Risk professionals in the communications, media, and technology (CMT) industries are facing increasingly complex risks related to shifts in customer demands, changes in regulations and industry consolidation, according to the "2017 Communications, Media and Technology Risk Study," from New York-based broker Marsh.
A survey of 120 CMT risk professionals was conducted by Marsh to inform the study findings. Among respondents, 88 percent say their company's risk will become more complex and/or greater in scale in the next few years.
Lawsuits, new technologies, increased regulations, business decisions, cyberattacks, and competition were some of the key drivers of change for CMT companies in 2016.
Protecting the bottom line
“The fast pace of innovation that defines communications, media, and technology companies brings a host of risks related to everything from shifts in customer demands to changes in regulations to industry consolidation,” said Tom Quigley, Marsh’s U.S. Communications, Media, and Technology Practice leader. “By using the right risk assessment tools, data, analytics, and insights, CMT risk professionals are best positioned to manage these risks and protect their companies’ bottom lines.”
Potential financial severity is a key driver in how companies perceive their top risks. In 2016, Marsh found that CMT risk professionals are generally most concerned with risks that are impacted by innovation and expanding business models.
Gap exists between risk ID and mitigation
For seven of the top 10 risk issues identified in this year’s survey, CMT companies face a gap between identifying the risk and mitigating it. Moving forward, it will be critical for CMT risk professionals to demonstrate how risk mitigation strategies can add value to an organization beyond the purchase of insurance policies.
Here are the top 10 risks for CMT companies:
10. Contingent business interruption
Contingent business interruption results from an interruption of business at the premises of a customer or supplier.
What happens if a supplier's data centers go down? In 2016, data center network outages and contractual obligations caused numerous disputes.
9. Mergers and acquisitions
Mergers and acquisitions (M&A) and restructuring increase uncertainty. Eleven megadeals valued above $10 billion each occurred in the technology industry in 2015, and the first three quarters of 2016.
In addition, communication services companies have stepped up acquisitions of content creators.
8. Directors and officers liability
Increased regulatory scrutiny is impacting the D&O loss landscape and driving coverage demands.
7. Multinational exposure
In today's global business environment, multinational corporations face heightened risks. An event overseas can trigger major disruptions, especially in a variety of key supply chains.
6. Business interruption
Natural disasters, terrorism, riots and cyberattacks are examples of events that can cause a business to suspend operations or limit their hours.
Cyber-related disruptions to business come in many forms, from breaches that take down systems to denial-of-service attacks that clog a company's web-traffic pipeline and prevent it from doing business.
5. Regulatory compliance
New regulations and contractual risks are increasing for CMT organizations. For example, the Federal Communications Commission (FCC) passed sweeping privacy rules for internet service providers, the European Union and the U.S. agreed to the Privacy Shield Framework and sharing economy regulations have increased.
Fifty-seven percent of companies said regulatory risk was of great concern, yet only 23 percent of those companies believe they are adequately protected against regulatory risk.
4. Employee safety
The risk of employee safety was the highest in terms of reported losses among the Marsh survey respondents. The high level of concern points to an understandable desire to keep people safe and an acknowledgment that workplace injuries can lead to significant settlements.
3. Intellectual property
Intellectual property (IP) theft doesn't often result in a loss for CMT companies. In fact, only 6 percent of survey respondents said they had experienced such a loss in the past few years. But the severity of such a loss, while difficult to quantify, is potentially enormous, helping put IP theft at the number three spot on the list of top CMT risks.
Despite ranking IP as a top concern, only about one quarter of the companies surveyed reported buying IP insurance. Why? Answers ranged from: “It’s too difficult to quantify,” to “It doesn’t provide enough coverage.”
Companies may be overlooking risk transfer options for intellectual property.
2. Technology errors and omissions
Sixty-nine percent of companies said tech errors and omissions (E&O) risk was of great concern, yet only 45 percent of companies believe they are fully protected against tech E&O risk.
1. Data security and privacy
U.S. organizations are on track to invest just over $230 billion in the Internet of Things (IoT) in 2016, growing to $370 billion by 2018, according to International Data Corp.
This new world of connected devices promises insights on which companies can base strategic decisions. But the ability to obtain more information brings the responsibility to use that data appropriately, maintain customers’ privacy, and practice effective cybersecurity.
Some of the risks of hyperconnectivity were made clear in October 2016, when hackers used millions of connected devices to launch a large-scale attack on a key provider of the internet backbone.
Also in 2016, the Gawker/Hulk Hogan lawsuit surfaced new questions about privacy expectations for public figures, while the FBI requested that manufacturers aid in unlocking smartphones, raising ethical concerns.
More than three quarters of respondents said cyber was a top concern, but only 36 percent said they believe it's mostly or completely mitigated.
As the CMT risk environment grows more complex, the role of risk professionals becomes increasingly vital.
4 ways risk managers can add value to CMT organizations
1. Commit to risk assessment.
- Engage in frequent review of current and emerging risks.
- When rolling out new products, ask if they bring new or nontraditional risks.
- Determine what processes are in place to assess risk exposures in fluid areas like cyber risk, technology errors and omissions, and contingent business interruption.
2. Apply data to decision making.
- Understand your company’s approach to quantifying critical risks or loss scenarios.
- Calculate your company’s risk bearing capacity and view on the cost of risk capital.
- Determine the price at which it makes sense for your company to retain, versus transfer, selected risks.
3. Engage and educate.
- Establish a plan to educate and involve colleagues in risk discussions.
- Understand how your company engages risk management in the product development and/or sales process.
- Ensure you have a plan to engage senior leadership, board members, and shareholders in discussing risk priorities.
4. Foster excellence in execution.
- Identify the top priorities given to your risk management team by executive leadership.
- Understand the day-to-day demands on your team, and which are deemed to be critical by key stakeholders.
- Determine an effective balance between capital and asset protection on one hand and near-term budget and cash-flow management on the other.