Author Archives: Morgan O'Rourke

About Morgan O'Rourke

Morgan O’Rourke is editor in chief of Risk Management magazine and director of publications for the Risk & Insurance Management Society (RIMS).

Does Your Self-Insured Program Need a Tune-Up?

Posted on by

Many insurance professionals believe the next hard market may be lurking right around the corner. Historically in hard markets, self-insurance has been used as a risk financing mechanism to offset higher insurance prices and the lack of capacity. But as Richard Frese, a consulting actuary with Milliman, points out in a online exclusive article in Risk Management, before turning to their self-insured program, risk managers need to make sure it is performing properly and creating the maximum value for their organizations. In order to do so, certain key questions need to be asked:

  • What types of items should a risk manager reevaluate?
  • How often should these items be reviewed?
  • What steps can be taken to guarantee an optimal functioning self-insurance mechanism?
  • Will the actions of today best match the needs of the future?
  • How does a risk manager know the decisions are correct?
  • What can be done to reduce future insurance costs?

For answers to these important questions and more, check out this informative article, only on RMmagazine.com.

Citigroup Data Breach Worse Than Initially Reported; CIA Website Also Hacked

Posted on by

It turns out that the Citigroup data breach that we reported about last Friday may actually have been almost twice as large as originally reported. Last week, Citigroup had said the breach involved 200,000 cardholders, or 1% of its 21 million North American cardholders. Now they are reporting that the breach may have exposed the private financial data of more than 360,000 customers.

While the bank has been criticized for waiting a month before notifying customers about the breach (the incident was discovered on May 10 but not revealed until June 9), it is to their credit that Citigroup has been up-front about what they have done to mitigate the threat.

Upon discovery, internal fraud alerts and enhanced monitoring were placed on all accounts deemed at risk. Simultaneously, rigorous analysis began to determine the precise accounts and type of information accessed. The majority of accounts impacted were identified within seven days of discovery. By May 24, we confirmed the full extent of information accessed on 360,069 accounts. An additional 14 accounts were confirmed subsequently. To determine the cardholder impact required analysis of millions of pieces of data.

The customers’ account information (such as name, account number and contact information, including email address) was viewed. However, data that is critical to commit fraud was not compromised: the customers’ social security number, date of birth, card expiration date and card security code (CVV).

While the investigation was underway, preparations began to notify customers and, as appropriate, replace affected customers’ credit cards.

buy stendra online blockdrugstores.com/wp-content/uploads/2023/10/jpg/stendra.html no prescription pharmacy

As of May 24, we began the process of developing notification packages including customer letters and manufacturing replacement cards, as well as preparing our customer service teams. Notification letters were sent beginning June 3, the majority of which included reissued credit cards.

buy spiriva inhaler online blockdrugstores.com/wp-content/uploads/2023/10/jpg/spiriva-inhaler.html no prescription pharmacy

Citigroup also indicated that they have implemented “enhanced procedures” to prevent another incident and said the customers would not be liable for any fraudulent charges on their accounts and could contact the bank to set up free identity theft protection.

Unfortunately this is not the only high-profile cybersecurity incident to make headlines in the last couple of days. A group of hackers calling themselves LulzSec hacked the CIA’s website and took it offline Wednesday night. The group claims to have been responsible for recent attacks on the U.S. Senate, Sony and PBS. According to experts, their motivation has been simply for “grins and giggles.” Evidently it’s the hacker equivalent of the old mountain climbing justification, “Because it’s there.”

The larger question, however, is what do these incidents say about the preparedness of the United States to fight cybercrime. According to a interesting Reuters report, the gap between criminals and those tasked with stopping them is widening.

