk managers.

“For example, take a smartphone; this is based on various applications, when you use applications you use software, when you use software you have data and content, and you have third parties hosting all that.

“The key challenge for risk managers and brokers is to think outside the box in a horizontal way, outside of their silos.”

Broad thinking

For example, if a telecommunications company is hacked, most insurers think in terms of a cyber incident. “But it is much more than that because there is a potential effect on a firm’s P&L as variable costs increase, the company might lose customers, be confronted with contractual liability issues, have lost data or be in trouble with the regulator”, Hacker says.

“The challenge is to understand the shift into this complex area and develop solutions, not just products. The risk should be quantified and then an all-risks approach should be adopted.

“Products alone will not provide the value a company needs.”

Until a year ago, Hacker says that most risk managers were not up to speed on this shift in focus, but this has changed. “They are now following a different approach,” he says. “First look at the risk landscape, the macro-economic risk and regulatory risk. Next, look at your tangible risk and then your intangible risk – and you need to understand this in terms of your first-party and third-party exposure, which is built around intellectual property and business interruption.

“Once you understand these, you need to quantify the risk across your organisation – and look at what you are buying, already. Ask, do I have cover in my property, casualty, D&O policies? “Review your policies and understand what you already have. You need to stresstest your policies and find the gaps. For example, is your supply chain covered for a data failure? Next, you need to decide: are you better to invest in insurance, or alternative risk management such as supply chain management and disaster management?

“Only then can you create a properly tailored solution.”