Tag Archives: risk management

‘Fake News’ Reaches Risk Management

With all the legitimate concerns about the wildfires in the West, I was dismayed to see that people in Oregon were declining to evacuate because they were convinced that antifa would loot their homes. To try to catch members of antifa, vigilantes even set up roadblocks and demanded that those trying to leave present ID.

Authorities have said that, despite the rumors, there is no evidence of any involvement by antifa in setting fires, and there have been no reports of looting. But such “fake news,” amplified on social media, is complicating crisis management in Oregon. I’m afraid the pernicious effects of “fake news” will only grow — and massively — for risk managers.

What’s happening with wildfires will surely happen, in exponentially greater fashion, when a vaccine for the coronavirus becomes available, likely within the next several months. We’ll head into a stretch where “fake news” about a vaccine could easily overwhelm real news and real science, given the environment of fear about the virus and suspicion about political motivations. Rumors, and even deliberately faked “news,” could determine millions of decisions about whether to take the vaccine, whether to fully reopen businesses and schools and whether individuals will try to resume their normal lives.

In a thoroughly rational world, risk managers could make thoroughly rational decisions about how a vaccine would be rolled out. Then risk managers could advise on how quickly offices, factories and small businesses could safely reopen and on the myriad other issues that will face companies as we try to feel our way back toward the pre-COVID economy.

But we don’t live in a thoroughly rational world. We live in what some call a “post-truth” world, where likes and shares on Facebook matter more than veracity, where the debunked “Plandemic” conspiracy video carries more weight for many than public health authorities do. We vote on truth these days, certainly when deciding what journalism to believe but even when choosing what science to accept. So, anyone who wants to predict what risks will look like over the next six months to a year, as the vaccine rolls out, will need to channel his or her inner Nate Silver.

Even in the best of circumstances, the next six months to a year would be tough for risk managers to plan for. The FDA will approve a virus as long as it’s 50% effective (once it’s determined to be safe), which leaves a lot of room for indecision. Those in vulnerable groups will still be cautious if told a vaccine is only 50% or 60% likely to protect them. At some point, through vaccines and through immunity achieved the hard way, by getting sick and recovering, enough people will become protected that we will achieve herd immunity — but at what level does that happen? I’ve seen estimates ranging from 20% to 80% as the level of immunity that needs to occur in a population to render us generally safe. There’s a lot of room for uncertainty between those numbers. And it’s not clear how long immunity will last — it could be as little as several months. Until people know how safe it is to venture out again, and start acting predictably, all planning will be iffy.

Now consider our actual circumstances and all the misinformation — and even disinformation — that will be tossed into the mix.

The Trump administration has pushed a political agenda that has often run roughshod over the science on issues related to the pandemic (hydroxychloroquine, masks, convalescent plasma, etc.). At times, the administration even contradicts itself, with the president saying one thing while public health authorities may say something very different. So, even if the president declares victory on a vaccine, many people might see that claim as “fake news.”

Those ignoring of disputing the president could, in turn, spark a reaction from his supporters, which could produce the kind of political divide that occurred over wearing masks and create the sort of angry environment that fosters misinformation and disinformation. Michael Caputo, a spokesman for the Department of Health and Human Services, may have given us a taste of what lies ahead when he bizarrely claimed over the weekend that there is a “resistance unit” within the Centers for Disease Control where officials are willing to commit “sedition” to undercut the president and that “they’re going to have to kill me.” [Note: After this article was published, Caputo apologized for his remarks, then announced that he is taking a 60-day leave of absence.]

The anti-vaxxers will have their say, too. So may the Russians and any other foreign actors interested in stirring up confusion and rancor in the U.S.

“Fake news” is going to have its way with us, complicating every decision that we make as individuals, as families and as leaders of our organizations as we try to determine the pandemic’s risk over the next six months to a year. Pity the poor risk managers who have to predict how all those individual decisions will play out, so they can spot the key risks and help all of us mitigate them.

Fasten your seatbelts, then check your airbags. Okay, maybe put on a helmet and some body armor, too.