“We’re much better off (technologically) than we were a few years ago, but we have not kept pace with opponents,” said Jim Lewis, a cyber expert with the Center for Strategic and International Studies think tank. “The network is so deeply flawed that it can’t be secured.

buy amoxicillin online blockdrugstores.com/wp-content/uploads/2023/10/jpg/amoxicillin.html no prescription pharmacy

While the government is working to improve security, it seems unlikely that anyone will ever be able to get ahead of the threat. For many organizations, the only strategy may be to minimize the damage and chalk up cybersecurity as another cost of doing business. Hopefully that cost doesn’t get too high.

Coming Soon: The End of the World

Posted on by

As I’m sure you’ve probably heard by now, the world is ending tomorrow. Actually according to the pamphlet I was handed the other day by the marching crowd in midtown Manhattan, the real end of the world will happen in five months on October 21. Tomorrow is simply the date of the Rapture when Jesus Christ is scheduled to return, take the true believers off to Heaven and then kick off the apocalyptic festivities with a massive earthquake that will eventually take out the rest of the sinners by Halloween. Which is too bad because I was thinking about going on vacation this summer. At least the beaches won’t be crowded. (And yes, it’s pretty much guaranteed that I won’t be one of Jesus’ draft picks.)

Now I’m not one to criticize someone’s religious beliefs, but it’s not the first time someone’s predicted the end of the world (2012 anyone?) and last I checked we’re still here. And it’s a good thing too because I think we would all feel pretty dumb if we had been working in an industry that’s all about planning for possible disasters and we failed to account for the biggest risk of all. At the very least, I’m sure we could have put those insurance premiums to better use.

Even the insurers could have profited, according to a post I wish I wrote by Laura Mazzuca Toops over at PropertyCasualty360.com. As she wisely pointed out:

If you think the Japan earthquake and Mississippi flooding presented problems with the manufacturing supply chain, consider the business implications of some 2 billion people worldwide just up and disappearing one day–whether by Rapture, alien abduction or just going on a short visit to see Elvis, Jim Morrison and Tupak. If this isn’t an opportunity to market business interruption coverage, I don’t know what is.

Also:

Property-casualty coverage should be selling like hotcakes, considering the accidents and other disasters that will inevitably happen when the Chosen are snatched from behind the wheel (and the “act of God” exclusion could let insurers off the hook for many of the sure-to-be massive claims).

The End of Days has also brought out the entrepreneurial spirit in some enterprising individuals. For a fee, one company will take care of your pets after you’ve been “raptured” while another will send previously written emails from you to your heathen loved ones who are left behind after you’ve been saved. After all, just because the world’s ending doesn’t mean you can’t make a buck before you go.

So hopefully, when tomorrow rolls around, you’re one of the lucky ones. If not, I suggest you kick back, relax with the cold beverage of your choice and maybe you’ll get to watch some amazing fireworks.

Personally, I think we’re in the clear, but you never know. Either way, I’ve got my soundtrack, courtesy of Medeski Martin & Wood. See you next week?

Discussing ERM at RIMS 2011

Posted on by

ERM was a big topic at this year’s RIMS Conference & Exhibition. As it increasingly becomes apparent that enterprise risk management is a vital component of business management as a whole, many attendees were taking the next step past simple understanding and actively looking for practical ways to actually implement the strategy for their businesses. And many sessions at RIMS 2011 were designed for that very purpose.

For instance, “Building an ERM Roadmap” and “ERM Technology Tool Review” included a variety of practical guidelines and sample tools. The discussions focused on how to develop, report and monitor an effective program that meets the business area and board’s needs.

Grace Crickette, chief risk officer at the University of California, offered a useful online resource, based on the university’s own ERM efforts, to help companies define and implement ERM programs in their organizations.

Like organizations within the private sector, the UC system operates in an inherently risky environment. By strategically managing risk, we can reduce the chance of loss, create greater financial stability, and protect our resources so we can continue our mission of supporting teaching, research and public service.

As part of this strategic approach to managing risk, the UC leverages an Enterprise Risk Management Information System, which provides users with a single portal through which they can access and analyze information related to their specific area.

For anyone looking to make progress with their own ERM program, this might be a good place to start.