Executives are no longer separated from the rest of their companies by the four walls of their corner offices or boardrooms, at least when it comes to new and emerging risks, which are putting top leaders on their toes and underscoring the need for proper risk management.
“One of the big things I think companies are becoming more aware of is managing their reputational risk, which can derive from so many sources – everything from MeToo to social media influencers, mergers and acquisitions, and, of course, cyber breaches, which we’re hearing a lot about,” said Phil Baker (pictured), head of Beazley Canada.
The year-over-year increase in cyber breaches has particularly impacted the executive level. The costs of dealing with breaches are going up and new legislation, whether it’s GDPR in the UK or mandatory breach notification regulations in Canada, are requiring companies to ‘change with the times’ or risk taking a hit to both their bottom lines as well as reputations with consumers.
“We want to make sure that we’re talking to our customers, helping to educate them on these changes and helping them to deal with them if the unfortunate does happen,” explained Baker. “Executives need to be aware of how things have changed, and ensure they understand the risks they face and address them through insurance or risk mitigation.”
Luckily, many executives have kept up with the rapid pace of change. According to Baker, much of the top brass is today well aware of the cyber threat to a level that they perhaps weren’t in the past.
“Years ago, when we talked to C-suite individuals, it seemed to be more of an issue for the IT department or the risk management department versus the board and executive team. That’s changed, and board members and executive members see this as a significant corporate risk versus just an IT issue,” he told Insurance Business. Meanwhile, other employees are getting clued into the fact that they need to bring any issues to light with their executives, while ensuring that plans are in place before the unthinkable happens, such as a massive data breach incident that warrants scrutiny from privacy regulators.
While cyber breaches tend to grab headlines, the long-standing issue of pollution risk is also becoming intensified, though many companies still have the perception that if they don’t have an environmental impact or are not involved in certain industries, like heavy manufacturing or oil and gas, then they don’t have a pollution exposure.
“But, if you’re a company that’s purchased property that’s had past pollution issues, then you’re potentially liable for some of those issues,” said Baker. “We need to educate our companies to make sure they understand this is not just about a traditional pollution exposure. Ultimately, anything can be a pollutant – milk can be a pollutant and have an impact on the environment [by disrupting] the ecosystem – and [then] it becomes a reputational issue.”
Mergers and acquisitions can in other ways expose companies and their executives to risk.
“With technology moving so fast and information coming to light as a result of an acquisition, they need to be aware of some of the things that they might be faced with as a result of that acquisition,” said Baker. “There have been a few examples of companies buying other companies and, following the acquisition, a cyber event has manifested itself and the acquired company now has to deal with that.”