This will be a bumpy ride.

Stay safe.


P.S. On a personal level, I ask that we all be the place where rumors go to die. Having spent too much time on Twitter, I’d say the most dangerous words known to man are, “Interesting, if true” — which almost always introduces some article that has a 0.0% chance of being true. I think we’ll all be better off if we only share information that we’ve personally vetted and would be prepared to defend on a witness stand.

P.P.S. Here are the six articles I’d like to highlight from the past week:

Creating the Future of Distribution

Having partnerships and an ecosystem becomes very strategic as insurers expand their reach and presence to where their customers will be.

For Agents, COVID Means Digital or Bust

Survival in the era of COVID-19 will be determined by the independent agent’s ability to implement digitization.

How to Evaluate AI Solutions

There are five main concerns when implementing regulatory technology, especially AI technology, in the financial sector.

You Can Still Have Personal Interactions

The challenge in these socially distant times is how to create real relationships with customers despite so much of the exchange being digital.

Navigating Security in the Remote Paradigm

While companies having been improving during the work-from-home phase, bad guys have been busy, too–and deep fakes are getting scary.

What My $18,289 Medical Bill Says

Systemic problems don’t sound catchy, don’t boil down to one sentence and take time to implement — but we need systemic solutions.

Overcoming Human Biases via Data

Managing business risk is a tricky thing. With an appetite too small, opportunity could be lost, but taking on too much risk could hurt profit and performance. 

Companies that are not thinking about risk are at risk!

Making the move to proactive risk management requires a culture shift, but 65% of organizations say they’re still operating with “reactive” or “basic” risk management response. Mature companies often take a strategic and calculated approach to risk management. Considering that risk = probability of occurrence x severity or consequence, mathematic analyses can help organizations avoid preventable pitfalls. Risk modeling using advanced statistical techniques has developed to align theoretical risk with real-world events and provides C-suite decision makers with quantifiable support needed to make data-informed decisions.

A Five-Step Approach to Data-Driven Risk Management

Where do smart companies start when they want to begin addressing risk? Data. 

To understand risk beyond “gut feelings” and anecdotal evidence, companies need to leverage the information that is available to them – especially in today’s data-saturated environment. These five steps can outline your path to data-informed risk management.

  • Step 1: Collect your data. Often the most difficult step, identifying the right data to inform your analysis, is critical. We all know that “data is out there,” but not all data is created equal. For best results, explore different dataset options, take the time to understand how this data was collected and then clean data to ensure any risk analysis is both relevant and actionable.
  • Step 2: Develop a risk model. Risk modeling allows teams to include contextually relevant predictors and relationships. If historical data exists for current risks, create an empirical model to articulate key predictors. If analysis focuses on emerging risks where no data exists, craft a theoretical risk model based on the relationships you do know.
  • Step 3: Explore differing scenarios. There are probably a few risk scenarios that keep you up at night. Use your model to understand the likelihood and loss of these potential events. Estimate losses for each scenario in a metric that’s meaningful to your audience. Money? Time? Human capital?
  • Step 4: Share your findings. Now it’s time to tell your story. This is where data geeks sometimes “lose their audience.” Your analysis is ineffective if decision makers do not understand the implications.  Share your findings in a way that is meaningful using relevant metrics, data visualization and scenario storytelling. In practice, this means avoiding abstract metrics in favor of direct impacts — such as potential revenue loss or downtime — and possibly using infographics to support cause and effect narratives. Connect the dots between risk and results with a relevant story that ends with actionable advice.
  • Step 5: Enable action. As Theodore Roosevelt once implied, sharing a problem without proposing a solution is called whining. Once you’ve presented your model and your findings, you will likely have an understanding of the leading risk factors. Let these factors inform your recommendations for risk mitigation. This will help decision makers prioritize their resources for maximum impact. 

Sometimes, data isn’t enough

Not surprisingly however, data isn’t always enough to instigate change. As anyone who’s listened to the news lately knows, data can be manipulated and interpreted in different ways. Sometimes, we see what we want to see – it’s in our psychology – and the C-suite is not immune to this. To be human is to be biased. 

