Navigating the risks of digital transformation with Marsh
Last year, the speed of innovation kept up its blistering pace – and we can expect nothing less in 2019. This rings true in particular for the communications, media and technology (CMT) sector, where the adoption of technologies from artificial intelligence (AI) to the Internet of Things (IoT) is quickly becoming the norm. Yet, whilst technology is increasingly heralded as the key to business success, this transformation doesn’t come without its risks.
This is where Marsh offers a helping hand with its latest CMT Risk Study. Surveying 200 of its CMT clients globally, the insurance heavyweight has identified some of the risks which are hindering CMT companies in their transformation journeys. Alexander Chao, Asia Communications, Media & Technology Practice Leader, believes that one of the biggest hurdles revolves around R&D and financing. “The recent market downturn, as well as the trade war between the US and China, poses a great risk,” he observes. “Many manufacturers, especially in Asia, have slowed down their capital expenditure because they don’t have a clear picture of what the future holds.” Because the sector is so innovation-driven, CMT companies must keep up or risk dropping to the back of the pack, making R&D mission critical. “They need to invest heavily in R&D in order to find the most advanced technology that will help them survive in the CMT industry,” Chao adds. “If they make a wrong investment, it will potentially cost a fortune and generate a series of problems for the CMT company.” Other issues like patent infringement or security could also hamper investment.
The worries don’t end there: looking at the results for the 2019 CMT Risk Survey, Thomas Quigley, US Communications, Media & Technology Practice Leader, points out that the top three risks identified by Marsh’s clients are: data security and privacy; technology errors and omissions; and IT resiliency. “This shows why it’s so important to do a study specifically for CMT companies,” he explains. “If you look across all industries, most respondents only talk about cyber-attacks and data privacy. On the other hand, because CMT companies are technology providers, they have liability if their technology fails to perform. Whether it fails to ensure security or simply doesn’t work as designed, it’s a top liability risk.” Even if it is designed well and is secure, there are still many ways technology can disappoint. “Maybe there’s an electronic interruption, maybe my backups didn’t work – there are several ways that technology can fail to work as intended,” notes Quigley.
While some technology failures may seem minor, the ramifications of an increase in the types of errors can be devastating. As technology becomes ubiquitous, Quigley says that “the severity of technology failures gets greater and greater every day”. Whether the technology is being used to protect personal records or to improve the efficiency of manufacturing operations, a failure of any kind can stop a business in its tracks. “If the fintech which supports my trading platform goes down for 30 minutes, that could result in hundreds of millions of dollars in losses,” he says. “The more we depend upon technology, the larger the loss could be.”
As the lines between the digital and physical become blurred, the consequences of technology failure are no longer just monetary: they could also be fatal. “We can also see bodily injury and property damage from technology failure,” highlights Quigley, citing autonomous vehicles as a relevant example. In previous years, if there was a car incident it was usually the driver’s fault but nowadays, this is quickly changing. “In autonomous vehicles, there are thousands of chips and millions of lines of code. As autonomous mobility becomes more popular and as technology becomes commonplace in cars, it’s likely that liability will lie with the manufacturer.” As a result, survey respondents reported that they are increasingly being asked to take on more liability if an accident happens and can be traced back to their product or component.
In last year’s edition of the CMT Risk Study, two-thirds of respondents said they believed that emerging technologies will increase risk complexity in the next three to five years. One disruptive technology set to be a double-edged sword is IoT. Communications giant Ericsson forecasts that there will be around 29bn connected devices by 2022, of which 18mn will be IoT-driven. From industrial IoT to connected cars and wearable technology, the possibilities for this innovation are endless – but so are the risks. Industrial IoT is creating impressive efficiencies in manufacturing operations but with unlimited connections, comes unlimited ways to fail. “The biggest challenge, in my opinion, is that IoT is unbounded: it’s limitless in terms of the number of things that can be connected,” Quigley explains. “With lots of devices comes greater vulnerabilities because many of the firms exploring IoT aren’t truly focusing on the security.” This is where risk enters the frame: as more devices are connected, it creates more and more opportunity for one of the devices to fail, causing the system to go down. “For IoT to work you also need a stable and secure connection under the 5G environment,” adds Chao. “CMT companies need to invest a lot in R&D in order to keep up.” Some of the risks involved with IoT we may not even be aware of yet. “I think we have to be ready for surprises,” says Quigley candidly. “We haven’t experienced all the different loss events that could happen yet.”
