In the face of the technological revolution, risk professionals need to re-skill for the future to ensure they can keep up with the risks that they seek to manage.
Risk management association Airmic has urged the risk community to develop its skills amid the change, and there is much debate about what the future chief risk officer will look like.
But in order for risk managers to adapt, they need not just brush up on technological knowledge, but build relationships with the right stakeholders too, says former RIMS president Christopher E. Mandel.
As the risk profile of organizations becomes increasingly digitized, risk managers are going to find both opportunity and challenges, Mandel told Corporate Risk and Insurance.
“Frankly, the average risk manager – myself included – are not IT experts. We don’t necessarily have lots of knowledge and understanding of the technology world to the extent that we probably ultimately will need,” said Mandel, who is currently the director of the Sedgwick Institute.
“Therefore, one of my theories is that in order for risk managers to survive and thrive in the future, they’re going to have to hone those skills and become more tech-savvy, in order to manage the digital risk profile of the organization as it continues to evolve,” he went on to say.
Take the cyber market, for example. While the cyber insurance solutions available in the market have been steadily improving over the past few years, the size and gravity of cyber risk today means that risk managers need to look at more than just traditional risk transfer options.
“There are usually more exclusions than there are elements of coverage,” Mandel said of cyber insurance policies. “That’s an indicator that the risk manager needs to think about doing more than just transferring risk through insurance, and to look at the other ways in which you prevent and reduce loss.”
To do that though, risk managers will need to craft the right expertise. But how do they go about it?
It won’t necessarily be any easy task, according to Mandel: “I don’t think there’s just a couple of courses they can go and take,” he said.
Looking ahead, many of those graduating from technology or IT-intensive courses will likely head directly into related fields, rather than into risk management.
“I don’t think that they will be the ones who will occupy the risk manager’s chairs of the future,” Mandel commented. “That will certainly happen to some degree, but the reality is those folks will be
in such demand otherwise, for what often may be higher-paying, more relevant positions to their interests.”
Instead, it will be incumbent upon the risk manager to self-educate and train, and to keep up with what’s going on technologically. They can best achieve that through skill-sharing with peers and stakeholders, says Mandel.
“I think the solution, beyond educating yourself to the degree that you can and have time for, is to build relationships with the people within your organization that are the subject matter experts in those areas – whether that’s the CIO or CTO or CCO. They themselves will have connections to tools, techniques, methods and other solutions – technological or otherwise – that can help manage those risks more effectively,” he said.
In their purest form, risk managers and chief risk officers don’t own the risk within their organization – and they never should, says Mandel.
“Their core responsibility is to enable risk owners to manage their risks effectively. That doesn’t mean they need to be experts in those risks, because they couldn’t be – there’s too many of them, they are too diverse,” he said.
“It just reinforces the concept that really effective risk management is all about teams working together to manage that risk profile for organizations.”