Author Archives: Justin Smulison

About Justin Smulison

Justin Smulison is the business content manager at RIMS and the host of RIMScast, the society's weekly podcast.
Для тех, кто интересуется безопасным доступом к онлайн-играм, наш партнер предлагает зеркало Вавады, которое позволяет обходить любые блокировки и сохранять доступ ко всем функциям казино.

RIMS ERM 2018: Earning the ‘Mandate’ and a ‘Seat at the Table’

Posted on by

MONTREAL – More than 300 risk management professionals and students attended the 2018 RIMS ERM Conference on Monday and Tuesday in an effort to gain insight from, and network with, the industry’s enterprise risk management leaders. Wisdom, data, and motivation within the ERM space were on tap during all the sessions and workshops.

buy proscar online sinusys.com/email/img/jpg/proscar.html no prescription pharmacy

On October 29, Martin Vilsoe, partner of the Implement Consulting Group, opened the two-day event by highlighting the importance of ERM’s worldwide capabilities and how to operationalize the best ERM practices. Vilsoe said that risk managers need to “earn the mandate” to work with ERM, and focused on the idea that risks can equal opportunities.

He said that ultimately the risk manager’s job when implementing an ERM framework is to “enable brave decisions” and to maintain an organization’s best direction. With a visual aid of a freighter and individual boats in an ocean, he rhetorically asked: “Is your framework similar to a supertanker or 15-speed boats going in separate directions?”

He also spoke to the importance of risk management’s value to an organization without the sole reliance on analytics.

“Risk management’s purpose is to show value. If it is about value, then we better bring it,” he said. “We don’t always communicate that. There’s a big difference between calculating and measuring value versus communicating value. You can do it without having complete proof – you shouldn’t lie to people, but you should tell them you’re doing something great for the organization.

buy addyi online sinusys.com/email/img/jpg/addyi.html no prescription pharmacy

He encouraged the audience to consider their current roles as a consultant – and the importance of “winning customers” in this alternate role. This involves some sales prowess, he said, and the ability to tell a core story or narrative that describes what you do to engage with stakeholders. Build a core story around the ERM program and send different messages to different stakeholders around your core story.

“I don’t see enough of this in risk management programs because of the idea that it is ‘too big,’ or ‘I can’t communicate it,’” he said. “You can do it. We have to move past that mentality.

buy chloroquine online sinusys.com/email/img/jpg/chloroquine.html no prescription pharmacy

“The misconceptions is that risk management is about IT systems. And if you’re thinking as a risk consultant, be aware that putting stuff in systems will not help you manage your risks. Your ability to facilitate awareness, promote decisions and execute them, will.”

Day 2

Dovetailing on the idea that risks can become opportunities, October 30 opened with “Advancing Risk Management: Having A Seat At The Table,” presented by Laura Cisi, the Clorox Company’s vice president of global risk management, and Soraya Wright, founder and CEO of SMW Risk Management Consulting LLC.

In a fireside chat-style setting, the duo used Clorox – a 105-year-old company – as a case study to demonstrate the effectiveness of its ERM initiatives.

A 25-year veteran of the risk management industry, Cisi has been with Clorox for the past four years and said her ERM initiatives evolved from being viewed as the “insurance department” to a “strategic business partner,” with Wright’s collaboration with Cisi’s team to take the company on its ERM journey.

The duo said its ERM framework was built on routines, which provide “an outline that enabled us to use [it] to use as a tool,” for decision-making and assessing its critical risks as well, such as embracing a change in its formula during the manufacturing process.

“We decided to convert from chlorine to high-strength bleach,” Cisi said. “That risk bubbled up through our ERM committee and the actions that needed to be taken, and the methodology behind that came up through ERM.”

ERM was also a key influence when assessing the decision in 2014 to close Clorox Venezuela and cease operations in the country. “‘Should we be the first to exit?’” was the question on stakeholders’ minds for a long time before they discontinued operations, Cisi said. The company was required to sell more than two-thirds of its products at prices frozen by the Venezuelan government. As a result, Clorox Venezuela had been selling its products at a loss, causing ongoing operating losses despite attempts to reach a pragmatic solution with the country’s government. “Looking back, it was a good decision.”

Ultimately, the risk manager’s seat is one of many at a table occupied by executives, stakeholders and the C-suite. Cisi and Wright advocated not for being the loudest one there – but for bringing sound ideas and options. And perhaps coincidentally, Cisi and Wright’s approach seem to be putting Vilsoe’s mantras of engagement and alignment into practice.

“I think every day we get to demonstrate ERM, and not something we just do annually. For example, the ways we engage with product development and business development – we used to be thought of as compliance… and a department that said ‘no,’ Cisi said. “To shift that conversation to create more open engagements where you say ‘I’m your partner and it’s my job to identify these risks. Ultimately, it’s your business decision as to whether or not you go forward with them.”