Therefore, communicating risk with data is a strong technique for neutralizing the effects of human biases, but one should be aware of common predispositions that often arise when people assess risk.  

See also: Claims and Effective Risk Management

To Be Human Is to Be Biased

The famous psychologist Daniel Kahneman highlighted the fallibility of human cognition in his work to discover inherent human biases. These biases evolved over millennia as coping mechanisms for the complex world around us, but today they sometimes impede our ability to reason. The challenge is that many of us are not aware of these biases and therefore unknowingly fall victim to their influence.

“We can be blind to the obvious, and we are also blind to our blindness.” – Daniel Kahneman 

There are a few important biases to be aware of when presenting your risk analysis and recommendations. 

  • Conservatism bias: People are comfortable with what they know, and we show preference toward existing information over new data. As a result, if new data emerges suggesting increased risk, an audience may resist this new information simply because it’s new. 
  • The ostrich effect: No one likes bad news. When it comes to risk, people tend to ignore dangerous or negative information by “burying” their heads in the sand like an ostrich. But just ignoring the data doesn’t make the risk go away. A strong culture of risk management will help negate this effect. 
  • Survivorship bias: Biases can work toward unsupported risk tolerance, as well. With survivorship bias, people only focus on “surviving” events and ignore non-surviving events (or those events that did not actually occur). For instance, a company’s safety data may show a lack of head injuries (surviving event), and decision makers may believe there is no need for hard hats. 

Communicating risk with data is an excellent start toward shifting your work culture to one of predictive risk management, but we cannot forget the human element. As you share your models, data and findings, remember to address potential biases of your audience… even if your audience is unaware of their own human susceptibility!

Six Things Newsletter | August 11, 2020

COVID-19: The Long Slog Ahead

Paul Carroll, Editor-in-Chief of ITL

While sorting through the latest studies and projections about the path of the coronavirus this past week, I was hit in the face with a veritable two-by-four by a piece in Medium by my old friend and colleague Sam Hill. Sam, an all-around smart guy who may be known to some of you because of some high-impact consulting he’s done in the insurance world, writes that, even under the best of scenarios, we’re probably looking at the end of 2021 before the world might return to normal.

Let that sink in for a minute. More than 16 more months of this, in one form or another… continue reading >

Winning With Smart IoT in P&C

What if I told you that insurers could attract customers with smart home devices that generate interaction seven to 10 times A DAY?

Learn More


Why Work-From-Home Threatens Innovation
by Stephen Applebaum

Non-insurance competitors such as Amazon, Google, Tesla, Comcast, General Motors and many others are not standing still, and neither should insurers.

Read More

How Insurers Are Applying AI
by Tiffany Wang and Jeff Goldberg

Insurers should not invest in technology-driven projects; instead, look for use-case-driven projects.

Read More

‘Scalable Compassion’ in Workers’ Comp
by Thomas Ash

As much as claims representatives want to help individuals, there has been no feasible way to provide compassion at scale.

Read More


Optimizing Care with AI in Workers Comp Claims

In workers’ compensation, we’ve all seen seemingly basic claims morph into catastrophic claims.This free on-demand webinar, sponsored by CLARA analytics, lays out a tangible solution that realizes the promise of AI.

Read More

Panic Pricing May Be a Bad Idea
by Wayne Allen and Guy Fraker

While raising rates might be how the industry has responded to uncertainty in the past, there are reasons not to do so now.

Read More

Claims and Effective Risk Management
by Christopher Mandel

How you prioritize claims and related activities will have significant effects on how you can contribute to organizational success.

Read More

5 Things Here to Stay, Post-Pandemic
by Chad Levine

While responses to where and how people work have varied, several effects on workplaces from the pandemic will persist even once it subsides.

