The RIMS View of Cyber Risk
May 9, 2019

These two RIMS sessions - "Cyber Coverage for Things That Go Boom! Hackers Out to Destroy" and "Cyber Security Risk Management: Finding and Fixing Your Security Vulnerabilities" - were worth a trip to Boston (RIMS members - see the conference app for copies of the presentation materials, Session 253C). Regular readers of this Journal (we know who you are) are well aware of the threats multiplying across all aspects of cyber-based commerce, but having four experts pool the latest information into two powerfully organized sessions proved hair-raising.

For example, while the number of cyber cases under active investigation by the FBI has remained about the same (2600), the size of these cases in terms of both dollars and victims, keeps getting larger. Recent examples of major intrusions include the shutdown of Norsk Hydro and the UK's National Health Service. One survey of cyber damages in the US shows a total of $445 B just a few years ago, but some $750B just last year with the total expected to top $1T soon.

But the most worrisome question about recent cyberattacks is whether there may be a hidden pattern evolving. For example, many recent ransomware incidents involved minor amounts of money. Was the intrusion about the Bitcoins - or something else, like planting Trojan horses to be activated later? Why are state actors from China and Russia, or Korea and Iran (their respective proteges in hacking), and their "exploits" like wannacry and notPetya turning up so often in different hack attacks?

As Phil Reynaud of the Risk Institute at Ohio State put it, black swans are everywhere now in terms of cyber threats. The second session presented a plethora of risk management, damage mitigation, and resiliency measures now available to prevent serious incursions or limit the damage should one occur. One potential solution currently under development is using learning systems (AI) to monitor and defeat hacker activities.

As Jim Trainor, Senior Vice President, Aon Corporation's Cyber Solutions Group (and former FBI Cyber Crimes director) put it: Don't take a human to a software fight.

 
They're everywhere!

 

Dealing with a Risk-Dense World

Every spring brings us another RIMS conference and the new Aon Political Risk Map. If you have operations abroad, you should get AON's political risk map and report so you know what you're dealing with anywhere from Albania to Zambia. Every year supply chains become a little more vulnerable - subtly in some locales, dramatically in others.

What is political risk? Basically it's all those events which are not Acts of God which can impact your ability to operate in a given country. Aon lists the following:

  •   

Confiscation, expropriation or nationalization of assets

  •   

Export/import embargoes or cancellation of export/import licenses

  •   

Physical damage to assets from political violence

  •   

Termination of or default on contracts

  •   

Non-payment or moratorium due to exchange transfer and currency inconvertibility

  •   

Non-delivery/shipment of goods

  •   

Calling of on-demand bid or contract bonds and guarantees for unfair or political reasons

  •   

Forced abandonment or divestiture

  •   

Non-payment by government and/or government owned entities of trade-related debt to financial institutions

Note that "political violence" includes such nasties as civil war and/or active terrorist activities (Sri Lanka, for example).

What's that? You don't have operations in any of those risky locales. Well, how about your suppliers? The Map notes that even such boring places as Sweden, Germany, and the Netherlands appear to be moving away from "politics as usual" into uncharted places as nationalist parties gain power. The point is that the Risk Map offers a great deal of global information and analysis in one place. The graphics are crisp and easily understandable while the narratives are compact, well written, and to the point.

The Map's cover conveys, on one page, a great deal about the state of the world in which we are all trying to do business.

 
Courtesy AON

 

Quick Take 1:
Health Promotion in the Workplace

Sometimes our tax dollars do really good work. For example, let's take a quick look at the Center for Disease Control's (CDC) latest "Results of the Workplace Health in America Survey". The purpose of the survey is to put some reliable numbers around employer offerings of wellness and health promotion programs, broadly defined, by employer size and type. In short, what resources are employers typically providing to maintain the health status of their workforces.

As we have explored in previous Journal items, overall employee health has a major bearing on the costs of workers' comp. Here's a very good reason for risk management and HR to make common cause to help manage health-related costs and their attendant productivity issues. The actual results of the survey are too extensive to report here, but the good news is that medium to large employers across the US are offering an impressive array of health promotion services. Odds are, your opposite numbers in HR have got some really good stuff in place. The next question is - are you working with them to optimize the potential benefits for comp?

 

Quick Take 2:
Cross Border Health Care

Employers in Arizona and California's huge agriculture business figured this out a long time ago. For many employees who are either Mexican nationals or who have extensive family connections in northern Mexico, getting needed medical treatment in Mexico can be both more convenient and much more cost effective than treatment north of the border. Your humble correspondent set up group health PPO networks in Mexicali and Tijuana for seasonal farm workers back in the 80s. They worked remarkably well and provided this generally underserved group with excellent care at affordable rates. A recent article in Risk & Insurance's online service describes how the same concept is now being used for treatment under workers' compensation.

Yes, this is legal under California law. (The R&I article does not mention Arizona comp law.) The author makes specific reference to the Mexican HMO Sistemas Medicos Nacionales, S.A. de C.V. (SIMNSA), which is - an important point - licensed by the State of California. In addition to lower costs and convenience, treating in Mexico can have additional advantages for injured workers who are not fluent in English and who feel more comfortable in a familiar cultural setting. Getting medical treatment in Mexico is not suitable for all claims or all employees, obviously, but if you have a significant comp exposure close to our southern border, you might want to check this out with your comp carrier or TPA, if you have not already.

Tags:

Share This
Subscribe
 
* Required Fields