“It’s such a complex risk that no one company or no one risk manager will be able to effectively manage it on their own” – Alexander Mahnke
In our technology-advanced and hyper-connected business world, “cyber risk is not going to go away”.
This was the stern warning from Alexander Mahnke, president of GVNW, the German risk management association.
Speaking to StrategicRISK moments before taking his seat on yesterday’s panel, Can partnership with cyber regulatory agencies help strengthen cyber resilience? Mahnke argues that insurance is secondary to proactive risk prevention and management.
Contrary to the complaints from some risk managers – that conversations with brokers about cyber risks focus far too much on insurance as a solution – Mahnke argues that insurers and brokers agree that risk management comes first.
“When insurers and brokers talk to the clients, they don’t want to talk about insurance, they want to talk about risk. They understand this – and this is the right approach,” he says.
“Manging the risk is not about insurance,” he adds. “It’s about understanding the risk and finding ways to be resilient against it. And only then does insurance become part of the discussion. It is only then that you can think about financing the risk – as part of the risk management value chain.”
Compared to other classes of insurance, cyber insurance propositions are relatively limited, he explains. And as technology and its related risks continue to shift and evolve, the key to managing the risks is through stakeholder collaboration.
“It is of the utmost importance that all stakeholders understand their role in preventing and managing cyber risks.
“There will always be more than one stakeholder partner involved in a cyber risk assessment. This does not involve the insurance or ERM departments only – legal, IT and IT security and other stakeholders will need to work together.
“They all have a stake in protecting the company and must communicate to effectively assess the risks, quantify them, and then – together – decide what needs to be done.”
This collaboration extends beyond internal stakeholders, he says. Third-party organisations and associations, insurers and brokers must come together to tackle the complex and constantly changing risk.
He points to initiatives such as the Charter of Trust – initiated by Siemens– as examples of industry players partnering to better understand and manage cyber risks.
He concludes: “It’s such a complex risk that no one company or no one risk manager will be able to effectively manage it on their own. It’s a societal issue and we must work together.”