Read More


Write for Us

Our authors are what set
Insurance Thought Leadership apart.
Get Started

Partner with Us

We’d love to talk to you about
how we can improve your marketing ROI.
Learn More


Share Share
Share Share
Tweet Tweet

How Risk Managers Must Adapt to COVID

Risk managers who specialize in catastrophe planning and pricing are coming to grips with the idea that the financial cost of today’s pandemic will dwarf last decade’s​ ​historic​ losses from natural disasters and cyber hacking. According to researchers​, insurers kept pace last decade, saving lives and mitigating the economic hit, through increased use of data analytics and technology in risk modeling and claims processing. Today, the global scale of the pandemic’s economic fallout makes it more urgent for insurers to adopt and upgrade their digital enablement strategies quickly.

But, given the industry’s large base of cumbersome legacy systems, insurers notably​ ​lag behind other market sectors in adopting these much-needed innovations. To modernize core risk management systems and future-proof policy underwriting processes at the scale and speed required, ​experts​ say low-code application development tools should be incorporated within the enterprise.

“Low-code”— a visual development approach for building software using drag-and-drop components that is transforming the way applications are built — has been​ ​vetted​ by analysts as a powerful and effective means to reach a strategic end. For risk managers, that goal is to jumpstart the targeted use of next-generation capabilities, including cloud-based software deployment, artificial intelligence and augmented reality/virtual reality, all of which can be integrated into legacy systems with low-code tooling. Each has a specific way of empowering lean teams of specialists to handle the coming spike in claims, sort through market confusion, conduct complex tasks remotely and assess new sources of risk, while relying on core systems to maintain daily operations.

How Low-Code Bridges the Gap

First, a robust, low-code development platform enables a diverse talent pool of business experts to collaborate with IT teams and coding professionals. This approach captures the knowledge, expertise and iterative feedback of business-focused experts throughout the entire software development lifecycle, enabling quick deployment of customized, targeted software for web and mobile use.

Second, the underlying architecture of low-code platforms prioritizes integration, connectivity and openness. This enables enterprises to extend their digital capabilities with next-gen innovations while keeping their legacy systems’ core clean and secure.

Here are four aspects of technology enablement that empower risk managers to handle newly scaled-up demands and position the enterprise for success in the “new normal.”

The Cloud Enables Resilience

Compared with other business verticals, the insurance industry is late to adopt and fully leverage cloud-based software deployment. A 2019​ ​Deloitte survey​ on insurance trends found that nearly half of all respondents — 48% — were comfortable with a three-year time frame to adopt cloud technology.

But pandemics have a way of rewriting the rules. Today, risk managers are working remotely and require access to data and workflow processes often managed on mainframes. More than one insurance firm recently experienced operational delays when its data centers were hit with connection challenges. Ops teams were not allowed to go onsite to restart these systems until state officials modified their shelter-in-place orders.

In contrast, cloud-based operations are highly resilient. By design, the cloud enables business continuity from small and large interruptions, with a rolling system of global availability spread across geographically dispersed locations. Cloud-based operations today play a vital role in enterprise business continuity, including an insurer’s own disaster recovery strategies.

The low-code platform is cloud-native, offering the security of housing systems remotely and enabling seamless workforce access from anywhere. Regardless of what triggers a systemic shutdown, cloud-based systems will mitigate the impact.

See also: Where Were the Risk Managers for King’s Landing?  

Multi-Cloud Deployment Options Add Security

The majority of insurers have delayed cloud adoption due to data security and regulatory compliance concerns. To date, many firms still place their trust in on-premises data centers. However, cloud providers have evolved their product offerings to meet a wide range of enterprise cloud deployment strategies.

Companies requiring maximum security can adopt a fully private cloud model, or a hybrid model with the ability to “burst,” moving things to the public cloud when disaster hits or when demand spikes. Risk managers should also consider that the major cloud providers have the resources to hire the world’s best security engineers, a valuable and cost-efficient means of supplementing internal security capabilities.

AI Accelerates and Automates Contract Liability Assessments

As closures, cancellations and supply chain disruptions affect businesses, policyholders will file more and more claims. Risk managers also face uncertainty from mounting legal challenges, as underwriters are pressured by state governments and organizations to use business continuity policies to cover losses from government mandates to shelter in place, overriding existing contracts.

