Seeing the Big Picture in Risk
One of the great advantages in managing risk is seeing things that others do not or seeing them before others do. Sometimes organizations miss the big picture because they focus on smaller elements, and sometimes they fail to see things because they just aren’t looking.
Blind spots are as dangerous in business as they are to drivers on the road. If you can’t see what’s around, you can’t respond to or avoid those things. Driving blind or not seeing risks to your organization increases the chances of an unpleasant surprise and perhaps even tragedy.
A blind spot is distinct from an exposure, though an organization might have loss exposures from what’s in the blind spot. But no exposure can be addressed if you don’t realize you have it.
Over the past several years, the insurance industry has invested heavily to bring sophisticated analytics to businesses and risk management professionals. Analytics help bring clarity and insight, but they must be applied in the right places. In short, risk professionals have to know where to look. What use is a high-resolution photograph if the lens only captures a small part of the subject?
Two recent surveys conducted by Marsh and Aon offer insightful – and disturbing – observations about the perception of risk.
A 2014 survey by Aon Risk Solutions looks at underrated risks in its list of the top 50 risks identified by Aon’s biennial Global Risk Management Survey. In the recent survey, Aon asked executives in captive insurance entities whether certain of those risks were underrated. Among the findings:
- Cyber risks, such as computer crimes, hacking, viruses and malicious codes, are largely underrated. Eighty-three percent of respondents agreed cyber risks are severely or perhaps underrated. Cyber ranked 18th on the list of top risks.
- Pandemic risk/health crisis was not viewed as an underrated risk. In Aon’s survey, 39% of respondents said pandemic risk was underrated, but 42% did not. Pandemic ranked 44th, almost at the bottom of Aon’s list of top risks.
Pandemic risk got a lot of attention a decade ago, following a 2003 outbreak of severe acute respiratory syndrome, or SARS, which spread from Asia to Europe and North and South America. Then it fell off the radar, and its risk ranking plummeted.
Fast forward to 2014, and a new kind of health risk has emerged: MERS, or Middle East respiratory syndrome discovered in 2012 in Saudi Arabia. The U.S. Centers for Disease Control and Prevention in May announced the first confirmed case of MERS in the United States, carried by a person who traveled from Saudi Arabia to London and then to Chicago and finally Indiana. While the CDC said public health risk from MERS is low, the virus itself has caused death in at least 30% of people who have contracted it. By comparison, the death rate from SARS was less than 10%.
When one considers the volume of travel today and how a person can fly from one part of the world to another in 24 hours or less, pandemic risk seems to be highly underrated at the moment. It’s a blind spot.
Marsh and the Risk Management Society recently released the 11th annual Excellence in Risk Management survey, which found a gap in the perception of effective risk management and full utilization of risk management capabilities.
Notably, 69% of C-suite executives and 75% of risk professionals believe their organizations manage risk effectively. Yet only 20% of C-suite executives and 26% of risk professionals believe their organizations use the risk management function to its full abilities. That is a curious gap that’s hard to explain. Is risk management caught in a blind spot at these organizations? Perhaps there is a misperception of “effective” risk management? It’s like saying, “We think we’re good. We don’t have a problem.” Not yet, anyway. They have a blind spot.
Fooled by probabilities
Risk rankings are helpful, to a point. They show how groups view the relative significance and impact of various risks. Taken individually, some risks may be of greater or lesser concern due to an organization’s business, size and location. What often seems to fool otherwise smart people are the probabilities attached to risk events. Humans tend not to worry for very long about low-probability occurrences, even when the expected severity is high. That leads to blind spots.
It makes sense to focus more on the effects and less on the probability. When something bad happens, the ability to respond is what’s important. Knowing the event was rare offers little to aid recovery. Everyone, sooner or later, gets surprised by the unlikely event. The Titanic, Superstorm Sandy, the 2008 global financial crisis – those were all deemed unlikely.
The insurance industry has done itself no favors by referring to catastrophes as, for example, a 1-in-250-years or 1-in-500-years event. Those figures refer to probabilities, not a time period. Some observers have noted, half-jokingly, that a 1-in-500-year event seems to occur every year.
To avoid blind spots, look around. See what’s there and anticipate what could be there. Seeing risk clearly is a matter of looking the right way, in the right places, with the right tools, to get as full a picture as possible.
About the Author...
Regis Coccia is an insurance journalist and content strategist. His columns on insurance and risk topics appear periodically on Fast Fast Forward.
The views expressed in this column are the opinions of the author and do not necessarily reflect the opinions of XL Group.