With these risks and uncertainties taken into account, it isn’t all doom and gloom. In a consumer-centric market, IoT has the opportunity to generate a unique customer experience and, with the right risk management strategy, firms can sidestep the common pitfalls. Marsh, and indeed its survey respondents, believe that the secret to tackling cybersecurity could lie in both acting pre-emptively as well as reactively. “When asked whether risks should be treated with risk insurance and risk transfer afterwards or whether they should be treated with risk assessment and risk prevention at the beginning, a large majority of our clients agree that for over 75% of the risks the focus should be on upfront assessment and prevention,” highlights Quigley.
Chao echoes this, highlighting how any problem which occurs could tarnish a firm’s brand integrity. “Once a harmful cyber event happens, it can destroy the company’s entire operation if they don’t have a contingency plan in place,” he says. “Risk assessment and prevention analysis need to happen as frequently as possible. You need to recognise where the next risks are going to be. You don’t want to slow R&D down; you want to enable innovation by making sure you can do as much as you can to address risks before they happen.” To tackle this, the pair believe that CMT companies should take a lesson from traditional firms and understand how the end customer is impacted when technology fails. Traditional, non-technology orientated firms could take a leaf out of their book too, recognising that, when it comes to cybersecurity, they shouldn’t just focus on data privacy but also need to talk about IT resiliency and other aspects of digital transformation. “Cybersecurity is such a broad term,” admits Quigley. “It’s about making sure that your IT is resilient and that broad industry events like the WannaCry attack don’t disrupt your operations. It’s also about protecting your intellectual property and protecting customer data.” Cybersecurity investment is a “never-ending story”, adds Chao, as hackers will always migrate and evolve.
Risk management may seem a daunting task but Marsh believes it doesn’t have to be. To tackle this challenge, Quigley says that the industry needs to “take risk data from multiple sources and use that to inform and quantify new risks”. On top of this, companies should go back to basics. “We find that just by getting people in a room with a clean whiteboard you can talk about new products and potential loss scenarios – it’s critical to the process,” he says.
Marsh can help firms navigate this tricky terrain. As the world’s largest insurance broker and one of the largest brokers specifically for CMT companies, it has a wealth of experience and insights that it can share with its clients. “We work with thousands of other companies and industries across the globe,” highlights Quigley. “With all client confidentiality maintained, we can take learnings and insights from those companies and apply those to CMT companies. We can help them think about what the loss impact could be if their technology fails to perform. Thanks to this experience, we have innumerable data points which we can use not only to brainstorm but to model, quantify and develop solutions for a whole set of emerging risks.”
As well as having the analytical strength to aid risk management, Chao believes that Marsh’s talented team also gives the global broker an edge. “For risk consulting, we have qualified risk engineers,” he says. “The majority of our engineers come from the industry and so they have the know-how to craft the business contingency plan for the client.” With annual revenues of over US$6bn and more than 30,000 colleagues worldwide, it seems many have put their faith in Marsh to help them navigate the realm of risk management. Combining leading expertise, experience and innovative solutions, Quigley and Chao believe that, for any firm, putting trust in Marsh is a safe bet. “As a broker, our history is defined by helping clients secure the insurance solutions they need,” reflects Quigley. “But we also recognise that understanding technology is critical, understanding digital solutions is critical and understanding risk assessment and quantification is critical. We’ve aggressively built up this capability over the past few years to meet our clients’ demands.”