It was then, she continued, that the risk management department was being consulted on the potential for new products by executives and other groups.

“That was when the conversation shifted from risks to opportunities,” Cisi said, adding, “and that was something they could relate to.”

RIMS members can access the live, uncut audio from “A Seat At The Table” via RIMScast.

An all-access RIMScast episode featuring conference speakers is available here.

Former NSA Director Talks Cybersecurity, Insurance at Advisen Conference

Posted on by

NEW YORK—Advisen’s Cyber Risk Insights Conference, held during Cyber Week, featured risk management professionals and more than 18 panels and sessions on Oct. 25. The keynote was delivered by Adm.

buy apixaban online achievephysiorehab.ca/wp-content/uploads/2023/10/jpg/apixaban.html no prescription pharmacy

Michael S. Rogers, former Navy commander of U.S. Cyber Command and Director of the National Security Agency (NSA), under the administrations of  Presidents Obama and Trump. Rogers discussed rising cyber threats and offered advice to providers and consumers as they assess their cyber insurance policies.

“For insurers, you need to be prepared, because the list of actors is growing and the threat is growing,” Rogers said. “Don’t build on a strategy [where you believe] things are getting better.”

He also put a particular spotlight on the fact that there is no universally accepted guideline for cyber threats when considering acts of war. Cyber, he said, differs from traditional triggers because there’s typically no physical injury or loss of life.

“You have these wholly different international views, because nation-states in western democracies do not have ownership of the web,” he said. “They do not control their citizens and control the flow of data,” as opposed to countries with greater control of information.

buy bactroban online achievephysiorehab.ca/wp-content/uploads/2023/10/jpg/bactroban.html no prescription pharmacy

“Because you have these broad, polar views it’s been difficult at times, on an international level, to get a consensus on what a framework be like to set a cybersecurity standard,” which Rogers added, could help define how a cyber attack might be considered an act of warfare.

buy strattera online achievephysiorehab.ca/wp-content/uploads/2023/10/jpg/strattera.html no prescription pharmacy

He proposed an approach that could start nations on a path to a universally accepted guideline: “Can get we get a smaller subset of issues to coalesce around a core group of principles, start small, and build from there? I think we’ll have success that way.”

Rogers noted that he is a proponent and believes incentivization may be the key to keeping businesses safer and maintaining lower premiums, using features of the automotive industry as an example.

“Automatic brakes and safer vehicles, for example, were an incentive for the buyer and the seller,” he said. “Production and consumption were all incentivized to make better decisions. I don’t know if it will work [with cyber insurance]. It’s all about risk.”

Rogers’ insight dovetailed along with the new information from the eighth annual Advisen cyber survey that Zurich Insurance released at the opening of the conference.

The percentage of companies that purchase cyber insurance, either via stand-alone policies or endorsements, has increased 40 points since 2011. This year’s results show a 10% increase from 2017, the largest year-over-year increase since its inception.

“Cyberrisks continue to change and businesses continue to look for ways to protect themselves from those risks,” said Paul Horgan, head of North America Commercial Insurance for Zurich North America. “These survey results provide a critical snapshot of the attitudes, concerns and actions of risk managers. It is our responsibility to respond to their needs and concerns with innovative services and solutions.”

Survey results show the two most influential factors driving cyber insurance purchases in the past year:

  • regulatory changes such as the European Union’s (EU) General Data Protection Regulation (GDPR), and
  • business continuity risks such as the Dyn distributed denial of servicer (DDoS) attack, WannaCry and NotPetya events. These caused significant losses to businesses around the world, shutting down network systems and in many cases slowing or actually halting business operations.

The Advisen data reflects a stark contrast to the feedback from last year’s survey, which found that just 10% of respondents identified business interruption as the primary reason for purchasing cyber insurance and that purchase growth had gone stagnant after a steady six-year increase from 35% to 65%.

These factors were two of the top emerging cyberrisks identified by Risk Management magazine in early 2018.

Q&A: California Businesses Prepare for the Next Quake

Posted on by

On October 18, more than 10 million Californians participated in The Great Shakeout to prepare for the next catastrophic earthquake and bring awareness to earthquake preparedness across the state. The United States Geological Survey (USGS) predicts a 99% chance of a magnitude 6.7+ earthquake in the Bay Area within the next 30 years, preparation is essential.

Kate Stillwell is a structural engineer and founder and CEO of Jumpstart, a new earthquake insurance provider which helps families and individuals following a disaster via text. As a business owner and lifelong Californian, Stillwell took part in the Shakeout and shared her experience and insight for earthquake preparedness.

Risk Management Monitor: How difficult is it to get businesses to take part in an event like the Shakeout?

