ERM done – so what
I’ve shared some technical and practical considerations about ERM in a few previous blogposts. This episode addresses the most important topic: “ERM done – so what”. Whenever I talk about Enterprise Risk Management, I emphasize on its tangible benefits. ERM is about managing downside and creating opportunity.
The picture below displays a wide, although not complete, stakeholder landscape and the tangible benefits of good ERM. The regulatory, governance and credit rating agency related values are clear. Furthermore, an optimal alignment of risk appetite and capital possibly supports increased risk taking. So far, all so good.
IMHO Cyber Risk is one of the best cases in point to illustrate practical benefits of ERM; two aspects:
- Firstly, the defensive angle: companies must prepare to deal with Cyber attacks as an “entirety”, silos don’t work. This is relatively new category of risk(s), hence it requires some subject matter expertise and a very diligent look “across” the entire organization. Megrow has done Cyber risk mapping with clients (and for its own good – just to state the obvious). I will not dwell on that here. However, if you are interested in good Cyber-webinars, I highly recommend FireEye.com – excellent!
- Secondly, the opportunity angle. Let’s assume an insurer covers small and medium sized enterprises. Very many of these clients could and should do more to identify and manage Cyber risks. Buying Cyber insurance is only one mitigating factor. How can the insurer provide additional value and services for this type of risk? The principles of Cyber Risk management are rather universal. In other words, if an insurer has a good grip on its own Cyber risk landscape, this knowledge can become part of its service offering to insureds. This works exactly the same way as traditional loss prevention services that insurers offer their customers. Any sales person of that insurance company will be more than pleased to have an additional service ace in his/her sleeve!
In other words, we killed two birds with one ERM-stone. Thorough ERM helps this insurer manage potential downside risk of Cyber and enhances the company’s value proposition to its customers. It doesn’t get much better than this!