Security

11:50 AM
Kathy Burger
Kathy Burger
Commentary
Connect Directly
Google+
Twitter
RSS
E-Mail
50%
50%

What Have We Learned About Risk Management Since 9/11?

Technology has transformed the practice of risk management, but with threats growing more complex and sophisticated, has anything really changed?

Insurers and other financial services professionals certainly understood before September 11, 2001, that risk was complex and dynamic. But the terrible events of that day demonstrated in an unforgettable fashion just how difficult it can be to anticipate and predict the scope and nature of risk. We can imagine, model, and prepare for possible future risks, but history has shown that the ability to consistently prevent the losses from risks is a very difficult task.

Even with what would have been, 13 years ago, almost unimaginable capabilities around analytics, visualization, and information sharing, risk management continues to be as much art as science, whether it’s addressing terrorism risk, catastrophe risk, or the increasingly alarming prospect of cyber risk (which can include aspects of terrorism risk, of course).

[Cybersecurity Lessons from Former FBI Director]

Terrorism risk and how to prevent or mitigate it, while always a hot topic in the political arena, is in the spotlight as we observe the 13th anniversary of the 9/11 attacks on the World Trade Center and Pentagon. The repugnant actions of the so-called Islamic State (ISIS or ISIL) have created a renewed sense of vulnerability, along with worldwide outrage, and, at the same, time the insurance industry is pushing hard for reauthorization of the Terrorism Risk Insurance Act (TRIA) via the federal Terrorism Risk Insurance Program Reauthorization Act (TRIPRA).

Insurance Information Institute (III) economist and president Dr. Robert Hartwig, CPCU, characterized TRIPRA as a “vital Act, which has proven itself to be a critical component of the country’s national economic security infrastructure.” In a statement from III, Hartwig noted, “Recent and explicit threats to American interests around the world from new terrorist organizations... demonstrate that the need for the program is greater than at any time in the past several years.”

Perhaps partly due to the benefits of TRIA, the 9/11 terrorist attacks, which killed 2,976 people and produced insured losses of about $32.5 billion ($42.9 billion in 2013 dollars, according to III) remain the most costly terrorist event. In fact, a review of an III-compiled list of the 20 most-costly terrorist acts by insured property losses includes only three events that occurred after Sept. 11, 2001. These are the July 2005 attacks in London, the December 2006 attacks in Madrid, and the November 2008 attacks in Mumbai.

Meanwhile, cyber risk continues to grow as a threat -- and as a potential business opportunity for the insurance industry. According to the recent Kaspersky Lab survey of worldwide IT professionals, 93% of financial services organizations experienced cyberthreats in the past year. A number of property/casualty carriers have expanded their services related to helping businesses of all kinds protect their digital assets from increasingly sophisticated assaults.

Often cybercrime is out-and-out theft and fraud; but there are growing concerns about state-sponsored cyberattacks along with potential attacks from terrorist organizations. Recent revelations that a number of large US bank’s had experienced cyberattacks, evidently perpetrated by Russian hackers, spurred speculation that the Russian government had sponsored the attacks as a response to the sanctions the US has imposed because of Russia’s involvement in the Ukraine crisis.

So, insurance companies, banks, and other businesses can continue to invest more in security, anti-fraud measures, predictive analytics, and other risk management-related technologies, but the risks and threats continue to grow in complexity, sophistication, and scope. Is the industry condemned to this kind of cat-and-mouse cycle forever, or are is it possible to reinvent risk management in some way that would really change the terms of the battle?

[Do you aspire to the C-suite, or some other spot in upper IT management? Then bulk up your credentials around today's most pressing IT movement, digital business, at the InformationWeek IT Leadership Summit.]

Katherine Burger is Editorial Director of Bank Systems & Technology and Insurance & Technology, members of UBM TechWeb's InformationWeek Financial Services. She assumed leadership of Bank Systems & Technology in 2003 and of Insurance & Technology in 1991. In addition to ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
KBurger
50%
50%
KBurger,
User Rank: Author
9/12/2014 | 1:31:07 PM
Re: Cyber Risk
I figure that within the next generation we all are going to be bionic in some way anyway (artificial joints, lenses, pacemakers, etc.), so we won't even notice the implantable IDs. Could be hard getting thru airport security, tho.
Byurcan
50%
50%
Byurcan,
User Rank: Author
9/12/2014 | 9:17:26 AM
Re: Cyber Risk
Indeed, username/PW s becoming an outdated athentication model. Of course, biometrics also presents a whole nother set of ethical questions to answer, regardless of how secure it is. In my band in high school, circa 1997, we wrote a punk rock song about the government implanting v-chips in all our heads, and we're moving ever closer now.
Kelly22
50%
50%
Kelly22,
User Rank: Author
9/11/2014 | 4:53:46 PM
Re: Cyber Risk
Good point - as recent hacks have shown, the username/password combo is becoming easier to crack. No doubt hackers will find their way around biometrics eventually, but right now those would be a much-needed improvement over current security methods. 
Jonathan_Camhi
50%
50%
Jonathan_Camhi,
User Rank: Author
9/11/2014 | 4:27:30 PM
Cyber Risk
In terms of cyber fraud and terrorism, I think biometrics will be a pretty big game changer. Apple is doing a good job of pushing fingerprint identiifcation, and there are a lot of companies working on voice authentification. I'm sure at some point the cyber criminals will find some way around it, but for now I think biometrics is the best bet to get consumers to move past the username/password paradigm, which is turning into a disaster.
Register for Insurance & Technology Newsletters
White Papers
Current Issue
Insurance & Technology Digital Issue
Innovation? Check. Core modernization? Check. Security? Check. Today's insurance IT challenges don't stump this year's Elite 8.
Slideshows
Video