The historian: Dirk Wegener shares the lessons he’s learnt in over 20 years of risk management

“Insurance is not the only risk mitigation tool companies should rely on, as there are many other risk management measures that must be taken into account,” Dirk Wegener says, talking to StrategicRISK as he approaches the end of his term at the helm of FERMA.

He has spent four years in the role, and over 20 in the risk management arena, so conversation quickly turns to the risks that have shaped those years.

He says that during his career, there are three key events that have been game changers for the way we think about mitigating threats.

Unthinkable terror

The first, he says, was 9/11.

Not only were the terrorist attacks responsible for an enormous loss of life, but they also led to one of the largest insured losses on record.

As a consequence, insurers started excluding terrorist attacks from policies, and state-backed schemes were set up to fill the gaps.

Wegener says: “9/11 was a game changer in terms of risk mapping, as almost no organisations had that kind of an attack on their radar at all. It was also the first time that I had personally experienced a situation where many in the insurance market walked away from a certain type of exposure.”

“It taught us to think about the unthinkable when it comes to risk analysis.”

He adds that despite successful efforts to establish state-backed public-private partnerships to maintain essential insurance coverage, such solutions only work on a national scale.

This means they have limited impact for the cross-border production chains operated by most corporates in a globalised economy. Risk managers, therefore, needed to look at other ways to protect themselves from such major risks.

He says: “It taught us to think about the unthinkable when it comes to risk analysis. And that it’s difficult to only rely on the traditional risk mitigation tool of insurance when you are confronted with new risks like an attack of this magnitude.”

Pandemic preparedness

Wegener says that the second event that changed the face of risk management was the pandemic.

Like 9/11, this was not a new risk, but one that was realised on an unprecedented scale.

It was also a risk where there was little or no insurance cover. Where policies did exist, there were concerns about whether they would respond.

“We managed the crisis quite well in the sense that we were flexible enough to adapt business continuity measures”

However, Wegener says that the risk management community was able to weather the storm, and that COVID-19 helped demonstrate the value of risk preparedness.

“We managed the crisis quite well in the sense that we were flexible enough to adapt business continuity measures that were initially developed for very different scenarios to overcome disruptions caused by the pandemic.”

“Work from home is probably one of the most well-known examples. Some businesses had continuity sites created for when premises were inaccessible due to a fire, for example, and used them to split the teams and to maintain social distancing.”

War in Europe

The Russian war against Ukraine is the third event that Wegener says has the potential to transform risk management. He explains how one challenge is that different sanctions in different regions make it difficult for global companies to be compliant.

He says: “All of a sudden, we had to deal with war exclusions again, which had thankfully not been on the table for 70 plus years in Europe and the Northern Hemisphere.

”Furthermore, new, far-reaching sanctions had a significant impact on many industries because supply chains were completely disrupted.

“As a consequence, geopolitical tensions are now fully back on the risk radar. For instance, the idea of decoupling from China could have a massive impact on geopolitical dynamics and this is causing many industries to reassess how they operate. And this is risk-driven.”

So what have we learnt?

One key lesson that risk managers must take from these events is the importance of looking beyond insurance solutions to build resilience.

Wegener points to cyber threats and fire risk as obvious examples where risk managers need to shore up risk mitigation defences in addition to seeking cover.

He says: “You need to be able to demonstrate that you have effective cyber defences in place to get any kind of cyber insurance. Likewise, taking fire insurance as an example, it’s always the case that your risk mitigation and loss prevention comes first and then you can look to purchase insurance.”

“We are also seeing new risks on the horizon that are currently uninsurable because there is simply no coverage available. And that might also be true for certain climate change- and cyber-related risks, where the systemic nature of these risks makes them very challenging to insure.”

”It’s always the case that your risk mitigation and loss prevention comes first and then you can look to purchase insurance.”

However, Wegener cautions that the systemic nature of certain risks must not be used as an excuse to completely disregard insurance as a mitigation tool.

He says: “Embedded risk assessment and loss prevention techniques as prerequisites for cover are essential from a societal perspective to foster resilience across both economies and communities.”

“If needed, public-private partnerships should be initiated to eventually establish sustainable private sector insurance solutions. Throughout my presidency, FERMA has been constantly stressing this broader societal role of the insurance industry.”

Taking on future threats

Wegener points to ongoing geopolitical and supply chain risks as a key issue that should be top of mind for risk managers.

In particular, relocation of activities, onshoring or nearshoring, and de-risking supply chains are all solutions risk managers might consider.

Another crucial future threat is climate change.

Wegener says: “The transition to a green economy is also a driver for change within organisations, with the introduction of new technologies and new sourcing requirements serving to change the risk profile of corporates.”

Finally, Wegener says misinformation and data concerns will also be a key emerging threat.

He adds: “It will be a challenge to distinguish the 90% of data, which is propaganda, false information and fake news, from the 10%, which is meaningful and necessary to access for risk management purposes. It will be a challenge for corporates, but also, of course, for individual risk managers to find reliable resources and data.”

”This is not going to be a job where you sit in your office and wait for someone to come and tell you what you need to know.” 

To cope with the challenges ahead, Wegener says risk managers must most of all be agile and proactive. This means engaging with stakeholders at all levels and functions to build up a comprehensive understanding of the risk the organisation is facing.

He explains: “This is not going to be a job where you sit in your office and wait for someone to come and tell you what you need to know. You must actively reach out to many stakeholders in your company and beyond it, to get a holistic risk picture and establish what needs to be done.

”Risk managers need to be risk conductors within their organisations if they are to develop and implement effective loss prevention measures.”

Wegener says that the final great challenge will be attracting the next generation to the risk manager profession, something he believes FERMA can help lead the way on.

He concludes: “We should be vocal about what we are doing because if you compare the risk management role with other back-office functions, one of the major differences is that this is a truly horizontal function. It covers all aspects of the company across the entire value chain.”

“It’s a very interesting role given the diversity of topics and areas it encompasses. You have to understand every aspect of the organisation; the whole arsenal of potential risk management and mitigation measures available to you and your corporation.”