Help

BI’s Article search uses Boolean search capabilities. If you are not familiar with these principles, here are some quick tips.

To search specifically for more than one word, put the search term in quotation marks. For example, “workers compensation”. This will limit your search to that combination of words.

To search for a combination of terms, use quotations and the & symbol. For example, “hurricane” & “loss”.

Login Register Subscribe

Marsh survey finds more focus on cyber risks

Reprints
Marsh survey finds more focus on cyber risks

The 12th annual Excellence in Risk Management Report prepared by Marsh L.L.C. and the Risk & Insurance Management Society Inc. shows an increasing focus on cyber threats as well as detailing where risk managers report within their companies.

Looking at the structural alignment of companies and how the risk management function reports within it was one of the main areas of examination, said Brian C. Elowe, managing director for Marsh in Boston.

“With respect to reporting structure, we asked the question where risk management reports into inside the organization,” Mr. Elowe said.

“We also asked the question as to whether or not the people that responded to the survey felt that it was reporting into the correct area inside the organization, and we found very good alignment on that question, as 79% of the respondents felt that risk management was reporting in to the appropriate area inside their organization,” Mr. Elowe said.

The report shows that 50% of respondents said the risk management function reports to the chief financial officer or treasurer.

The remaining 50% report to other company executives, such as general counsel at 12%, other C-suite members at 8%, chief risk officer at 7%, internal audit and operations at 5% each, and human resources at 2%.“The fact that risk management is reporting into some of the other functional areas I think is really a positive,” said Carol Fox, the director of strategic and enterprise risk practice for RIMS in New York.

“We’re seeing more investment in those areas, we’ve seen more integration with operations, we’ve seen more visibility for risk management functions when they don’t report to treasurers and CFOs,” Ms. Fox said.

To the question “Over the next 12 months, which of the following areas of risk management will be a priority(ies) for your organization,” 43% answered cyber security, putting it at the top of the list. However, fewer than half had quantified the risk, and even fewer had prepared for an event.

“We looked at cyber security and asked, ‘Are you actually quantifying the risk?’ and found that 40% had actually quantified the (cyber) risk within the organization,” Ms. Fox said.

“Where we found a difference is that while they were identifying and quantifying the risk in some ways, the actual planning for an event of that kind seemed to be lacking,” she said.

“Very few of them, less than 20%, were really looking at the communication plan” for such an event, she said.