Business continuity policies are highly complex legal documents. Enterprise legal teams can quickly run out of bandwidth to evaluate contract liabilities triggered by the pandemic. While it is incumbent on brokers and underwriters to analyze existing contract language to map out covered risks and exclusions during these extraordinary circumstances, they need help to get it done accurately and in a timely fashion.

Applications built with low-code tools can integrate back-end systems with AI and natural language processing tools to review and flag contract language and risk mitigation strategies to ensure proper coverage. Here again, collaboration is key. Input from risk managers, executives, legal experts, process executors and IT professionals is needed to map out a firm’s current level of risk exposure, evaluate its preferred risk appetite and adjust strategic planning. Because it employs a visual “language” understandable by both technical and non-technical personnel, low-code is a powerful collaboration tool for conceiving, building and deploying digital solutions that address the massive disruption triggered by the pandemic.

Quality Assurance and Training Can Be Digitized

The limited number of risk management specialists is a challenge for the industry. Their ranks will never be large enough to thoroughly execute the tasks of onsite assessment and analysis, especially during and in the aftermath of a pandemic.

Risk managers should already be working with a checklist of qualitative items, including operational risks and associated controls, plus event and escalation triggers for risk identification and measurement. Too often, these essential processes are paper-based or stored in Excel documents. One solution to streamline these processes would be a customized mobile application combining a digitized checklist with a time-stamped photographic inventory of a plant or facility. Such an application would also improve training, documentation and knowledge transfer when new risk managers join the team.

See also: 3-Step Framework to Manage COVID Risk  

With current restrictions on business travel, the case for augmented reality tours through plant operations and factory floors makes economic sense. It may sound futuristic, but low-code developers have already integrated augmented reality into warehouse management tasks, insurance claim workflows and even cancer detection by radiologists. Similar capabilities could be leveraged by the risk management industry to confirm a range of safety standards and to analyze visual information that may require a specialist.

Collaborative Digital Initiatives to Power in the New Decade

With revenue taking a big hit, it’s key to remember that risk and recovery are two sides of the same coin. To speed the recovery process, risk professionals must help the enterprise understand the risk profile of every potential customer and reduce the overall risk profile of the organization.

Low-code application development in the cloud, along with AI, AR and other ascending technologies, can bring visibility to otherwise hidden relationships and liabilities, while ensuring that data is understood, available and actionable Risk managers and C-suite executives need to champion innovative technologies that can scale up an effective response and protect the bottom line, speeding the pace of digital adoption from ​later​ to ​now.

3-Step Framework to Manage COVID Risk

For insurance leaders, the full impacts of the COVID-19 pandemic will unfold over the coming months, but the rapid evolution of the crisis is forcing organizations to constantly evaluate how they are responding today.

Realistically, most business continuity procedures will prove inadequate. Very few would have planned and provided for a global crisis that kept virtually all of their workforce sequestered at home for weeks or months. Because there is no proven methodology for what we’re navigating today, organizations are having to collaborate virtually, sometimes on a global scale, to rapidly adapt business operations, frequently and simultaneously across several businesses on very short time cycles. Some solutions will succeed, and some will not. Others might not work until conditions change. Also, business decisions driven by the current situation will create unexpected demands on operation risk management. For example, several insurance carriers announced premium credits to their auto policyholders due to a significant drop in usage. Such decisions will require an ability to process large volume of one-time transactions, in a controlled yet customer-friendly manner.

In these conditions, insurers need a more comprehensive yet customizable approach to assess operational risk quickly and dynamicly and chart responses to COVID-19. 

Organizations should undertake a three-step approach to better understand the impact of the coronavirus on their operations, identify high-impact and high-priority areas, assess new and increased risks and develop actions to address business critical priorities.


Companies should use an integrated process-health check that brings together business continuity process and crisis management teams to define and implement targeted response decisions. A thorough assessment will identify gaps specific to the current pandemic, as well as heightened or new risks.