Kate Stillwell: The trick is to make it fun. It only takes a few minutes, and if you can get some good laughs out of it, all the better. Also, for the San Francisco Bay Area, the anniversary of the 1989 Loma Prieta earthquake is always the same week as ShakeOut, so people remember and talk about it around the proverbial water cooler.

RMM: How beneficial is it for them to take part?

KS: It builds muscle memory. You need to know what to do without thinking because you won’t be thinking.  Just as important is that the drill strikes up a conversation about other ways to get prepared, not just at work, but at home, too.

RMM: What did you take away from this year’s event?

KS: We got a great video of ourselves and since we’re in a co-working space, we did it in front of all the other startups, which reminded them they need to practice and get prepared, too. 

RMM: What are some commonalities that small, medium and large businesses share when preparing for earthquakes?

KS: Businesses of all sizes must keep their employees safe. Employees need to know how to react, to “Drop, cover, and hold on,” like we emphasize during the ShakeOut, and to climb under desks or other sturdy objects and stay put. Businesses also generally face the challenge of convincing employees to take preparation seriously and review preparedness plans, that’s why national events like the Great ShakeOut are such an effective tool.

RMM: How do small, medium and large businesses differ when preparing?

KS: Small businesses have the advantage of all co-workers knowing one another and being able to physically look out for each other in the event of a disaster. For homeowners, we always say that neighbors are the people you’ll rely on in the event of a disaster, and it really is similar at work. Colleagues are able to look out for each other in the event of an earthquake, and this is much easier for smaller teams. In a larger business, you can replicate these positive effects by grouping people by team.

RMM: How have preparedness plans changed in recent years? What significant improvements, if any, have you noticed or instituted?

KS: The rapid development and improvement of earthquake sensor networks have been the most significant improvement in earthquake preparedness recently. The USGS ShakeAlert system began Phase 1 operations just a couple days ago, providing hospitals, transit systems, and other institutions the earliest possible earthquake warnings so they can initiate life-saving operations. It’s not enough time to evacuate a building, but it is enough time to stop the elevators and open the doors, so people don’t get trapped. These kinds of full-system improvements are making huge strides in helping us prepare and stay one step ahead of the next big earthquake.

RMM: What are some difficulties California businesses – or businesses with operations there – face, that differ from those in other high-risk areas?

KS: One of the biggest factors is downtime. There are so many externalities outside of a business’ control, which affect how soon an operation can get back up and running. The prudent approach for a business with operations in California is to locate any operations requiring continuous uptime, such as out-of-state data centers. Also, consider designating a secondary location for executive operations until the home facilities can be occupied.

RMM: What are the most effective safety drills businesses can perform?

KS: No matter what type of emergency, a really important drill is to practice an alternative chain of command with a command-and-control style of making decisions.  This is so foreign to the normal style of making decisions. In emergency situations, the best person to be in the “command” position is usually not the day-to-day business leaders; it’s someone with emergency response training.

Visit here for more information about Jumpstart.

Data Breaches Taking Slightly Longer To Detect, Study Finds

Posted on by

Despite rising global awareness of data breaches in various industries, organizations experienced an increase in the number of days to identify a data breach over the last fiscal year. According to a new study conducted by the Ponemon Institute and published by IBM, it takes an average of 197 days for a company to identify a breach – up six days from 2017 – and an average of 69 days to contain it (which also showed a three-day increase from 2017).

“We attribute the increase in days to the growth in the use of IoT devices, extensive use of mobile platforms, increased migration to the cloud and compliance failures,” study authors said in 2018 Cost of Data Breach Study: Impact of Business Continuity Management.

This year’s study included 2,634 employees from 477 companies in 17 industries in 13 countries and two regions. The study found that the average total cost of a data breach in 2018 is .

buy biaxin online imed.isid.org/wp-content/uploads/2023/10/jpg/biaxin.html no prescription pharmacy

86 million; $1.45 million is attributable to the most-costly component, which is lost business cost. The least expensive component is data breach notification at The least expensive component is data breach notification at $0.16 million.

Ponemon also included a framework for measuring the cost of mega breaches, which are breaches involving at least 1 million compromised records. There is also a special analysis of the cost to recover from a data breach.

buy cytotec online imed.isid.org/wp-content/uploads/2023/10/jpg/cytotec.html no prescription pharmacy

Some notable findings include:

  • The average cost per compromised record at the surveyed organizations was $148 in fiscal year 2018, up from $141 in 2017 but down from $158 in 2016.
  • The larger the data breach, the less likely the organization will have another breach in the next 24 months.
    buy robaxin online imed.isid.org/wp-content/uploads/2023/10/jpg/robaxin.html no prescription pharmacy

  • Healthcare organizations took an average of 55 days to detect a breach, but 1,037 days to contain it.

To download IBM’s survey, click here.