Enterprise risk management (ERM) should be a critical component of any company’s effort to reduce risk, particularly in a challenging economy. Yet many companies are not creating such programs or are missing significant opportunities to improve upon them and thereby reduce their risk exposure.
These lost opportunities are damaging to companies which are made more vulnerable to current risks such as hacking and privacy violations that compromise technology systems and raise liability issues.
In fact, the survey finds that companies’ attention to network security and privacy issues would benefit from purchasing a liability policy, an action taken by only 27% of respondents. These respondents had a mean policy limit of $16.2 million, with 61% falling in a range of $10 million to $49.9 million as indicated in the exhibit below.
A full quarter of the 73% of those who do not purchase liability protection either were not overly concerned about this risk (15%) or were unable to understand the value of information assets or the cost of a breach (10%). And a full 37% relied on their own IT department.
Companies would become more aware of these risks if they had ERM in place. Yet, only 54% of respondents have ERM programs in place. This narrow majority is still not using its risk protection frameworks to best advantage. What’s more, the percentage of companies with an ERM program in place has not changed since the 2010 survey.
The survey findings also show that companies are not doing enough to manage issues related to network security and privacy liability — a growing source of risk for virtually all organizations.
Survey highlight include:
- Only 43% of respondents have a formal process for determining and communicating risk appetite, risk tolerance or risk limits.
- An overwhelming 91% either do not or have only slightly considered the impact of high-profile disasters on risk modeling and business continuity programs.
- 30% say that they don’t use statistical models to evaluate risk control or claim management strategies, and another 26% rely on risk control and claim providers to manage for their companies based on knowledge and experience.
Other findings indicate that what respondents want most from their insurance brokerage services are industry knowledge and market leverage based on premium volume, with both garnering a combined 77% first-ranking response.