Some of the factors that have increased risks under COVID-19 and affect processes include:

  • Dependency on technology that is less effective when working from home 
  • Activities that require physical interaction, such as check printing and mail rooms 
  • Activities that rely on in-person interactions and meetings
  • Numerous process handoffs, particularly across functions 
  • Regulatory constraints such as time-sensitive and mandatory requirements

Insurers must quickly document processes severely affected by the current crisis and identify areas with a high number of manual touch points and mandatory in-person interactions. Companies need a framework agile enough to provide leaders with increased visibility into their processes, including changes to daily tasks, implications for working remotely and identifying tasks that cannot be handled without manual intervention. The right framework should also highlight regulatory risks for non-compliance and potential impact on quality assurance procedures.

Using strategies such as a lightweight, questionnaire-based approach, leaders can gather insights into their processes that account for the impact of COVID-19 in two to three business days and require minimal time from process owners. Responses to a well-designed questionnaire will not only identify process gaps specific to the current crisis but will also find candidates for future improvements and innovations. 

See also: Rethinking Risk Management in a COVID-19 World


A centralized and purpose-based response structure works best to solve company-wide issues for many carriers. Key decisions related to organizational priorities, customers, employees and costs must be made in the face of uncertainty and incomplete information. Central ownership and accountability in the form of a dedicated response team will ensure a consistent, iterative approach and effective risk management.

The right framework captures this information and ranks it from both business criticality and risk perspectives. Once risks have been identified and prioritized, operation leaders should align on potential scenarios and recommended solutions. While recommendations will vary across organizations and functions, they will typically include:

  • Identify processes that have changed during COVID-19 and implement new process steps on an interim basis. Rapidly create or update existing process map documentation and communicate this information to relevant stakeholders
  • Identify new risks, controls and testing procedures. Develop plans to reinforce controls that have been relaxed in any transitions to work-at-home
  • Identify and recommend changes to employee responsibilities including deprioritizing non-business critical activities, and the strategic navigation of key business continuity process resources
  • Supplement processes with additional collaboration tools to enhance remote work output, such as digital check printing solutions, document sharing tools and other interventions.

Business leaders know they need to act now instead of waiting to design the perfect solution. Senior executives should communicate to business units and function leaders a broad outline within which solutions should be developed. Such guardrails are usually based on the organization’s vision, culture, business critical requirements and other non-negotiables. Then, the focus of operations leaders must turn to segmenting the overall organization response strategy into actionable plans for their responsibility areas. Clearly, action plans should be detailed enough to include ownership, timelines and measurable, expected outcomes.


Response managers must also establish feedback loops to monitor the efficacy of their response strategy and tweak it as required. New challenges will emerge. Unanticipated situations will develop, and a significant percentage of responses will at least partially fail to meet their objective. In these scenarios, an agile, test-and-learn approach allows leaders to adapt to changing requirements as quickly as possible. Following are a few agile principles that would allow leaders to strike a balance between business support and risk management, and move forward with speed:

  • Build and deliver working solutions, with a preference to short time cycles 
  • Learn and change. Be creative and promote non-standard solutions 
  • Set up cross-functional and diverse response teams 
  • Clearly define ownership and outcome expectations 
  • Hyper-track progress, using frequent touch points

Every crisis presents opportunities, and some companies will come out of this crisis stronger. Post-crisis, speed and agility to adapt will differentiate the leaders from laggards in this new normal. According to a McKinsey study, companies that managed the 2008 financial crisis with speed, discipline and resiliency saw 30% increases in revenue and big reductions in operating costs during the recovery. 

See also: 7 Biases Customers Have About Risks  

There is an opportunity to accelerate an agenda advancing the future of work as companies consider an environment that promotes virtual teams, provides online collaboration tools to employees and uses digital operational capabilities to supplement human workers. As operations stabilize and the new normal takes hold, the response team should pivot and identify opportunities to continue to transform. This will allow companies to leverage learnings from the current crisis and build stronger crisis response capabilities.

An adaptive risk assessment framework approach requires a strong alignment among functional and operations leaders. It also requires a status cadence that allows a quick rollout of actionable recommendations, rapid reviews of their impact with process owners and the ability to course correct frequently.