Expert Commentary

2016 RIMS Conference Report

The RIMS 2016 Annual Conference & Exhibition took place April 10–13 in San Diego. As a testament to the recovering economy, some 10,500 risk professionals from around the world attended this year. This was their largest attendance since 2003 in Chicago. Overall, the mood was upbeat and positive.

May 2016

The sessions were well attended, and there was plenty of activity in the expansive exhibit hall. This article recaps some of the highlights.

It Was a Cyber-Risk Conference

If cyber-risk wasn't on the radar of every risk manager in the United States last year, it certainly is this year. No fewer than 10 of the conference workshops focused on the topic, and all were very well attended. Other sessions and workshops also addressed the topic.

"Cyber is not an emerging risk; it is the solutions for managing cyber-risk that are emerging," declared Lori Goltermann, CEO of Aon Risk Solutions U.S. Retail, at the executive forum panel discussion. "Business interruption exposures from cyber-attacks are a growing concern with corporations worldwide," she added.

Exposures emanating from the "Internet of Things" (IoT) were discussed in several workshops. David Mordecai, Ph.D., president of Risk Economics, explained that there were only 1,000 devices connected to the Internet in 1984. It rose to 17 billion devices in 2012 and is expected to increase even further to 26–50 billion by 2020. Each of the devices in this pervasive and ubiquitous network presents a possible point of attack for cyber-terrorists and other bad actors.

In many ways, the IoT presents more significant risks than data breach. This is because disruption or failure of devices from cyber-attack can lead to bodily injury, property damage, or business interruption. "While there have been few successful tort liability suits brought by people whose data was breached, these other types of losses are likely to lead to legal liability or financial loss far greater than that involved in notifying and providing credit monitoring to those affected by a data breach," explained Mr. Mordecai.

"Just buying a cyber-policy isn't enough. More time and effort must be spent on risk assessment and mitigation," said Ms. Goltermann.

Gerry Kane, cyber security segment director at Zurich Services Corporation, recommends the NationalInstitute for Standards Cyber Security Framework for managing the risks of the IoT. This involves the following five pillars.

  1. Identify—Perform a detailed risk assessment.
  2. Protect—Train employees, install access controls, employ rigorous authentication methods, encrypt data.
  3. Detect—Prevention is ideal but detection is a must.
  4. Respond—Prepare a plan in advance.
  5. Recover—Develop a plan.

Awareness training of employees is one of the least costly mitigation activities that companies can implement and has a high payback, according to Mr. Kane. Many major hacks begin with some type of social engineering ruse to get past the security systems in place, and training employees can greatly reduce susceptibility to this. He also emphasized the importance of data encryption. Risk managers should ask IT if all critical data is encrypted and make a case for it if not.

In summary, cyber-risk awareness is moving from concern over data breach, which is proving to be a manageable exposure for most companies, to risk of bodily injury, property damage, and business interruption arising from the proliferation of devices connected to the Internet. As Mr. Kane said, "It's not just an IT issue anymore!"

214 University Insurance Majors Learn and Network

Over 200 college and university students attended the RIMS conference. They represented some 38 academic institutions from the United States, Canada, and Argentina. Most of these students are majoring or minoring in risk and insurance or actuarial science. In partnership with the Spencer Educational Foundation, RIMS provided complimentary registration and expense reimbursement for 30 of the students under its Anita Benedetti Student Involvement program. Students who do not receive free registration enjoy a substantial (i.e., 85 percent) discount off the regular member fee. Inviting students to its annual meeting in concert with the Spencer Educational Foundation has been a RIMS tradition for 4 decades, and together, they are probably doing more to draw bright young talent into the insurance industry than any other organization.

In addition to attending the educational workshops available to risk professionals at the conference, RIMS arranges some special sessions for the students. One is the Spencer/RIMS Risk Management Challenge, in which teams from more than 20 different universities are provided with a case study of an actual company. They must perform a risk management analysis and make recommendations as if they were consultants to the company.

The students provide a written report in advance of the conference, and the top eight teams are invited to present their findings to the judges on the day before the conference begins. RIMS provides these students with complimentary conference registration, bringing the total number of students who received complimentary registrations to 61. The field is then narrowed to the top three teams, and they repeat their presentations before a live audience during one of the conference's workshop time slots. The three finalists this year were Florida State University, Temple University, and Butler University. These young people were really impressive, showing a deep knowledge of the company they were analyzing—the Lego Company this year—and risk management practices. They are indeed the future leaders of this industry.

