Insurance brokers and carriers must treat operational resilience as an integral part of business strategy rather than simply a compliance issue. That was the clear message from the panel at our recently concluded webinar on operational risk and resilience in association with the London & International Insurance Brokers Association.
The discussion explored the issues brokers, carriers, and companies faceโโโwith threats ranging from significant claims losses, to ransomware and outdated IT. Intersys Director, Enterprise Risk Management Catherine Geyman and Managing Director Matthew Geyman led the discussion and James Livett, Associate Director of Liiba, hosted the session. This was the second webinar in our ongoing series which aims to explain the five basic principles of cyber security.
What is Operational Resilience?
Catherine Geyman said that while the concept has a broad definition in the market, operational resilience ultimately comes down to allowing businesses to continue to function when unexpected events arise.
โ(Operational resilience) means very different things to different people. Itโs a very broad church, but the bottom line is itโs not just about compliance. Itโs about being able to keep your business running regardless of what the world throws at you,โ Geyman said.
โA beautifully complicated and operationally resilient broker or insurer is one that can encounter, stand, mitigate, recover and learn from the impact of a broad range of events that have the potential to disrupt the normal course of business.โ
She added that ensuring staff are well-equipped to deal with adverse scenarios was one of the most important factors which could determine whether an event can have a serious and detrimental impact.
โQuite simply, itโs about protecting your business โ the longevity, the long-term profitability and health of your business. But itโs also about protecting your staff,โ she said.
โIf your team isnโt trained and prepared to deal with the worst scenarios, then this can make very impactful scenarios even more stressful when they happen. So act as if somethingโs going to happen. Plan for something to happen. Thatโs the advice given by the Financial Conduct Authority.โ
IT Failures & Cyber Attacks are a Top Concern
The possibility of cyberattacks and the threats these pose to operational continuity also continue to rank high among the concerns highlighted by brokers and insurers, Intersys Managing Director Matthew Geyman said.
While a survey found that larger firms feel they are more prepared for incidents such as ransomware attacks, medium-sized and small firms ranked system failures and cyberattacks as among their top concerns.
Geyman highlighted that a significant proportion of the market uses out-of-date IT systems which could be potentially exploited, while the insurance sector as a whole remains a top target for ransomware.
โGCHQโs 2021 survey says 8% of the insurance sector uses out of date computers that are vulnerable,โ he said.
โA Black Kite survey said 18% of the top 99 insurance carriers have a high rate of vulnerability to ransomware.โ
The move to remote working during the pandemic also increased the risks that companies face, with management having poor visibility over exactly who accesses what systems and when.
โCarriers and brokers were top targets during the pandemic. A lot of companies opened up their systems to make them more accessible from home, which is great for agile working, but in a lot of cases that decreases the visibility of the IT estate on whoโs accessing what,โ he said.
โSo thatโs another good reason to do data audits, data mapping to understand what sensitive information is where.โ
Preparation is Key
Overall, the key message for companies remains about โplanning and preparationโ Catherine Geyman said, with a well-defined structure throughout the organisation to support operational resilience.
โItโs all about planning and preparation. At the top of the tree, we have an overarching framework of operational resilience, and at the next stage down business continuity management is about management of the crisis, of how the management team manages the crisis,โ she said.
โAnd then beneath that weโve got a DR team that are the technical response team that are going to sort the problem out.โ
โAll those elements need to be in place. For a sound operational resilience program.โ
The webinar was a great opportunity for us to share our knowledge with the insurance sector and we were thrilled to have such good participation from Liiba members. We would also like to thank our partners Oric International for providing some brand new data around real risk events form their membership which added some very relevant insights for our audience.
We look forward to hosting our next session in our series due next year.
If your organisation needs help with its operational resilience, get in touch with us.