With the corporate risk landscape constantly changing with new risks, such as cyber risk and technology risk, creating new threats, companies should work on creating an overall enterprise risk management (ERM) framework for effective management and mitigation of risks.
“Companies must create an overall ERM framework that shows where the organisation stands at a certain point in time and how its risk preparedness has changed. The framework could be updated quarterly or yearly,” Sandeep Goradia, Head, Corporate Solutions Group, ICICI Lombard General Insurance Co said.
Goradia was speaking at the Bengaluru chapter of Risk Masterclass as part of the India Risk Management Awards (IRMA) organised jointly by ICICI Lombard General Insurance and CNBC TV 18.
Besides cyber risks, new threats are emerging from global warming, geopolitics and changing regulatory frameworks on data protection. “As an insurer, we are seeing that the entire fabric or risk is completely changing,” Goradia said.
However, awareness of cyber threats is rising. “Many companies which thought they are unlikely to face cyber attacks are rethinking. On January 1, 2020, one of the largest steel and power sector companies took a huge cyber program which was independent of their normal material damage and business interruption covers. This is just a start,” he said.
Debasish Kar, Vice President, Corporate Solutions Group, ICICI Lombard General Insurance echoed Goradia’s views. “For ages, we have been discussing risks but over the last few years, it has changed towards new-age risks. Cyber and technology risks are becoming important. When we meet CXOs of companies, they are coming forward and discussing ways to mitigate risks,” Kar said.
Goradia pointed out the rising ferocity and frequency of floods in India with 13 floods in 7 months due to global warming. Also, regulations similar to the European Union’s GDPR, (Global Data Protection Regulations) are soon to come in India having a far-reaching impact on those who store and share data. Companies breaching data protection norms could face huge financial penalties once the regulations come about.
On geopolitics, Goradia pointed US-Iran tensions led to marine cargo premiums shooting up 50-100 times. “Normally we see the premiums increase by some percentage, but this increase was multiple times,” he pointed out.
Speaking at the Risk Masterclass, Venkaraman G S, CFO, Subex, felt regulations like GDPR could be a huge risk. “We access and manage a lot of data for our customers. The issue is how we have our systems secured which can protect that. As a company, there are areas like cyber risk. However, once you start making employees aware you will be able to address some of those risks,” he said.
Milan Khurana, Executive Director, HR, Admin & IT, Prestige Estates Projects, stressed on employee fidelity in handling new-age risks. “We have access to huge amounts of customer data since we have thousands of customers buying into our properties. Hence employee fidelity becomes a big risk for us as they are handling customer data. We have IT systems in place and we have experts like ICICI Lombard and other such companies guiding us. We mitigate these risks taking their advice,” Khurana said.
N Ravichandar, Advisor, Treasury, Secretarial and Taxation and Insurance, Praxair India Pvt Ltd (part of Linde Group), said his company has taken steps to check the damage caused by cyber-attacks and phishing. “Since our plants are automated and interconnected any attack can cripple the system. So firewalls are built and if any events or accidents happen, they are confined to the particular location and not spread,” he said.
Vikas Goel, CFO, Sansera Engineering, said automation, robotisation and digitalization have opened up a new series of risks. “While on one side automation is inevitable for survival or growth of the business, we also need to be conscious of how are we managing those new facets of risk,” Goel said.