Ultimately, Temple took the top honors, but no one would have disputed a decision by the judges to name either of the other two teams the winner. Second place in this year's challenge was Florida State University, and the third place team was Butler University. The first place university received $4,000, second $3,000, and third $2,000. Ron Davis, the newly elected chair of the Spencer Educational Foundation, summed it up nicely following the competition: "All of the students who took part in the Spencer-RIMS Risk Challenge are winners."

Awards and Recognition Galore

During the conference, RIMS announced the winners of its series of industry awards. RIMS's most prestigious honor, the Harry and Dorothy Goodell Award, was presented to Christopher E. Mandel, senior vice president, strategic solutions for Sedgwick Claims Management, Inc. Named in honor of RIMS's first president, the award pays tribute to an individual who has furthered the goals of the Society and the risk management discipline through outstanding service and achievement.

The Ron Judd Heart of RIMS Award pays tribute to the legacy of Ron Judd, who served as RIMS's executive director for 22 years. Individuals are nominated by chapters for outstanding performance in furthering risk management at the chapter level. This year's Heart of RIMS recipient is Robin Joines, senior vice president, risk management for Sedgwick and active member of RIMS's Memphis Chapter.

The RIMS Rising Star Award honors up-and-coming risk management professionals either under the age of 35 or who have 7 or less years of professional experience in the industry. This year, Alumine Bellone, director of risk and insurance for Broward Health, and Kathleen Crowe, account specialist II for Aon Risk Solutions, were honored for demonstrating exceptional initiative, volunteerism, professional development, achievement, and leadership potential.

The RIMS Ambassadors Group award recognizes individuals for their continued service with RIMS, going above and beyond to help strengthen and support the Society's strategic initiatives. RIMS's first inductees into the RIMS Ambassadors Group are Darius Delon, South Alberta Chapter member and associate vice president, risk services at Mount Royal University, and Daniel McGarvey, Western Carolina Chapter member and managing director at Marsh.

The Cristy Award was presented to David Engel, director, AT&T risk management. This award acknowledges the individual who earned the highest marks on the three exams required to earn the Associate of Risk Management designation.

RIMS and Business Insurance magazine presented the 2016 Risk Manager of the Year® Award to Gus Fuldner, head of insurance at Uber Technologies, Inc.

Additionally, David Mikulina and William H. McGannon were inducted into the Risk Management Hall of Fame, which is a joint venture between RIMS and AIG. David Mikulina, retired vice president of risk management for Hyatt Hotels Corporation, was a member of the risk management profession for almost 35 years. Bill McGannon was one of the first Canadian risk managers to establish a full-service risk management department that included loss prevention and statistical support at NOVA Chemicals Corporation in Alberta.

Ten Years of Excellence in Risk Management

There have been many changes in the world of risk management over the last 10 years, but one thing has held true through all of the years—risk management continues to bring significant value to organizations. This was reflected once again in the Excellence in Risk Management survey produced by Marsh and RIMS. It is particularly interesting to look at how some responses and priorities have shifted over the 10-year period while others have always been in the mix but perhaps at different priority levels.

The tenth annual survey reinforced that though how the value is provided or perceived has shifted a bit over the years, there is no question that the risk management function brings value to organizations. Yet there is still a gap between what risk professionals perceive brings value and what senior leaders in their organizations expect of the risk function, particularly from a strategic value standpoint.

Key takeaways from this year's survey include the following.

  • While risk management is always evolving, during this particular evolutionary period, the focus is on having a more relevant central risk function that better supports the strategic role of risk management.
  • Risk managers must learn to "connect the dots" within the organization and better understand how their organizations plan and set priorities.
  • The C-suite is looking for greater risk input into setting strategies and establishing key risk indicators to guide the overall risk framework of the organization.
  • A high percentage of both C-Suite respondents and risk professionals indicated that they do not aggregate risks at the portfolio level. This highlights an area in which immediate value can be delivered by coordinating information into a portfolio view.
  • There is a significant gap between the C-Suite and risk professionals in defining "value."

Opinions expressed in Expert Commentary articles are those of the author and are not necessarily held by the author's employer or IRMI. Expert Commentary articles and other IRMI Online content do not purport to provide legal, accounting, or other professional advice or opinion. If such advice is needed, consult with your attorney, accountant, or other qualified adviser.

Like This Article?

IRMI Update

Dive into thought-provoking industry commentary every other week, including links to free articles from industry experts. Discover practical risk management tips, insight on important case law and be the first to receive important news regarding IRMI products and events.

Learn More