Generative artificial intelligence, geopolitical tension, punishing climate events—the list of headaches for businesses’ risk managers can seem to be in a perpetual state of growth.
Experts see a deteriorating risk landscape, with most reporting a negative outlook that is expected to worsen over the next decade, according to the World Economic Forum’s Global Risks Report 2024.
The problems, though vexing, aren’t intractable. About 10,000 risk managers and experts met this week in San Diego for the annual Riskworld conference put on by trade association RIMS to discuss the industry’s most pressing issues. The Wall Street Journal’s Risk & Compliance Journal caught up with some top experts to learn what they are advising businesses. Some responses have been edited for clarity.
Generative AI
Many businesses, if not committing to generative AI, are at least flirting with it. But in the rush to adopt, they likely are missing some of the less obvious risks that the technology poses, including models that might push out biased information or be inadvertently built with copyrighted intellectual property.
“AI is dominating the landscape. Where we are right now is the automobile before the seat belt. This is a new dimension that I don’t think a lot of our clients have had thought about.
“The questions that are really coming up with our clients right now that we weren’t hearing a year ago on this are on truly appreciating the liability associated with AI. Whether that’s IP infringement because the training data is from a third party, or whether the training data might be bad and you’re making bad decisions off of that. I don’t think there’s enough discussion about those sets of risks.” —Reid Sawyer, head of U.S. cyber risk consulting for insurance broker and risk adviser Marsh
“Gen AI is topical right now. But at the same time, it’s a risk like any other risks and so our same principles apply. Our CEO once joked, ‘There was a day where the wheel was an emerging risk.’ There are unique risks that gen AI causes and represents, but there are so many benefits that it’s not going away. Organizations need to manage that.
“A lot of organizations are in various states of transitioning to cloud computing and various sources of how they structure their data. To really maximize the impact of gen AI, you need to have quality data in large quantities that’s easily accessible. For many organizations, that is a risk because they are trying to do all these applications while also trying to navigate a data journey.” —Lauren Finnis, head of commercial lines insurance consulting and technology for North America at insurance broker WTW
Geopolitical tension
The combination of China-U. S. friction, the Ukraine-Russia war and conflict in the Middle East has kept multinational businesses on their toes. Persistent Houthi attacks in the Red Sea have raised supply-chain worries. Some businesses are finding political risk insurance more difficult to obtain. Insurance policies that cover cyberattacks might not pay if the attack occurs in the context of a war, one expert warned.
“We saw how vulnerable supply chains can be to a shock. That is causing companies to rethink that and to make them more resilient and less dependent on China. Supply chains generally are a topic of discussion that they haven’t been for a while.
“Insurers are being more careful about the size of political risk they’ll take in and around China and Taiwan. Political risk insurance can be written for up to 10 years. Writing an insurance policy for 10 years in Taiwan is a slightly different matter than it might have been a decade ago when the geopolitical situation didn’t seem quite as precarious.” —Adrian Cox, chief executive for London-based specialty insurer and reinsurer Beazley
“One of the biggest problems we’ve had this past year in the cyber insurance community has been the war exclusion. There were several sovereign states that actively promoted hacking, ransomware, all that bad stuff. There is a war exclusion in cyber policies, but that doesn’t mean that they’re not going to cover the nation-state action.
“But it does add a wrinkle. What’s going on in Ukraine, what’s going on in the Middle East certainly could ripple back into cyber insurance and create an interesting discussion.” —Bob Parisi, head of cyber solutions (North America) for German insurer Munich Re
Climate risk
More organizations are beginning to appreciate the risks posed by climate change, and working to adapt. Climate scientists have long pushed changes in building and site design as a way to grapple with the physical risks of climate events, a message some experts are taking to businesses. In addition to protecting facilities from loss, resilient businesses can also avoid losing market share during down times.
“We are definitely seeing an uptick in organizations recognizing that climate risks are here to stay and they’re becoming more intense. They really want to do what they can to keep their business resilient, their infrastructure resilient and just keep operating.
“Organizations are looking to build their sustainability strategies. They’re using different construction materials and different construction methods. They realize that they can’t insure their way out of some of this risk. There’s a physical risk, there’s the business continuity risk—it’s also a reputational risk. If you’re not able to ride through, your customers are going to go somewhere else.
“We’re also starting to use AI to understand risks: Identify which locations are exposed, identify what the risk is and quantify that risk using technology.” —Jessica Waters, manager of climate and structural resilience at commercial insurer FM Global